Walking the Data Security vs. Data Privacy Tightrope

Protecting personal, sensitive information from falling into the wrong hands is increasingly one of the top reasons SMBs turn to MSPs for guidance and assistance. What had once seemed like a distant, existential threat is now startingly real for businesses of all sizes as well as the individuals who entrust their private information to them.

MSP customers–and their customers’ customers–have seen enough headlines about security breaches to realize the problem is widespread. Nearly everyone has received worried emails advocating immediate password changes and free credit monitoring services, breaking the illusion that this only happens to other people and that, instead, it’s more likely just a matter of time until a breach hits them even closer to home.

But data security and data privacy aren’t the same thing–however often these terms get used interchangeably. Temporarily removing “data” from the phrase, it’s clear that these labels have quite different meanings.

“Privacy” is about keeping others from seeing your stuff. We close our window shades and put in our earbuds when we don’t want the rest of the world to know what we’re up to, creating a few barriers for the Peeping Tom and the overeager eavesdropper. But privacy doesn’t necessarily promise true protection from more inspired snoopers actively seeking this data.

“Security,” on the other hand, is about true defensive protection. It is not just designed to dissuade the casual interloper, but rather to actively defend against bad actors intentionally accessing things they shouldn’t get their hands on. It’s the keypad to enter the elevator and the armored truck ferrying cash to the bank.

A Distinction with a Difference

Discussing data security and data privacy as if they’re the same thing can be dangerous for an MSP. Customers can latch onto a belief that they’re receiving one level of protection when they’re actually paying for another, and this issue will likely come up only after an incident puts the topic in the spotlight.

MSPs can prevent such false assumptions from taking root by educating customers both on what these two terms mean and, more specifically, exactly which related services are being offered and currently paid for. While lengthy text descriptions are one approach to creating clarity while also covering the MSP’s legal liability, sometimes more visual aids can help.

Consider using a multi-column checklist to indicate which services (security versus privacy) are offered with each tier of service and for every type of data. While this level of specificity may feel like overkill, a graphical representation of precisely what’s covered and what’s not removes any ambiguity from the equation, giving both the MSP and their customers peace of mind that they share a common understanding of the situation.

Scope and Intent

Detailing what’s included in various bundles and tiers of service is critical for MSPs in every domain, but it’s particularly acute when it comes to data security and privacy. It’s a hot-button issue where an incident could have far more significant ramifications than a simple outage or system failure. Once data is exposed or stolen, there’s no putting the genie back in the bottle.

Data security offerings typically include preventative measures such as multi-factor authentication (MFA), firewalls, suspicious network traffic monitoring and encryption. Also, while not explicitly for security, automated patch deployments and version updates are another key protective layer that falls at least partially under the security umbrella.

Even physical securing of hardware, risk assessments and employee training are MSP offerings that improve client data security. The common thread in all these practices and tactics is preventing unapproved access to private data, as each layer of protection makes it that much harder for a bad actor to gain access.  Click on Page 2 to continue reading…