Cyber Security Awareness Month

Cybersecurity Tip #31: Provide Security Awareness Training

#CybersecurityTip: Did you know that cyber-attackers rely on human error and lack of attention to conduct sophisticated data exfiltration against targeted businesses, and more often then not, they succeed? Providing security awareness training for your MSP and your clients is imperative and it should not be overlooked. The good news is, you can add security awareness training as part of your service offering repertoire. Implementing employee training, security assessments and simulations, breach response services will improve your security standpoint in today's market, helping tremendously with all the new compliance requirements, such as HIPAA and PCI-DSS.

Topics: Cybersecurity Tips

Cybersecurity Tip #30: Audit Regularly & Start Reporting

#CybersecurityTip: Maintaining a cyber-safe environment is an ongoing process that requires the MSP to regularly assess their endpoints. MSPs need to conduct a thorough inventory and report on device information to determine three things. Learn them below along with the risks if devices are not monitored.

Topics: Cybersecurity Tips

Cybersecurity Tip #29: Implement Endpoint Protection

#CybersecurityTip: Protecting your clients’ endpoints is essential in today’s IT landscape, where threat actors are increasingly targeting MSPs to exfiltrate their network. During such attacks, hackers use endpoints (workstations, computers, smartphones, laptops, printers, etc.) to deploy malware. Social engineering attacks are designed to infect a workstation, for example, in order to spread the infected files into the entire MSP network. Protecting clients' endpoints from malicious activity is highly recommended for all MSPs. In addition to implementing a privileged access management tool to your security stack, learn how endpoint protection (endpoint security) can add extra benefits.

Topics: Cybersecurity Tips

Cybersecurity Tip #28: Lock Down Remote Desktop Protocol (RDP)

#CybersecurityTip: Remote Desktop Protocol (RDP) is an effective tool that allows MSPs to access and control their clients machines remotely through RMM to troubleshoot errors at any point in time. This type of flexibility is attractive to the MSP, but it is even more attractive to a threat actor. An unsecured RDP can open up many vulnerabilities if it is not properly protected, especially if malware is deployed. This can be alarming for the MSP if the following best practices are not in place in order to secure and lock down your RDP.

Topics: Cybersecurity Tips

Cybersecurity Tip #27: Remote Monitoring and Management (RMM)

#CybersecurityTip: As mentioned in the previously in, "User Remote Access Management", the need for a remote access has increased over the years, and as the IT provider, it is vital to have a system in place to manage a vast array of clients and devices. Implementing a sophisticated Remote Monitoring and Management (RMM) solution is key and it can be hard know which one to implement in your MSP. There are two types of RMM categories MSPs should know about; discover them below.

Topics: Cybersecurity Tips

Cybersecurity Tip #26: User Remote Access Management

#CybersecurityTip: Remote Access Management can be monitored through two different angles; that of the employee and that of the IT provider (RMM). In today's transient workplace, having remote access to the network for both the employee and technician is absolutely vital to protecting and securing access to assets and devices. Below, we focus on remote access for the end user. Is your MSP monitoring these risks and establishing a secure remote access protocol?  

Topics: Cybersecurity Tips

Cybersecurity Tip #25: The Risks of BYOD (Bring Your Own Device)

#CybersecurityTip: The increasing number of mobile devices in the workplace brings extra challenges for the MSP. These unsecured devices brings a flurry of additional security risks. Not only do you need to secure your clients traditional workstations, you now to have to be aware of how personal devices are being used and risks involved with company data. Whether it is saving to desktops, emailing, or using the public cloud and wifi hotspots, is it wise to help your clients assess and address the following risks. See BYOD risks listed below. 

