Professional Services Businesses Need Your Help with Cybersecurity

Don’t overlook the need for robust security solutions for legal, accounting, real estate, insurance, and other professional services businesses.

When data breaches make headlines, it’s common to hear about cyberattacks on retailers, restaurants, healthcare, and hotel chains. Value-added resellers (VARs) and managed services providers (MSPs), informed by this news, may focus on the undeniable need for cybersecurity solutions in these verticals. Your other clients, however, including professional services offices of all sizes, need your help as well.

Here is some proof: The American Bar Association’s 2017 ABA Legal Technology Survey found that 22 percent of law offices were hacked or the victims of data breaches in 2017.  From 2014 to 2018, a review of data from public accounting firms in Maryland revealed 132 data breaches, most involving small firms.  And, the Global Information Security Survey found that 91 percent of real estate offices say their current cybersecurity solutions don’t meet their organization’s needs.

In these cases, hackers aren’t necessarily after payment data, but they can score volumes of personally identifiable information (PII) or can hold mission-critical data for ransom at professional services offices. Hackers may also see these offices as low-hanging fruit — they can steal and monetize more quickly than by targeting other types of businesses. They know small offices probably don’t have in-house IT security staff, and they’re counting on you to be focused on helping your merchant clients comply with PCI, not on protecting the office around the corner.

Chris Crellin, Senior Director of Product Management for Barracuda MSP, points out as security threats become more sophisticated, and many in-house organizations don’t have the necessary expertise or skillset to fully secure their businesses, many professional services organizations are turning to MSPs to secure their offices.

Furthermore, A Hyperproof survey found that the biggest frustration most organizations have is the time they have lost managing the compliance process. “This is where an MSP with security expertise can really come in and seize the opportunity,” says Crellin. “Not only will MSPs become vital to securing these businesses, but they are also in a unique position to automate compliance processes across multiple customers, allowing them to provide these services at a much lower cost than any organization could do on their own.”

Benefits of Becoming a Specialist

An attempt to understand the types of threats that any type of business are vulnerable to, the specific risks they face, and their compliance requirements is a tall order for a single MSP or VAR business. “When it comes to securing legal offices, this presents the challenge of protecting attorney-client privilege. Also, certain industries and vertical markets have their own specific compliance requirements such as FINRA for financial services,” says Crellin.

“Not only is it important to secure these offices from breaches occurring, but MSPs need to be careful when they are managing the data itself — viewing legal or financial information, even accidentally, can have consequences,” he adds.

The security solutions you provide can also contribute to innovative solutions for the verticals you serve. “For example,” says Crellin, “Security solutions can assist MSPs’ clients in the legal industry with e-Discovery in the event that they need to collect, review and exchange information electronically for legal purposes.”

While specializing in security solutions for specific verticals or niches can allow you to enhance the quality and effectiveness of the services you provide, it can also benefit your business. “By specializing in a vertical, such as the financial industry, MSPs can build a brand within a specific market. By having that brand reputation, other financial institutions may be more confident in knowing that XYZ MSP has successfully protected top branches and is familiar with the specific needs of the financial industry,” Crellin says. He concedes, however, “Depending on where the MSP is located and the markets that are prevalent in that region, specialization might not always be feasible.”

Must-Have Components of an Effective Security Solution

Crellin says it’s important for MSPs and VARs to address four common challenges when providing cybersecurity solutions to professional services offices, as well as clients in the other verticals you serve:

  1. Password best practices: “MSPs should focus on teaching clients how to create strong passwords, as hackers have become very skilled at stealing weak ones. Employing a password manager that can create strong passwords and store them securely is a good start. Also, requiring users to revalidate or reset/rotate their passwords on a regular basis is another way to prevent hackers from being able to access their data. MSPs should also ensure that clients are not using the same password across multiple different systems or log-in credentials.”
  2. Multi-factor authentication (MFA): “MFA puts more obstacles in the path of hackers and creates more barriers to protect users’ data. MFA involves requiring users to use two different methods to verify their identity. This is usually something you know, such as a pin or a password, and then validating it through a device, such as a mobile phone, email, or a fob. With the proper implementation, MFA significantly reduces the security risk of those employing it, without additional complexity.”
  3. Access control: “Granting access to sensitive files and data to additional users can be a slippery slope. For each shared file, MSPs should require their clients to assign an ‘owner’ that will know who within the organization needs access or should be requesting access, if they don’t have it already. If an individual who does not have clearance — or reason to need access to the resource — attempts to access it, the owner can alert the right contacts. Limiting access and maintaining an overall sense of awareness will be particularly effective in preventing valuable internal resources from falling into the wrong hands.”
  4. A multilayered security strategy: “With today’s advanced threats, it is important for businesses to secure every threat vector. The days where you could deploy a single firewall or implement spam filtering are gone. Now, it is important for businesses to take a multi-pronged approach to security. This includes adding components like spam-filtering, sandboxing, AI and machine learning, disaster recovery, and more to your security offering.”

Protect Your Clients’ Businesses and Yours

Crellin stresses that its paramount for MSPs and VARs to do their due diligence to ensure all business-critical data is safe. “‘Winging it’ when setting retention policies for clients, for example, is one major mistake,” he says.

“In terms of the financial and legal industry, this might mean making sure there are extra backups and precautions in place to ensure that all data is safe from looming threats,” Crellin says. “MSPs should communicate with their clients to properly find the sweet spot in terms of length of retention, amount of data being kept, and the cost of the retention for each client. By checking in regularly, MSPs can ensure that business- critical data is protected, regardless of any changes.”

Keeping data safe is not only vital to your clients’ professional services businesses. It’s vital to yours. Crellin says, “Having a client’s information jeopardized by a cyberattack would do significant damage to an otherwise trusted MSP’s reputation. Security solutions aren’t just a ‘nice to have.’ They’re a necessity to protect your business as well as your customers’ from today’s advanced threats.”