Guest Column | November 12, 2020

Help Your SME Clients Use The Cloud Office Securely

By Liron Barak, BitDam

The E-WorkBook Cloud

As an MSP, you know that many small businesses are migrating their offices to the cloud. You help them with this migration which will enable them to increase business productivity and reduce costs. You also help them deploy collaboration platforms that allow remote work and increase internal and external collaboration. Unfortunately, migration to the cloud and the use of cloud-based collaboration tools also means that these businesses are more exposed to cyberattacks than ever before. 

The need for cloud-native security for your small and midsized enterprises (SME) clients’ business collaboration platforms is on the rise. With your clients coming to you for advice, here are some tips for helping SME clients use their cloud office securely. 

The Game Has Changed

Unfortunately, traditional cybersecurity based on the knowledge gained from past attacks, is no longer effective, as bad actors change their attack methods daily. Add into the mix malware automation and hacking kits available on the dark web, and you have SME businesses that are highly vulnerable to attack.

While large enterprises adopt advanced threat protection to secure their email, cloud drives, instant messaging (IM), and other productivity tools on the cloud, because of limited resources, SMEs are typically left behind and are easy prey for attackers. Worse, a large enterprise can usually survive a serious cyber-attack – an SME, however, might very well never recover.

Another important factor is that at one time protecting clients in the traditional office environment was relatively straightforward. Today, thanks to cloud-based office tools, you have employees accessing company data from multiple devices – including personal devices – from various locations, each with differing levels of security. 

5 Practical Tips For Cloud Office Security

Happily, it’s not all doom and gloom for SMEs. In working with a good MSP, SMEs can effectively protect themselves from cyber threats, and it doesn't have to be overly complex or expensive. Here are some tips to get started: 

  1. Email is still the main attack vector. Anyone can email your clients. Email is notoriously easy to fake and it can easily deliver malicious payloads. Contrary to what most clients believe, the protection level offered from standard Google/Microsoft settings as part of their email package is insufficient. Clients should start by ensuring they have their email adequately protected. 
  2. How vulnerable is your SME client to a cyberattack? You can effectively identify this by setting up a free breach and attack simulation (BAS) tool to always be on top of your clients’ security gaps. You don't need to be a cybersecurity expert for this. There are simple tools out there that any MSP can manage, even if you don’t have particular cybersecurity expertise. 
  3. Work-from-home (WFH) does not have to mean less security. Protect your clients’ collaboration tools such as Zoom, Slack, Google Drive, OneDrive, and Dropbox. Most of these tools have security add-ons that are simple to deploy. To browse these tools and find one that works for you, try checking out platforms like the Azure MarketplaceZoom marketplace, and others. There are security solutions that work with multiple APIs so that you can protect several collaboration channels from one place (for example: protect O365 email, OneDrive, Dropbox, and Zoom all with one product). This reduces overhead and resource drains, and lets you monitor multiple platforms with one system and using one dashboard. 
  4. Select security tools that are easy to deploy and manage. Offering your customers advanced threat protection for their email and other collaboration platforms doesn’t necessarily mean additional overhead or added operational cost for you. Especially with cloud-native solutions, there are security products that are deployed with literally two clicks. Choose one with proven low false-positive rates, and almost nothing further will be required from your end – it may even save time for your SOC/security team.
  5. As an MSP, an email security solution that can block attacks before they reach the inbox would be preferable. This type of solution saves remedial action and dramatically reduces overhead. No more cases of users receiving a suspicious email, sending it to IT, who in turn send it back to you to ask if it’s phishing or not. Blocking phishing and malicious emails before they reach the end user will save a lot of hassle for both you, the MSP, and the organization’s IT person or team. 

Protect Your Clients – Differentiate Yourself

In these highly competitive times, and as clients’ awareness of cyber threats increases, you as an MSP must seek to differentiate yourself in this space. By doing your homework before your client does theirs, you can give effective advice and offer your clients tremendous added value. 

Research has shown that except for economic uncertainty, the one thing that keeps most MSPs awake at night is client cybersecurity. Combine this with the fact that 79 percent of SMEs report that cybersecurity is the top IT challenge they face, and you quickly see why this is a hot topic for your clients.

It is possible to offer top-level protection for SMEs using the cloud office at an affordable cost. With a little market research, you can find highly effective and affordable solutions to keep your SME clients protected.

About The Author

LironLiron Barak, CEO and Co-Founder of BitDam, has over 10 years of experience dealing with the most sophisticated cyber threats and exploitation techniques. Before founding BitDam, Liron served in Unit 8200 of the Israeli Intelligence Corps where she managed teams of highly skilled individuals and was responsible for the development of cyber technologies used by the entire intelligence community. Liron earned her bachelor’s degree in Computer Science during high school and completed a master’s degree in Computer Science, with a specialization in Artificial Intelligence and machine learning, while serving in the army.