For most MSPs, the pandemic of 2020 has been a rush of implementing new policies and procedures while at the same time trying to keep customer cybersecurity fortifications intact. Wisconsin-based SWICKTech is an example of an organization that acted early to follow COVID-19 safety procedures for its staff, while still focusing on their clients’ cybersecurity needs.
On March 13, SWICKTech went fully remote. The MSP’s customer success specialists Eric Clark and Ryan Klund describe the organization as working quickly to implement seamless remote policies.
“Most people are perfectly capable of working from home,” Clark says they learned, adding that Microsoft Teams is a mainstay of SWICKTech’s remote strategy with phone and voice files in SharePoint. All of this helps the SWICKTech team work both collaboratively and efficiently.
Even now, four months into the pandemic, you will rarely find more than three people in SWICKTech’s suburban Milwaukee office. “We have been very comfortable from an operating perspective,” Clark stated when asked about working remotely.
Emerging summer threats
Being based in Wisconsin, it’s not surprising that many of SWICKTech’s clients are in manufacturing, so the MSP combats the typical cybersecurity threats found in that vertical.
As far as cybersecurity is concerned, a lot of the pandemic routines are business as usual, but there are at least two troubling new trends to keep an eye on, according to Ryan and Klund.
Consent phishing
Smarter MSP, for example, has been warning about the pervasiveness of phishing for some time. However, a more nuanced type of phishing, known as “consent phishing,” is emerging and targets sensitive data not by pilfering your password but by tricking the user into handing over necessary permissions to a malicious app. Microsoft issued a warning earlier this month calling consent phishing a “threat to keep an eye on.”
In a consent attack, an attacker registers an app with an OAuth 2.0 provider, such as Azure Active Directory, and the app, Microsoft says, is configured in a way that makes it seem trustworthy, like using the name of a popular product used in the same ecosystem. Consent phishing plays on the same social engineering tactics, at an enhanced level, that makes regular phishing so effective for hackers.
Double extortion
Klund and Clark also warn of another type of attack that has been seen, a variation of a typical ransomware attack. Even with due diligence and backups and disaster recovery in place, hackers can still lockdown an enterprise’s infrastructure and then threaten to release company data onto the dark web unless a the ransom is paid.
Of course, such a release could cripple the business’ reputation, so some companies may choose to pay. Recently CivicsSmart, a Milwaukee firm (not a SWICKTech client) that operates “smart” parking meters for cities, was attacked in a double-ransomware situation.
“We know about this attack because they have public information from municipalities, but a lot of victims are private companies,” Clark says, adding that they don’t know how pervasive the problem is.
Otherwise, Clark adds that while the terrain has changed under COVID, the tactics have not. Lund says that preying on victims by leveraging words around COVID needs to now be watched with traditional phishing attempts.
“The bait has changed, but the rod and reel are the same,” Lund says, adding that the work-from-home environment has not translated, though, into a considerable uptick in industry incidents, and zero on SWICKTech’s watch.
“A lot of industry experts thought we would see more ransomware attacks, more cybersecurity incidents,” Clark notes, but that that hasn’t panned out. People are being careful about using their devices in ways that can compromise companies.
Lund adds that the pandemic provided SWICKTech with the opportunity to apply MFA and get remote workers on VPNs. “There was a wave of work we had to deal with, but once we were on the backside, it quieted down a bit, and it was business as usual,” Lund continues.
Pandemic legacy
The one thing that Lund says will likely be a lasting legacy of the pandemic is work-from-home, both for MSPs and their clients. “This has opened up the door to work from anywhere,” he states.
SWICKTech tracks their employees work through scorecards but, ultimately, the most significant asset is trust. “We put a lot of trust in our employees, as long as the work gets done and well, it doesn’t matter where they are,” Lund adds.
Swick’s cybersecurity philosophy is a blend of speed and thoroughness combined with continually staying on top of emerging threats. They don’t wait for alerts to come to them. Instead, they are monitoring Twitter, Reddit, and other communities of IT people who see things happening in real-time. Also, they maintain close communication with their vendor partners.
“We take cybersecurity as seriously as you possibly can,” Clark advises. “We are deeply immersed in and looking at it all the time.”
If a patching notice is released, SWICKTech jumps on it immediately to implement through their client network. In addition to the under-the-hood nuts and bolts of cybersecurity, SWICKTech also takes the cybersecurity education component seriously, creating a library of webinars and podcasts on various topics. When it comes to cybersecurity, one of the most potent tools in the MSP toolbox is education, and SWICKTech leverages it well.
Photo: dandesign86 / Shutterstock