Topics: Cybersecurity Tips

Cybersecurity Tip #24: Monitoring BYOD (Bring Your Own Device)

#CybersecurityTip: The prevalence of mobile devices in the workforce has now increased the number of employees who bring in their own devices (BYOD). MSPs have to be aware of BYOD, the risks involved, as well as, the opportunities it offers. Providing an additional service for monitoring and management of BYOD will help provide extra security of sensitive company data. BYOD management can be another service offering that can help evolve your MSP into a MSSP; from support contracts to hardware and cell phone contracts, and ultimately implementing business-specific devices. 

Topics: Cybersecurity Tips

Cybersecurity Tip #23: Offer Extra Service Opportunities

#CybersecurityTip: As a Managed Service Provider, there is a basic suite of services you will need offer to your network. Often, the base service offerings MSPs should provide include: remote monitoring/management, helpdesk, NOC, anti-virus/anti-malware, email protection, basic firewall, and now, a managed backup. Offering the basic services can keep your business busy, however, it is also good to be aware of other opportunities that available to you. Continue reading below what learn what these additional services are.

Topics: Cybersecurity Tips

Cybersecurity Tip #22: Consider Compliance Regulations

#CybersecurityTip: Managed Service Providers (MSPs) serve a variety of clients in a variety of industries. As an MSP, it is important to know your network well in order to adhere to strict compliance regulations or face serious consequences, such as a data breach or an expensive fine. The emergence of industry specific compliance regulations followed suit after standards such as the National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO). Data protection is a main concern today and often then not, many MSPs will have to comply with multiple regulations. Keep reading below for a list of common compliance frameworks MSPs need to be aware of.

Topics: Cybersecurity Tips

Cybersecurity Tip #21: Establish a Security Policy

#CybersecurityTip: Offering a security policy in an MSP adds value and can be another service offering for your clients. Policies help set guidelines for SMBs to take in order to stay secure while getting the threat education they need. Recently featured in the Passportal blog, Chris Crellin, VP of Product Management for Barracuda MSP, shares his top five best practices for establishing a security policy. See them listed below.

Topics: Cybersecurity Tips

Cybersecurity Tip #20: Effectively Erase and Dispose of Old Data

#CybersecurityTip: Does your MSP have policies or procedures in place to dispose of or destroy old data? Or is the procedure simply clicking, 'Delete'? With the growth of data in your networks, as well as, new data security policies being implemented (ex. HIPAA), what are MSPs to do data removal? The fact is, data deletions are not enough. Deleting a file only marks the space it occupies. Until these invisible 'spaces' are overwritten several times with new data, the old data can still be retrieved. Continue reading to learn how your MSP can effectively dispose of old data.

Topics: Cybersecurity Tips

Cybersecurity Tip #19: Patch Management

#CybersecurityTip: Outdated technology, especially an operating system (OS), are vulnerable to  cyber attacks and are commonly exploited. Without updates, browsers and other software are open to ransomware or exploit kits. Staying on top of OS updates can prevent costly cyber attacks, saving your clients money. For example in 2017, Windows 10 saw only 15% of total files deemed to be vulnerable to malware, while the older version Windows 7 saw 63% susceptibility. Patching and updating your software programs is crucial for MSP security. Keep updates up-to-date regularly. 

Topics: Cybersecurity Tips

Cybersecurity Tip #18: Utilize Multiple Layers of Backups

#CybersecurityTip: Best practice in data backup is using a tiered approach. This will ensure that your backups are more reliable and can be accessed securely. Offering clients various layers of backup that are automated and scheduled will help ensure safety to your MSP network. Automated backup validation and error notification should be leveraged. It is recommended that data should be backed up hourly, daily, or weekly based on your MSP's needs. Data should also be stored on and off site, via cloud-based backup that provides additional benefits. Do not use a single backup source. Some examples of using a tired approach is using binary snapshot, SQL dump, and point & time recovery.

