Take action! 30 Essential tips to boost your cybersecurity

October, declared as Cybersecurity Awareness Month, is the perfect time to revisit and reinforce your cybersecurity strategies, ensuring both you and your customers stay safe from the latest digital threats. Since 2004, the National Cybersecurity Division of the Department of Homeland Security has partnered with the National Cybersecurity Alliance to educate individuals and businesses about cyber risks and best practices, fostering greater awareness across the community. 

To empower you during this pivotal time, we’ve compiled a dynamic set of tips aimed at enhancing your cybersecurity practices—and those of your clients—to ensure they aren’t just current, but cutting-edge. Let’s make this month count! 

The cybersecurity essentials 

1. Everyone is vulnerable to cyberthreats. Cybercriminals don’t discriminate based on the size of an organization. In fact, data from Barracuda reveals that smaller firms face a greater danger. Small Business Trends noted that 43 percent of cyberattacks in the United States are directed at small to medium sized businesses (SMBs).  

2. Be mindful of social engineering and phishing attacks. As phishing attacks can now be AI-powered, it’s important to remind users to spot and report these threats. When faced with uncertainty, it’s best to steer clear of emails from unfamiliar sources. And if an email appears to be from a trusted contact but raises your suspicions, pick up the phone instead of hitting reply—better safe than sorry!
3. Implement a robust intrusion-prevention system and security software on every computer to safeguard your network from potential threats. We recommend a combination of endpoint detection & response (EDR), firewalls, and spam filters.
4. Enable multi-factor authentication (MFA) for all workers, regardless of if they are in-office, hybrid, remote, or frequent travelers. Everyone must be vigilant against cyberthreats.
5. Don’t fall behind on security updates. As of August 2024, there were over 25 thousand IT security vulnerabilities and exposures (CVEs) disclosed according to Statista. Cybercriminals will often target these publicized vulnerabilities to exploit as many victims as they can before organizations apply the security update. Stay up to date with emerging vulnerabilities by subscribing to SmarterMSP.com’s Cybersecurity Threat Advisories.

Raising awareness 

6. Use stats to communicate the importance to your customers. For example, roughly 31 percent of all cyberattacks are done by phishing and 60 percent of SMBs that are breached go out of business within six months. 

7. Empower end users with the knowledge and skills to defend against attacks. For example, show them how to turn off auto-downloads for attachments and to save and scan attachments before opening them. 
8. Show your customers examples of what an attack might look like from the end-user’s perspective. Examples like these will make your suggestions more impactful.
9. Update your customers on the latest threats through an email blast, a webinar, or by adding a cybersecurity section to your newsletter. You can also sign up for Cybersecurity Threat Advisories, to stay ahead of the latest threats. 
10. Organize regular refresher sessions and tests for end-users on password management best practices and how to defend against phishing and keylogger scams. Boost engagement by offering rewards for those with the highest scores to encourage participation.
11. Encourage your customers’ employees to share potential errors such as accidentally clicking on a suspicious link. Sharing these experiences with others can significantly reduce the time it takes to identify and resolve potential breaches.

Staying up to date 

12. Failing to update operating systems can pose a serious threat. Ensure clients are using supported operating systems and apply security updates in a timely manner to maintain a healthy security posture.  
13. Maintain strong asset management to bolster security. As more businesses embody the Bring Own Device (BYOD) culture, it is important for managed service providers (MSPs) to discover these new assets, assess the security states of these assets, and apply security measures such as installing antivirus, web security, and many more to ensure the new devices won’t become the weakest link in client’s network.  
14. Leverage AI-powered security to ensure you stay ahead of the latest cybercriminal tactics, particularly since email remains the primary attack vector.

Protecting passwords 

15. Make sure a password policy is in place both within your own company as well as for your customers’ operations. 
16. Do not write down passwords or store them in plain sight. Instructing customers on how to create secure yet memorable passwords may seem challenging, but it can significantly enhance their protection against security threats.
17. Don’t reuse passwords! If a hacker gains access to one of your accounts and all (or most) of them use the same password, you’re in big trouble.  
18. Establish regular expiration dates for passwords to reduce the risk of former employees accessing your system. While it may be a minor inconvenience to reset passwords periodically, the peace of mind that comes from ensuring only current employees have access far outweighs the hassle.
19. Consider offering password management as a service. This not only meets your customers’ needs but also reduces support tickets, fosters brand loyalty, and boosts your revenue potential.

Backups matter 

20. Perform regular backups. Certain cloud backup solutions offer advanced version histories, an essential feature for effective data restoration. Relying on just one version could mean backing up an infected or corrupted file. By preserving multiple revisions, solution providers significantly improve their chances of restoring a clean copy of data following a cyberattack.
21. Diversify your backup strategy by scheduling various types of backups. For instance, Barracuda provides options like image, file, and virtualization backups. By using at least two methods for each server, you enhance your restoration flexibility. Imagine this scenario: you realize a file has vanished and discover it’s been gone longer than your two-week image backup retention. Fortunately, your file backup, which retains data for a month or even a year, allows you to easily restore that lost file. This multi-layered approach ensures you’re always prepared for any unexpected data loss!
22. Dispose of old data the right way. We advise opting for total physical destruction of devices like hard drives or using a “secure delete” method. The U.S. Computer Emergency Readiness Team warns that simply reformatting a hard drive, CD, or DVD may only appear to remove files; the data remains recoverable. Unless those disk sectors are thoroughly overwritten with new data, savvy attackers could potentially access the information.

Wi-Fi wisdom 

23. If your customer offers a guest Wi-Fi, it’s crucial to keep it separate from the company network. We recommend using two distinct routers or a dedicated system designed for this purpose. This separation will prevent any threats that may infiltrate the public Wi-Fi from accessing the business network.
24. The FCC advises keeping workplace Wi-Fi networks secure, encrypted, and concealed. To keep your Wi-Fi network hidden, configure your wireless access point or router to stop broadcasting the network name, or Service Set Identifier (SSID).

Policing policies 

25. Stay vigilant about permissions. When it comes to accessing sensitive data and applications, less is often more. Collaborate with key stakeholders to identify who truly needs access, and tailor permissions accordingly. This ensures that everyone understands who can access what, reducing potential risks and keeping your data secure.
26. Establish data retention policies to enhance compliance in regulated industries while also reducing the risk of data theft. By eliminating unnecessary data, you minimize the potential for it to be compromised, keeping your organization safer.
27. Use encryption policies like military-grade 256-AES (Advanced Encryption Standard) encryption technology to secure customers’ data stored in the cloud and use SSL (Secure Sockets Layer) encryption technology for their data in transit. Enhance your security policy more-so by seeking out a data protection solution that utilizes private key encryption (PKE) technology.
28. Keep compliance in mind. Regulatory requirements differ across industries, so it’s essential to consider how your security policies can support compliance efforts. Service providers should assist customers in identifying their responsibilities and integrating those considerations into their security strategies.
29. Prepare for the worst by having a robust disaster recovery plan in place. This plan should outline how to respond if things go awry, including identifying the risks you need to prepare for, assessing the potential impact of those threats, and regularly testing and refining your strategy to ensure it remains effective.
30. Consider incorporating a cyber warranty into your offerings. This is essential for both SMBs and MSPs, serving as a valuable complement to your existing security policies rather than a replacement. As your customers depend on your IT support, it’s only a matter of time before someone looks to hold the MSP accountable when issues arise.

Photo: Shutterstock / Andrii Yalanskyi