A recent disclosure of a data breach by Heartland Payment Systems; a leading payroll processing company that handles 100 million transactions per month for 250,000 businesses, offers a number of lessons for MSPs in keeping their customers protected from similar problems under their watch. Heartland Payment Systems' data was accessed via hackers who installed keylogging software and a sniffer program that grabbed credit card details during a millisecond of the transfer process when this information was not encrypted.
Heartland Payment Systems is not a small company – in fact, its purpose is to assist banks and businesses with payment transactions and to protect their clients from the very problems that they themselves experienced. If a company as large as Heartland Payment Systems can experience a major security breach – what can you do to keep your clients' data safe?
Security measures are becoming state mandated for both enterprises and SMBs, with Nevada and Massachusetts leading the pack by mandating; among other things, that companies encrypt the financial records containing personal data of all of their residents stored on any portable device, including laptops, cell phones and flash drives. As the requirements for mandating security measures become clearer, more states are expected to follow suit.
As a result of higher security requirements, small businesses that previously managed their own IT departments may seek out the services of Managed Services Providers to help them meet those requirements. For businesses already using MSPs, they'll expect higher security.
Here's what you can do to position yourself as a highly secure provider of Managed Services:
Make sure you spend time staying on top of the latest technology and regulations in the area of data protection. As you know, IT is constantly evolving, and you need to keep up to date with the evolution of data protection in order to understand and provide it effectively.
Always consider potential gaps in security throughout the entire lifecycle of data. Consider data at the bit level – from the source all the way to its final destination in order to understand your clients' data security needs.
Assess your own current state of security and look for ways to constantly improve. Seek out a fulfillment partner with the proper specializations to help you assess your own and your clients' risk levels if you do not possess these competencies internally, and develop remediation and ongoing testing strategies to stay in front of security threats and maintain compliance in these areas.