To create a security plan, MSPs need to start by assessing their clients’ risk.
By working with clients to examine and inventory threats, vulnerabilities, and assets, MSPs can create an effective baseline to help determine the proper security policies and procedures to put into place.
First, you’ll need to discuss the following four threat profiles with your clients to help them pinpoint the threats they are most likely to experience.
1. Malicious Insider
Someone associated with your client’s organization who wants to create harm, such as a disgruntled employee or contractor.
3. Accidental Insider
A client’s employee or contractor who is poorly trained in security practices. Examples include an employee who uses his birthdate as a password, and shadow IT, in which a department (such as marketing) bypasses IT to set up their own Dropbox account with a shared password.
2. Malicious Outsider
A hacker or someone involved in industrial espionage. Per the Ponemon Institute, these are the most frequent types of threats SMBs face, and typically the most expensive.*
*Ponemon Institute. “2017 Cost of Data Breach Study.” (June 2017)
4. Natural Disasters
Companies with facilities on a flood plain, in a tornado zone, or in an area that is susceptible to wildfires or other natural disasters can be at risk for losing critical assets.
Once you’ve discussed threat types, it’s time to do the vulnerability assessment. After all, the best cybersecurity in the world won’t protect your clients if they don’t address existing vulnerabilities within their organizations.