Share This:

Train employees

As cybercriminals step up their attacks, aided by AI and other technologies, it’s critical for managed service providers (MSPs) and their clients to reinforce cybersecurity awareness efforts among their employees to create a human firewall.

According to the World Economic Forum, 95% of data breaches can be traced to human error. Security awareness and training can help stop many types of attacks, which rely on social engineering and manipulation as much as technology skills.

With generative AI, criminals can avoid many of the traditional telltale spelling and grammar errors of phishing emails and spoofed websites. AI also helps attackers craft more convincing phishing email language based on data from employee social media feeds, company emails, and other sources.

The emergence of AI-based tools has helped criminals launch more successful attacks. So, both the MSP and their clients must train their employees to spot suspicious emails.

Recognizing email threats

If an email arrives asking for sensitive data (passwords, account numbers, etc.), employees should be trained to corroborate the email in person or over the phone with the sender, and to make their IT or internal security teams aware of the potential attack or breach.

MSPs and their clients should ensure that employees are aware of the level of this threat. They need to understand that ransomware attacks are increasing, as well as receive regular updates alerting them to current security threats.

CISA’s best practices

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) provided additional guidance on best cybersecurity awareness practices as part of its Secure Our World campaign. CISA emphasized four best practices to help staff avoid falling for a phishing attack. Those include:

  • Encourage the use of strong passwords and password managers. Most users must juggle dozens of passwords. This is why many people fail to create strong passwords — they’re hard to recall. Businesses need strong password initiatives to include access to password managers to address user frustration. Strong, unique passwords will help protect accounts from being compromised, while the password manager platform will eliminate the frustration associated with forgetting those passwords.
  • Enable multifactor authentication (MFA). Strong passwords aren’t infallible, so MFA plays a key role in securing network and application access. A secondary method of confirming a user’s identity can protect accounts even if a password has been compromised. For businesses, MFA should be part of the default approach to account configuration.
  • Train employees to recognize and report phishing attacks. Scam emails are the primary way cybercriminals trick workers into revealing sensitive account information and data. Provide employees with training on common signs of a phishing attack. Include clear guidance on reporting attacks to the IT security team and management, as well as what to do with the email (delete, quarantine, etc.).
  • Enforce software updates and patching procedures. Software updates help protect your applications from emerging vulnerabilities. Updates and patches can be managed centrally during off-hours to reduce user inconvenience or unwanted downtime. Automatic update settings can streamline this process. For complex IT environments, MSPs can help organize and prioritize these updates based on urgency and scope.

Managing cybersecurity efforts

Cybersecurity software and technology can only go so far in protecting networks, data, and applications. For security-centric MSPs, regular client updates and employee training are just as critical for reducing the likelihood of a successful attack and mitigating the damage.

MSPs can also leverage remote monitoring and management platforms, phishing simulation solutions, and other technologies to help streamline these education efforts.

Cybersecurity awareness should always be at the top of mind for both the MSP and their clients, and these efforts should include regular training and updates for all employees.

Note: This was originally published at Channel Pro Network.

Photo: Standret / Shutterstock

Share This:
Chris Crellin

Posted by Chris Crellin

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management. Chris joined Barracuda MSP from Backupify/Datto, Inc. where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.

Leave a reply

Your email address will not be published. Required fields are marked *