By now, you’ve probably heard all the buzz around the most recent ransomware attack called WannaCry. So far, a reported 150 countries have been affected, and according to BBC news, the fast-spreading ransomware is finally starting to slow down. While no one is certain how long this attack will last, the importance of having conversations about cyber security with your customers is at an all-time high.
To better understand how end users and small business owners feel about ransomware, Barracuda recently conducted an independent survey of more than 1,000 employees at organizations across the Americas and EMEA, and the results were eye-opening. The survey found that 92 percent of respondents were concerned about ransomware hitting their organization, and 47 percent have already fallen victim to this epidemic. What’s even more worrying is that 56 percent of the victims were never able to identify the source of the attack.
For MSPs, these survey results underscore the importance of talking to your customers about ransomware and educating them about how to protect their businesses from this growing threat. Chances are, your customers will soon be calling you—if they haven’t already—asking questions about what safeguards they can put in place to mitigate the risks of an attack. That’s why we’ll be hosting a webinar about WannaCry, ransomware, and how to talk to your customers at 1 p.m. ET on Friday, May 19.
Three things you should communicate to your customers
It is essential to communicate with your customers about security on a regular basis, not just when they call you with a question. When they do call you about the newest threat in the news, you need to reassure them that their data is safe and communicate the importance of these three things:
Users are the weakest link. When it comes to cyber security, uneducated users are the weakest link—and often one unchanged default password or a click on an unknown link can compromise an entire network. While it’s important for high-level employees and network administrators to understand the importance of cyber security, everyone in the organization needs to know as well. (Yes, that includes summer interns!) Educate your SMBs on why it’s important for everyone in the organization to understand security. If they don’t offer an education program for employees, consider adding one to your MSP offering.
How to identify an attack. Every ransomware attack has its own twist, but most ransomware variants are spread through phishing emails. Teach your customers how to identify this type of attack. While many phishing emails can be convincing, most have a slight tell. This could be a slight spelling error, a hyperlink that goes to the wrong URL, or a link that has extra text before the forward slash. For more tips about how to spot a phishing attack, check out our recent Ask Intronis post: What do my customers need to know about phishing? You can also share our interactive phishing quiz to test your SMB customers’ knowledge.
Protecting data isn’t just about security; it’s also about recovery. Do your SMB customers have the right technical safeguards in place to mitigate the risks of an attack? Cyber-attacks are sophisticated, and they can infiltrate an SMB’s network from a variety of vectors. Ensure that yours customer are properly protected. In this day and age, a firewall isn’t enough—you need to help them take a layered approach with suite of security solutions including, anti-virus, email security, next-generation firewall, and more. It’s also important to make sure customers have a data recovery plan in place in case they do fall victim to a ransomware attack. That includes backing up data on a 3-2-1 approach (three copies of data, two local, and one offsite) and testing backups frequently to guarantee that customers’ RTO and RPO times are met.
As an MSP, it’s impossible to stop the ransomware epidemic, but communicating proactive and reactive measures SMBs can take can help you mitigate the risks of an attack and help them avoid from becoming a ransomware victim.
To learn more about WannaCry ransomware and how to talk to your customers about ransomware and other emerging threats, register for our upcoming webinar: WannaCry – The Challenge and Opportunity for MSPs. Michael Parkin, a technical marketing engineer at Barracuda, will join us to discuss the current threat landscape, best practices for defending against these attacks, and how to talk to your customers about ransomware, phishing, and advanced persistent threats.