By Tim Brown, vice president, security, SolarWinds MSP
Today’s business owners are under enormous pressure to protect their companies from a wide range of sophisticated cyber adversaries. For business owners and MSPs alike, data security can feel like a daunting task. Recentresearch from Verizon found that 60% of the time, attackers can compromise an organization in minutes. Adding fuel to the fire is that costs associated with lost business as the result of a breach average $1.57 million USD, according to research from Ponemon.
While no security strategy is 100% fail-safe, MSPs that follow these five security tips will gain an edge:
- Educate customers about security best practices. Fifty-two percent (source: CompTIA) of all data breaches are caused by human errors, ranging from employees using unsecured USB devices that end up in the wrong hands to clicking on links or attachments in phishing emails. To minimize this risk, take the time to help your customers establish security policies, train their employees on best practices, and consistently remind them that these best practices provide the first line of defense in keeping their systems and data safe.
- Restrict administrator privileges. When setting up computers for new clients, it can be tempting to take a few shortcuts to save time. One example is creating accounts with admin privileges, which can lead to a couple of problems. First, admin privileges allow users to install whatever software they want on their work computers, including infected software that can spread malware throughout the organization. Additionally, if a user’s computer is breached, the attacker will more easily gain broader access to your customer’s network and cause more significant harm.
- Update your software regularly. When workloads increase, it’s easy to put off software updates. But, if there’s one lesson we can all learn from data breaches like WannaCry, the ransomware attack that took down more than 200,000 computer systems across more than 150 countries last year, it’s this—keep your customers’ software up to date. Each of the breached computers was at least two months behind on their security updates.
- Take a multilayered approach to IT security. Another vital point to keep in mind with security is that there's no single product that protects networks in all situations. It requires multiple products (e.g., managed antivirus, patch management, web content filtering, mail security, and backup) to prevent threats coming through email, cloud-based apps, remote access services, and mobile devices. Implementing layered controls also limits what can be accessed if a breach occurs. The Equifax data breach, which exposed the sensitive information of 143 million American consumers, is an excellent example to keep in mind. According to a company statement, the breach exploited a web application vulnerability to access specific files over a period of several months. In an article from The New York Times about the breach, a fraud analyst from Gartner pointed out that Equifax should have had layered controls in place to help limit damage from the attack.
- Don’t leave backup to chance. Sometimes even with the best systems in place, ransomware or other malware can slip through and infect data and files. Rather than putting yourself in a situation where you have to pay a cybercriminal to unlock your data, it's essential to have a managed backup and disaster recovery (BDR) solution in place. If you're using unmanaged backup software, you won't be alerted if it stops performing daily backups, which typically happens after a software update or if someone temporarily turns off a backup and forgets to reenable it. Plus, if you just need a specific set of files recovered, it’s a bit excessive (and time-consuming) to restore an entire system. It’s well worth the investment to use a managed BDR that includes file- and image-based backup—locally and in the cloud—to cover all your bases.
It takes extra time and effort to implement the right security solutions, but with such high stakes for your customers—and your reputation as an MSP—it’s a worthwhile endeavor to follow the five tips we’ve covered above.