Topics: Cybersecurity Tips

Cybersecurity Tip #17: Schedule Regular Backups and Test Them

#CybersecurityTip: Protecting against destructive cyber attacks, technology failure, user error, or even natural disasters, backing up your data and testing it regularly is key to successful backup maintenance. MSPs should offer backup solutions that are consistent and predictive, using a multi-layered approach. If a backup is not set up correctly, ransomware could have the ability to infiltrate network data, and ultimately, be uploaded to backup servers that destroy or compromises the data at hand. Subsequently, this puts your clients in an unfortunate position where in some cases, they may have to pay the ransomware in order to get their data back. Alternatively, your clients data could be lost or erased, rendering their business inoperable. These threat scenarios can be intrusive and costly, and it can be avoided.

Topics: Cybersecurity Tips

Cybersecurity Tip #16: Keep Your WiFi Hotspot Secure

#CybersecurityTip: Everyone and everything now has the capacity to connect to unsecured WiFi hotspots, increasing the threat risk for any organization. Risks such as vulnerable devices, corporate or personally owned, can pose as a major threat. Endpoint security alone is not enough to keep users safe. Some ways to protect your WiFi hotspot is to implement DNS protection that includes filtering and bandwidth monitoring integrated with endpoint security. 

Topics: Cybersecurity Tips

Cybersecurity Tip #15: Use Encryption Properly

#CybersecurityTip: Encryption is great, but it isn't everything. There are a number of things to be aware of. The Advanced Encryption Standard (AES) is to ensure data is encrypted in transit and at rest at 256-bit AESThis offers availability for a 48-character string to be converted into a 256-bit private encryption key that only you has access to. The catch: if the encryption keys are stored in the same location as the encrypted files, consider this security technique obsolete.

Topics: Cybersecurity Tips

Cybersecurity Tip #14: Use Multi-Factor Authentication

#CybersecurityTip: MSPs, double-up on your security. Use multi-factor authentication (MFA) in order to prevent unauthorized access to your network system accounts. Strong authentication is no longer a nice to have, it’s a must have - especially for MSPs who build their businesses on reducing risk for their clients. An MFA solution is critical to a complete managed services offering. Click here to discover 4 key benefits MSPs get when they leverage a powerful multi-factor authentication solution.

Topics: Cybersecurity Tips

Cybersecurity Tip #13: Avoid Storing Visible Credentials

#CybersecurityTip: Literally. As tempting as it is, avoid writing down your credentials and posting them on a sticky note on your computer for the world to see. Alternatively, avoid storing your credentials in a visible document to all staff. Avoid the password spreadsheet like the plague! Without appropriate access management tools will lead to a haphazard style of credential management. All users will then have access to sensitive passwords, granting unlimited access to IT assets that is not controlled. Maintaining password spreadsheets, printouts, text documents, or paper poses a serious security risk to your business and can be shared our insecurely amongst your technicians.

Topics: Cybersecurity Tips

Cybersecurity Tip #12: Change Passwords Regularly

#CybersecurityTip: For managed service providers (MSPs), a growing network infrastructure means a myriad of privileged credentials for a multitude of users. That is why having an active access management solution will help organize those credentials, offering capabilities to audit or rotate expired or soon to be expired passwords. It is best practice to rotate sensitive passwords every 90 days. An MSP should always keep in mind good password hygiene for their clients, for security is the utmost importance.

Topics: Cybersecurity Tips

Cybersecurity Tip #11: Keep An Eye On Permissions

#CybersecurityTip: Keep an eye on privileges and permissions. You have the control to give access at various capabilities. When using an privileged access management system, the organization administration can restrict access of users from clients, folders, documents and passwords. Entire groups of users to be easily be added or removed from accessing specific records. This provides a convenient way to add new users to a previously setup access pattern.

Topics: Cybersecurity Tips

Cybersecurity Tip #10: Pay Attention to Access Management

#CybersecurityTip: Have you paid attention to who has access to what in your MSP? Are there limitations set amongst your employees and your networks? Privileged access management helps organizations reduce the risk of security breaches by controlling user permissions. Access management helps consolidate identities and control shared accounts by allocating role-based permissions to users. In return, this streamlines technician time and allows for auditing capabilities in order to provide access visibility.

