Skip to content

Transforming MSP Security: From Bad Habits to Best Practices

When I first started my Managed Service Provider (MSP) business, I naively believed that hiring skilled technicians was the golden ticket to success. Little did I know, these tech wizards often came with their own set of “creative” approaches to processes—some bordering on the absurd. Over time, I realized that identifying and rectifying these bad habits was crucial, not just for efficiency but for security as well.

The “Password123” Epidemic

Early on, I discovered that one of my techs had a penchant for setting up new user accounts with the password “Password123.” His rationale? “It’s easy for clients to remember.” Sure, and it’s also easy for hackers to guess.

What to Look For:

  • Bad Process: Using weak, default, or easily guessable passwords for client accounts.
  • Good Process: Implementing a policy that enforces strong, unique passwords for all accounts, coupled with multi-factor authentication.

Steps to Execute:

  1. Establish a Password Policy: Define requirements for password complexity, length, and expiration.
  2. Enforce Multi-Factor Authentication (MFA): Require MFA for all critical systems and accounts.
  3. Regular Audits: Conduct periodic checks to ensure compliance with the password policy.

The “I’ll Just Wing It” Backup Strategy

I once asked a team member about our backup procedures for a particular client. He confidently replied, “Oh, I just back things up when I remember.” Needless to say, this “strategy” didn’t fly.

What to Look For:

  • Bad Process: Inconsistent or ad-hoc backup procedures without a defined schedule.
  • Good Process: Automated, regular backups with routine testing to ensure data integrity and quick recovery.

Steps to Execute:

  1. Develop a Backup Schedule: Determine the frequency of backups based on client needs and data sensitivity.
  2. Automate Backups: Utilize reliable backup solutions to automate the process.
  3. Test Restorations: Regularly perform test restores to verify that backups are functional and data can be recovered swiftly.

The “Set It and Forget It” Firewall Configuration

A technician once bragged about configuring a client’s firewall in record time. When I inquired about ongoing monitoring, he replied, “Why monitor it? I set it up perfectly the first time!” Spoiler: He did not.

What to Look For:

  • Bad Process: Implementing security measures without continuous monitoring or regular updates.
  • Good Process: Continuous monitoring and regular updates of security configurations to adapt to emerging threats.

Steps to Execute:

  1. Implement Monitoring Tools: Deploy systems that provide real-time alerts for suspicious activities.
  2. Schedule Regular Reviews: Set up periodic evaluations of security configurations to ensure they meet current standards.
  3. Stay Updated: Keep abreast of the latest security threats and adjust configurations accordingly.

The “Documentation? What’s That?” Phenomenon

I can’t count how many times a tech would resolve an issue and, when asked for documentation, respond with, “Oh, I have it all in my head.” Great for them; not so great for the rest of us.

What to Look For:

  • Bad Process: Relying on individual memory for procedures and client configurations.
  • Good Process: Maintaining comprehensive, accessible documentation for all processes and client setups.

Steps to Execute:

  1. Standardize Documentation: Create templates for consistent recording of procedures and configurations.
  2. Centralize Storage: Use a shared platform where all team members can access and update documentation.
  3. Encourage a Documentation Culture: Emphasize the importance of documentation and incorporate it into performance evaluations.

The “One-Man Show” Support Approach

I had a technician who insisted on handling all aspects of a client’s support single-handedly. While his dedication was admirable, it became a nightmare when he went on vacation, and no one else knew the client’s setup.

What to Look For:

  • Bad Process: Allowing a single point of failure by not distributing knowledge and responsibilities.
  • Good Process: Encouraging teamwork and knowledge sharing to ensure continuity.

Steps to Execute:

  1. Promote Cross-Training: Ensure multiple team members are familiar with each client’s environment.
  2. Implement a Handoff Procedure: Establish protocols for transferring responsibilities during absences.
  3. Foster Collaboration: Use team meetings to discuss client issues and solutions collectively.

Tags:

UPCOMING DECEMBER WEBINAR ON AUTOTASK KANBAN

LEARN MORE

Upcoming webinar on the power of Kanban in Autotask!

How to (Autotask) Kanban Like a Pro
Register Now

In this webinar, Dustin Puryear, Autotask expert and MSP industry veteran, will show you how to set up Kanban boards in Autotask, integrate them with your workflow rules, and how to get the most out of them.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap