By Manny Veiga, Intronis, Inc.
When negotiating a contract with potential clients, there are a few issues MSPs will want to take note of that will not only strengthen their positions presently and in the future, but also help prevent data storage and security threats from manifesting.
Employee control and training is critical
A recent survey from BeyondTrust identified some alarming trends among businesses that would be prudent for MSPs to address in the negotiation and implementation process. The report, "Privilege Gone Wild," found that companies are allowing staff members to have far more access to sensitive information, data and systems than their respective roles require.
For example, the research revealed that 28 percent of respondents had knowingly retrieved information that was unnecessary to their jobs, with nearly half claiming to have accessed documents on salaries and personnel and almost one-quarter viewing financial reports.
Companies are not unaware of these risks and, in fact, more than 75 percent believe they will only continue to grow over the coming years. Furthermore, 80 percent of firms thought it was likely that employees would access sensitive or confidential data to satisfy curiosity.
"Allowing any employee unfettered access to non-essential company data is both unnecessary and dangerous and should be an issue that is resolved quickly," said Brad Hibbert, executive vice president of product strategy at BeyondTrust, in a statement.
Curiosity could kill the company
While in many cases, curiosity is benign, human error is one of the leading causes of data breaches across sectors - whether it's leaving data unencrypted, failing to properly dispose of hardware or putting in place lax security controls, such as simple passwords.
MSPs can help manage these risks - and what they are ultimately held accountable for - by forging a closer relationship with prospective clients. Before signing a contract, visit their offices to see how they are already using technology and protecting data. Do they already have protections in place? Have they safeguarded machines? What are they doing in terms of business continuity planning on a more basic level?
The answers to these questions may help you better tailor your solutions to what clients need as well as highlight potential red flags associated with other technologies they use, establishing you as an expert and trusted business partner.