Topics: Cybersecurity Tips

Cybersecurity Tip #9: Keep Cybersecurity on Your Agenda

#CybersecurityTip: Being aware of your MSP's cybersecurity protocol is necessary to maintaining good security practice. Start with a risk assessment for your MSP's internal systems. Do you have answers for questions such as:

  • How do you protect your data?
  • How confidential is it?
  • Are limits or permissions set for all levels?
  • What is your password policy?
  • How often do you change your passwords?
  • Do you use multi-factor authentication?

There are many more questions you can ask to assess how secure your MSP is. A cybersecurity breach can be a terminal event for C-Suite executives that are not aware, presenting a huge risk to the targeted organization, it's revenues, and most of all, it's reputation.

Topics: Cybersecurity Tips

Cybersecurity Tip #8: Cyber Assess Your MSP Business

#CybersecurityTip: Have you assessed your cyber resilience in your MSP business? The Cyber Resilience Review (CRR) Assessment on the Department of Homeland Security website is a no-cost, voluntary assessment to evaluate an organization’s current operational resilience and cybersecurity practices. The assessment provides a gap analysis for improvement based on officially recognized best practices. This is a good starting point to ensure your MSP business complies with current security protocols. Access the assessment below.

Topics: Cybersecurity Tips

Cybersecurity Tip #7: Protect Against Common Threats

#CybersecurityTip: Protect yourself and your clients from the most common types of threats such as phishing or social engineering attacks. Such attacks cause businesses to lose billions of dollars each year. A recent survey estimated that in 2017, 74% of threats initially entered organizations via email. Use good judgement and train your network on not to open suspicious emails from untrusted sources. Tell your SMBs to report such instances.

Topics: Cybersecurity Tips

Cybersecurity Tip #6: Do Not Wait for a Breach

#CybersecurityTip: Do not wait until something goes wrong in your MSP or your network. Don't let a breach be the deciding factor to get on top of your security. Prevent it from happening in the first place. Be proactive to educate your clients about current threats their business is susceptible to such as phishing or stolen credentials. Train them on how recognize a potential threat and how they can protect themselves.

Topics: Cybersecurity Tips

Cybersecurity Tip #5: Schedule On-Site Client Meetings

#CybersecurityTip: It is important to stay on top of your SMBs. Make a point to schedule recurring on-site meetings with your clients. During these meetings, you will be able to check if all their safeguards and security protocols are updated and working properly.

Topics: Cybersecurity Tips

Cybersecurity Tip #4: Update Your Devices

#CybersecurityTip: Stay on top of your hardware and do necessary updates. All SMBs should be migrated to secure and recent operating systems. All internal or external devices should comply with current security protocols and official software updates. If any of your clients are still running outdated server configurations, it is now time to create a new service opportunity for them. Failing to update will pose a serious risk to your MSP and your network. 

Topics: Cybersecurity Tips

Cybersecurity Tip #3: Do Not Solely Rely on Firewall or Antivirus Software

#CybersecurityTip: Do not solely rely on firewall or antivirus software to detect a breach. Consider taking more proactive security measures such as phishing simulations or dark web scans.

Topics: Cybersecurity Tips

Cybersecurity Tip #2: Keep Up with Current Cybersecurity Threats

#CybersecurityTip: Stay informed with the available cybersecurity resources, research, or news specifically designed for MSPs and SMBs that advocate cyber safety. All MSPs can be cyber resilient against threat activity by keeping up with current advisories.

Topics: Cybersecurity Tips

Cybersecurity Tip #1: Educate Your Network

#CybersecurityTip: Did you know that Cyber Security Awareness Month is recognized all over the world? Look to your official government website or security alliance organization to educate yourself and your network on what October really means for managed service providers (MSPs).

Topics: Cybersecurity Tips