[SECURITY | 4 MIN READ] These days, people bring work with them on the road. When they visit the beach, they check and respond to email on their cell phones. They pound away on the keyboard, writing reports at the airport. They work on board presentations between sessions at conferences or plan the budget from the local Starbucks offering Wi-Fi access for the price of a pumpkin spice latte.
Yet traveling can be fraught with cybersecurity dangers, from stolen devices to insecure internet. As an MSP, you need to keep your customers safe on the road. Today, I’ll cover some important tips for people traveling for work or headed home for the holidays in November and December.
Preparing for the trip
Before anyone goes to the airport, you need try to secure their devices and data. You should already be doing these things, but make sure that you do these before the holidays or before executives leave for conferences:
- Patch: You should already regularly patch all systems under your purview. However, it goes without saying that sending customers on the road with an easily exploitable vulnerability could land them (and you) in heaps of trouble. Use a patch management solution that lets you deploy patches easily and force restarts as needed.
- Backup: Use cloud-based backup to make copies of critical, relevant data. This helps if a device gets lost, stolen, or broken. Having that data stored lets you quickly recover it to a new device when the employee returns to their normal nine-to-five.
- Encryption: Make sure data on any company-issued devices use strong encryption. If a device gets stolen, you don’t want hackers getting easy access to sensitive company secrets.
- Remote wiping: When picking an RMM solution, choose one that lets you remotely lock and wipe devices. If you followed the previous tip and encrypted the data, that should buy you time to remotely wipe lost or stolen devices.
Preparing your customers
As much as you can put safeguards in place, you also have to prep your customers to be on the road. Their employees must do their part. When offering security training to your customers (and to your own employees), cover tips on how to stay safe while working from outside the office.
However, one training session won’t cut it. Periodically remind customers of the key points, particularly before common travel times like early summer or right before the holiday season. Sending out periodic email reminders also helps reinforce your value as a service provide.
When you do, try to cover the following:
- Lost and stolen devices: Employees need to keep devices and company property on them or in a secure location at all times. Putting down bags and walking away leaves them wide open for thieves. Tell employees that if they lose a device or if someone steals one, they should report the incident immediately to your team. It’s important to emphasize to employees that they won’t get in trouble for losing the device—you don’t want to discourage them from reporting. The sooner you receive a notification of a lost or stolen device, the faster you can remotely wipe it and secure any data or accounts.
- Be suspicious of free Wi-Fi: While convenient, public Wi-Fi usage carries significant risks. Criminals can sit on a network, eavesdropping on traffic and data sent over the Wi-Fi. They could end up with passwords or sensitive data if the employee isn’t careful. Don’t assume that because a Wi-Fi point is password protected that it’s secure—you have no idea who’s using the hotel Wi-Fi at any given moment. Instead of using free WiFi, tell customers to either use their phone as a mobile hotspot or, at the very least, use the company’s VPN to access sensitive systems and data.
- Minimize use of public resources: Public charging stations in airports may help you if a phone is low on juice, but they’re also insecure. Criminals can swap out the USB charger to download data from a plugged-in device or install malware onto the device. Tell people to use their own chargers and wall plugs to charge their devices. Additionally, if someone needs to use a public computer, tell them to keep off sensitive systems.
- Personal devices: As an MSP, you can lock down devices under management. However, these days security has shifted from being device-centric to user- and data-centric. While you have little control over your customers’ personal mobile devices, you can warn them to take some extra precautions. At the least, have them make sure their personal devices are encrypted, use password protection (preferably using alphanumeric passwords rather than just a six-digit pin), and have automatic Wi-Fi connections disabled. Additionally, warn users to avoid checking in on social media until they get back. This is a personal tip for users, but they’ll thank you for keeping them from making it obvious to burglars they’re away from home.
Protect your customers on the go
The way people work has changed radically over the past several decades. As employees increasingly work from home or from the road, MSPs need to both support productivity and keep a tight rein on security. Make sure to follow the tips above and consistently remind your customers of their own part in cybersafety—you could prevent a major breach.
If cybercriminals do get hold of devices or user credentials, they can start launching serious attacks against your customers. To prevent this from happening, it helps having a password management solution that lets you quickly revoke access for accounts and change passwords quickly. SolarWinds® Passportal is designed to help you do just this—and shut down cybercriminals before they can do serious damage to your customers. Learn more at passportalmsp.com/ today.
Colin Knox is director of product strategy, SolarWinds Passportal
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.