Q: Every week, there seems to be a new threat I need to educate my customers on. I know it’s important to teach them what to watch out for, but I feel like we’re creating a lot of noise. What are some different approaches I can take to educating my SMB customers about security concerns?
Robust security solutions and educated users continue to be the best defense against today’s sophisticated threats. While it may seem like headlines are creating a lot of noise and distracting from your message, it’s important to continually educate your SMB customers on cybersecurity best practices, so they can help mitigate the risks of falling for an attack.
Adding new solutions to your portfolio may be straight forward, but educating users about today’s evolving threats is no easy task. To help shed some light on different approaches you can use to get through to your customers, we talked to some of your MSP peers and Hatem Naguib, the senior vice president of Barracuda’s security unit. Your MSP peers shared some interesting tactics you might already use, and Hatem suggested a new approach you might want to try.
Security education shouldn’t be optional
Every single customer needs a security education program, Hatem says. But, there are a lot of different approaches you can take. These range from very basic, such as when the customers are being onboarded and get presented with high level information, to more robust types of training that happen annually or semi-annually. For example, you can use newsletters or integrate programs that test multiple threat vectors, such as voicemail, email, and text.
Social engineering tactics and phishing attacks have become more prevalent, so it’s important to keep customers up-to-date with tips and tricks on how to mitigate attacks. CB Tech Support’s Marc Pickard shares that in addition to their quarterly business review, where they share cybersecurity best practices, they also send out monthly newsletters and weekly social media posts with tips and tricks to continually educate their clients on sophisticated attacks that are lurking.
Cyber criminals are constantly changing their tactics, though, making it difficult to keep customers up-to-date on the latest threats. Sometimes, by the time they’re educated, it’s too late. That’s why Brent Fairbanks of Electronic and Computer Specialties Inc. takes a unique approach to educating his clients by conducting monthly dark web scans for them. Everyone is a target, and the smallest crack in a customer’s network can be enough for a cybercriminal to infiltrate.
A security education approach built for MSPs
It’s great for MSPs to share best practices with their SMB customers, but in today’s security climate MSPs need to get integrated into their customers’ security strategies and become part of the solution, Hatem explains. Investing in a security education platform allows you to deliver timely educational content, newsletters, and see if users will fall for a simulated attack. Human error is the root of many security concerns, which is why SMB employees need to be vigilant about recognizing attacks. Before investing in a solution like this, take the time to research an education program that takes a holistic approach to protecting customers.
For example, Barracuda recently acquired PhishLine, an email security platform that provides security awareness training, Hatem shares. This training extends across numerous threat vectors including, emails, SMS, texts, voicemails, USBs, SaaS products, Facebook, DropBox, Office365, and more. The automated training and content can be tailored toward the attacks customers might see across applications in their vertical, like the health industry or CPAs, Hatem says. He explains that this allows customers to learn in little vignettes focused on each type of attack and how to remediate and avoid it. With regular, timely updates using a solution like PhishLine, you can run specific educational campaigns throughout the year and educate customers and their employees on how to mitigate these attacks in the future.
Another thing you want to do is pick a platform that not only offers flexibility with the educational campaigns you can run, but also shows the value your customers are receiving. While it can be nice to know that a customer clicked on a phishing email, it’s also helpful to know what they have clicked on, what time of day, and what device they were using. This enables you to tailor your approach when you’re training them. Strong data and analytics can help you improve your customers’ security defenses, keep track of new employees coming onboard, and track their progression over time. It also gives you the opportunity to provide incident response capabilities, for example changing firewall rules and credentials—creating a strong layer of defense against sophisticated cybercriminals.
Threats are becoming more sophisticated, and cybercrime shows no sign of slowing down. As an MSP, it is your job to make sure your customers are adequately prepared to protect their business-critical data and thwart cyber-attacks before it’s too late.
Photo: Khakimullin Aleksandr / Shutterstock.