Bob YoungFeb 2, 2024

Interesting insider threat data leak today. This is a good example of a non-malicious, but potentially harmful, data leak.

SCENARIO
My client is a construction company.

I provide IT services by the hour, and some monthly contract services.

My client hires a CPA to take care of some financial issues and taxes. The CPA isn’t a full-time employee.

My client paid me to get the CPA set up with remote access through the company VPN. The CPA has access to QuickBooks, and also an Accounting folder on the file server.

We have an SMS text messaging group containing three people: the Owner, the CPA, and me. If the CPA has any issues with remote access to the LAN, the CPA uses this group to request my assistance.

THE DATA LEAK
The CPA used the IT messaging SMS group to ask the Owner a question about an issue with the bank. As the outside IT support person, I have no need to know this information.

RESOLUTION
I contacted the Owner via a direct SMS message and pointed out that it might be better for the CPA to use direct SMS messages to communicate about financial issues.

ANALYSIS
No one is at fault here. Making the Owner aware of the issue is my responsibility, since cybersecurity awareness training is something that every MSP should do.

#cybersecurity #training #managedservicesprovider

Show threadMike | Raymond TecOct 19, 2023

I had a client who wanted to migrate to me for their MS email services a year ago and I had to become a reseller. I get bombarded regularly with emails from the company I signed up through. Capitalism sure loves middle men.

Thoughts on back up solutions? Is this all just scare tactics? I haven't read it yet, I'm saving it for when I'm casting about for something to do.

https://www.pax8nebula.com/m/71b40fca8cfd823e/original/NA_Guide-to-Selling-Backup_2023.pdf

#PAX8 #Reseller #MSP #ManagedServicesProvider #Backup