Security means a lot of different things, depending on the situation. As tech types, when we talk about security we generally mean things like password security, identity and resource management, and physical security. But, as consultants and/or MSPs, security can mean so much more.
Remember the first time you cleaned up a client’s system and threw out all their email? Or that time your customer’s computer just up and died with no backup? Or the time your credit card was used to purchase $7000 worth of software on the other side of the world? No? Just me?
Security is Serious Business
We have to take our own security even more seriously than we take our clients’ security. There is much more to running an IT business than simply hanging out the shingle and selling Google Workspace or M365. We want our clients to think of us as their business partners and, in order to be reliable partners, we have to take care of our own stuff. That email question above? Yeah, that happened. It was many many years ago. The client had his personal POP account (yes, that’s how long ago it was) on his Powerbook 5300. The way Outlook stored it’s mail was, well, very specific. And I tossed the preferences folder and emptied the trash (as one did back then). The IT Department had refused to put the Macs onto the backup system and, well, I was pretty sure I was never going to be able to eat again and worried that I would be bankrupted by this mistake.
I summoned up all my courage and fessed up to the user. While disappointed, he actually took responsibility for the error as he was not supposed to have had any personal items on the company computer. Who has two thumbs and breathed a major sigh of relief?
I have certainly had clients’ hard drives go belly up without backup. Who hasn’t? And the reason is nearly always money – the client didn’t think it was a necessary expense. The accounting department (why does IT always seem to fall under Finance?) saw backup as a very expensive solution to a problem that may or may not happen at some point in the future. Point in fact: hard drive failure or document loss is inevitable.
And credit card theft? Yikes – what a pain. I recall having to call the credit card company to dispute that $7000 charge. Turns out, my card number was stolen by a restaurant staffer in San Francisco during MacWorld. It was the only place where they took my credit card from my view and where I had signed the carbonless form. Thank goodness those forms are gone, amirite?
How do these stories from the edge of darkness relate to Securing Your Consultancy? Glad you asked.
Smart Business is Good Business
The first thing I did after leaving that email-disaster client was find an insurance agent. Just the real idea that I could be sued was enough for me to spend some protection dollars. No, not THOSE kind of protection dollars…the right kind. The kind that insurance takes care of. My agent understood technology, he understood business, and he was able to craft a policy that protected me from stupid errors. What I didn’t know was that it also protected me when I was handed a counter suit (I had to sue a client for payment and, of course, he sued me for doing in 6 hours what he thought should be done in 30 minutes). My policy provided me with an attorney who went to bat for me and settled the mess. At no additional cost to me. That’s business security for sure.
Then there was the backup mess of client #2. Buying insurance caused me to have to hire an attorney to develop a contract (the rates were better if I had contracts in place with every client). Having a competent lawyer, skilled in working the tech industry is another security expense that is well worth the dollars spent. In the case of the backup client, I had them sign a Hold Harmless agreement in addition to my regular contract. That means that when their hard drive failed, they had no basis to sue me for negligence. Phew! Did I overthink client behavior or was it business security?
The last example, the credit card theft, was solved by the industry to be honest. At the time, there was no way to automatically put purchases on hold. There were no virtual credit card numbers. There was no incoming fraud department call. Thankfully, the banking industry has done well. All of my accounts have fraud alerts and virtual cards. Every login has MFA attached to it. I have password managers for work and for personal life. My clients’ passwords are kept secure and my passwords and other personal information are kept secure and in sync between my computer and my mobile device.
Where possible, my password manager handles the MFA and I use its audit feature to tell me if a site is insecure, if I’ve reused a password, if there was a breach, and if a password is weak. I rarely have to type in a password anymore (unless it’s new, of course). I also never have to remember more than the main password which, while at times it’s inconvenient, is just fine. A little inconvenience is worth the security.
Physical Security Tools
My office has an alarm system. My wifi network is secured. My locks have all been changed and have new security codes. I have security cameras and a dog. If I’m going to have customer data in a location, that location is secured. I use VPN whenever dealing with client data and every service I employ is secured. I hire professionals for the important services – legal and financial. All of this helps me keep my insurance costs down. Also, always lock your car…even when it’s in the garage.
Consider the tools you already use in securing your business and your clients’ data. Does your list look like mine? To review:
- Business Insurance
- Virtual credit cards
- Device and user management tools
- Alarm system
- Network security (and audits)
These are the basic tools I used to secure my consultancy. What do you use in your business? Let’s take this discussion over to the JumpCloud Lounge #admin-life channel!