Strong cybersecurity awareness should be a priority every day, but October serves as a great reminder for all of us to stay vigilant. The Cybersecurity and Infrastructure Security Alliance (CISA) recommends the following simple yet powerful tips to boost online safety. As a managed service provider (MSP), below are tips that can help you educate and encourage your customers to secure their environments.
Tip #1: Use strong passwords
Creating unique, strong passwords is easier in theory than in practice, especially with the recent shift to digital transformation. A recent study by NordPass shows that an average person has approximately 100 passwords. This is about a 20 percent increase from a year prior.
As an MSP, it is important to ensure users are using strong passwords to protect your customers. However, setting up Single-Sign-On (SSO) can go a long way. Additionally, adding password management to your service offerings can create value to your clients.
Tip #2: Enforce multi-factor authentication
Verizon states that nearly 80 percent of data breaches are initiated by attackers using weak or stolen passwords. Multi-factor authentication (MFA) can be leveraged to help reduce the risk of account takeovers and provides a secondary method for identity verification. While many users may have experienced MFA alert fatigue, it is essential to enforce the use of MFA.
Alternatively, MSPs can implement Zero Trust Network Access (ZTNA) tools to offer users passwordless authentication. ZTNA follows the principle of least privilege, ensuring access is granted only after verifying the user’s identity, device, and location—not just relying on credentials. This approach is considered more secure than solely enforcing MFA.
Tip #3: Spot the phish
Barracuda’s recent ‘Top Email Threats and Trends’ research found that scamming and phishing make up 86 percent of social engineering attacks. As an MSP, you are well aware that the cyberthreat landscape is constantly changing. One of the most common tactics leveraged by cyber criminals is phishing. Phishing involves malicious actors deceiving users into clicking on harmful links or opening attachments that can steal personal information or infect their devices.
To combat phishing attacks, it starts with education. Educating users to recognize and report phishing such as misspellings, urgent requests, and alarming language, can help your customers build a human firewall to reduce human errors. Including security awareness training in your managed security service offering not only provides an additional layer of security defense to your customers but can easily add an additional revenue stream to your business.
Tip #4: Stay up to date with security patches
On average, there were 1,900 monthly critical common vulnerabilities and exposures (CVEs) in 2023. According to Coalition, this number is on track to grow to 2,900 per month in 2024. Cybercriminals thrive on taking advantage of unpatched vulnerabilities to exploit. Read ‘The MSP’s Guide to Patch Management Best Practices’ eBook to learn how you can maximize patch management efficiency and enhance your service offerings.
Stay ahead of the game and subscribe to SmarterMSP.com’s Cybersecurity Threat Advisories for information on the latest cyberthreats. These include expert recommendations to help minimize you and your customers’ risks.
It’s important to prioritize these recommendations to ensure the online safety of you and your customers. Whether at home or in the office, these steps are essential for securing your environment and staying ahead of evolving threats.
Photo: Ground Picture / Shutterstock
