For MSPs that want to start the new year off right with their clients, having a heart-to-heart talk about poor cybersecurity habits can help inspire a more meaningful discussion about their vulnerabilities and improving their security stature in 2023. Barracuda recently hosted a webinar encouraging MSPs and their customers to shake off some of these not-so-best practices.
The past several years have brought significant changes in technology and security. Digitization efforts at many companies have accelerated, in some cases hastened by the pandemic and supply chain disruptions that led more organizations to embrace remote work, cloud-based applications, and other approaches. As a result, the business perimeter as we know it has essentially collapsed – users, endpoints, and data are often outside the protection of a firewall or VPN.
At the same time, the talent gap has widened as more companies compete for a limited number of qualified IT staff and security experts while the cybersecurity threat landscape continues to expand and evolve.
So, if you’re looking for a good New Year’s Resolution, consider breaking these 10 cybersecurity habits:
#1. Don’t assume your company and customers are safe.
It’s clear that all companies, regardless of how small, are potential targets for cybersecurity attacks. Yet, smaller companies often present better targets since they’re less likely to be prepared to ward off attacks. And MSPs also remain high on the list of valued targets since a breach at an MSP can open access to client networks. Therefore, security should be a top priority for every company, regardless of size.
#2. Don’t think of cybersecurity as a single solution.
Client IT environments and the threat landscape are constantly evolving. Service providers and end customers should be vigilant about protecting their attack surfaces to ensure criminals can’t leverage vulnerabilities and access their data. There is no single silver bullet that can completely protect you; you need a layered approach.
#3. Don’t take security awareness for granted.
Most successful cybersecurity attacks can be traced back to human error. Therefore, clients and their employees need to be educated (with regular refresher training) about potential risks, recognizing scams, and taking steps to protect their digital identities.
#4. Stop relying on a single layer of security.
As noted above, too many applications and data assets have migrated outside the confines of the corporate campus. A multilayered approach to security is the only safe way forward, securing applications, cloud assets, identities, users, endpoints and networks. The more hoops criminals have to jump through, the harder it is for them to succeed.
#5. No more delaying software updates.
Patches and updates are critical to prevent cyberattacks (many of which take advantage of known vulnerabilities for which patches exist). Managing the thousands of updates released each year is daunting, but tools can help automate this process for MSPs and their clients.
#6. Recognize there are many ‘phish’ in the sea.
Cybercriminals continue to rely on phishing to initiate other types of attacks. Ensure users know how to recognize phishing attempts and what to do when they encounter suspicious emails, links, or texts.
#7. Don’t downplay the value of multifactor authentication.
There is a huge market for stolen credentials, so multifactor authentication (MFA) is a vital part of a layered approach to securing data and applications. Additionally, many MSPs are being asked by cyber insurance providers to implement MFA.
#8. Shift from a reactive to a proactive approach to security.
By continuously monitoring networks and applications, MSPs and their clients can detect threats faster and deploy mitigation strategies to limit the damage. Additionally, artificial intelligence and machine learning tools can help companies manage this analysis, making it easier to spot abnormal activity without relying on staff to catch these potential attacks manually.
#9. Don’t forget about backup.
Service providers have been educating clients about backing up data for decades, but it remains a key piece of the security puzzle. Even if you’re the victim of a successful ransomware attack, having up-to-date, accessible backups can help avoid business disruptions. Of course, testing and validating the backup and recovery plan is also critical.
#10. Don’t let your incident response plans go stale.
When there’s an attack, having an up-to-date incident response plan in place will ensure that your team can act immediately. The plan should include defined roles, contact information, and clear steps to stake a response to common security incidents. This will speed up recovery and makes everyone’s lives easier.
By breaking these poor cybersecurity habits, MSPs and their customers can make 2023 a safer, more secure, and profitable year.
Photo: Maxx-Studio / Shutterstock