In collaboration with the National Cybersecurity Alliance, the National Cybersecurity Division of the Department of Homeland Security has been recognizing National Cybersecurity Awareness Month every October since 2004. The goal is to educate individuals and businesses on cyber risks and best practices to promote increased awareness.
While cybersecurity is critical to keep in mind year-round, the month of October offers us an opportunity to re-think our strategies. In observance of this, we have compiled a list of tips to help you make sure your cybersecurity — and your customers’ — is up to date.
The cybersecurity basics
1. No one is immune to cyberthreats. Cybercriminals are no longer targeting enterprises; they’re targeting all organizations. In fact, 43 percent of all cyberattacks in the United States are aimed at SMBs, according to the Small Business Trends.
2. Protect from social engineering and phishing attacks. As phishing attacks become more sophisticated, it’s important to educate users to spot and report phishing attacks. When in doubt, don’t open emails from unknown sources, and if you see an email that looks like it’s from a familiar contact but seems suspicious, give them a call rather than responding via email.
4. Travelers should take extra precautions to guard themselves from cyberthreats and protect the devices that they bring on the road. This includes implementing web security, backing up all files, ensuring multi-factor authentication (MFA) is in use, and software is updated.
5. Don’t wait until something goes wrong. Be proactive by talking with your customers about threats that may impact their business and how they can defend against them. Check out this webinar that Barracuda MSP hosted focused on Data Protection 101.
6. Use stats to communicate the importance of this topic to your customers. For example, roughly 81 percent of all data breaches happen to small businesses, and 60 percent of SMBs that are breached go out of business within six months.
7. Teach end users how to protect themselves from attacks. For example, show them how to turn off auto-downloads for attachments and to save and scan attachments before opening them.
8. Show your customers examples of what an attack might look like from the end-user perspective. Examples like these ones will make your recommendations more effective.
9. Keep your customers informed about current threats with an email blast or webinar or include a cybersecurity section in your customer newsletter. You can also sign up for Cybersecurity Threat Advisories, as a way to stay up to date with the latest threats.
10. Schedule regular refreshers and tests with end users on best practices for password management and protecting themselves from phishing and keylogger scams. Encourage them to participate by offering rewards to people with the top scores.
11. Encourage your customers’ employees to share potential errors, such as accidentally clicking on a suspicious link. Sharing these experiences with others can minimize the amount of time between a potential breach and getting it fixed.
Staying up to date
12. Failing to update operating systems can pose a serious threat. Ensure clients are using supported operating systems and apply security updates in a timely manner to maintain a healthy security posture.
13. Strong asset management to bolster security. As more businesses embody the Bring Own Device (BYOD) culture, it is important for MSPs to discover these new assets, assess the security states of these assets, and apply security measures such as installing antivirus, web security, and many more to ensure the new devices won’t become the weakest link in client’s network.
14. Having AI-powered security will allow you to stay up to date with the latest cybercriminal tactics, especially since email is the top attack vector.
15. Make sure a password policy is in place both within your own company and for your customers’ operations.
16. Stop writing down passwords and storing them right in plain sight! Teaching customers ways of generating secure but easy-to-remember passwords seems like a difficult task, but it can be a game changer for security threats.
17. Avoid password reuse. If a hacker gains access to one of your accounts and all (or most) of them use the same password, you’re in trouble.
18. Set recurring expiration dates for passwords. If you don’t do this, you increase the odds of former employees accessing your system. The small inconvenience of having to reset passwords intermittently will be outweighed by the benefits of knowing only current employees have access.
19. Consider offering password management as a service. Not only does this address a need for your customers, but it will also cut down on support tickets, create brand loyalty, and increase your revenue potential.
20. Schedule regular backups. Some cloud backup offerings provide the advantage of sophisticated version histories, which is a critical component to successful restores. If you only back up a single version of your files, it is possible that your software has backed up an infected or corrupt file. By saving as many revisions as possible, solution providers have a better chance of restoring to a clean version of their data in the event of a cyberattack.
21. Schedule multiple types of backups. For example, Barracuda MSP offers image, file, and virtualization backup. Take advantage of options like these and use at least two of those methods on each server you back up. Depending on the reason for the restore, one backup type may be more useful than another. According to one of our Partners, here’s a scenario where this works: You find a file is missing, and when you look to restore you notice it went missing beyond the two weeks that you keep on image backup. However, since you did file backup as well with say one month or one year retention, you’re able to restore the file easily.
22. Dispose of old data the right way by effectively erasing files. We recommend complete physical destruction of devices such as hard drives or leveraging a “secure delete.” According to the U.S. Computer Emergency Readiness Team, reformatting your hard drive, CD, or DVD, may superficially delete the files, but the information is still there. Unless those areas of the disk are effectively overwritten with new content, it is still possible that knowledgeable attackers may be able to access the information.
23. If your customer has a guest Wi-Fi, separate it from the company network. We recommend separating it from the company network with two separate routers or a system that provides that separation for you. This will ensure that any threat that enters via the public Wi-Fi won’t cross over to the business system.
24. The FCC recommends making workplace Wi-Fi networks secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID).
25. Keep an eye on permissions. When it comes to granting access to important data and applications, it’s not a case of the more, the merrier. You’ll want to speak with key stakeholders to figure out who truly needs access. Then, use that information to limit access, accordingly, making sure that everyone knows who has access to what.
26. Implement data retention policies. Not only does this help support compliance in many highly regulated verticals, but it mitigates the risk associated with stolen data. Unneeded data can only be stolen if you keep it around.
27. Use encryption policies like military-grade 256-AES (Advanced Encryption Standard) encryption technology to secure customers’ data stored in the cloud and use SSL (Secure Sockets Layer) encryption technology for their data in transit. To make your security policy even stronger, look for a data protection solution that uses private key encryption (PKE) technology.
28. Consider compliance. Levels of regulation vary from industry to industry, but it’s critical to think about how security policies can be leveraged to help with compliance needs. Service providers should help customers determine and understand what they are liable for, and factor that into security plans.
29. Have a disaster recovery plan in place so if something does go wrong you know what to do. This includes identifying the types of risks you need to prepare for, analyzing the potential impact of the threats, and testing and optimizing a plan.
30. Consider adding cyber warranty. This is relevant for both SMBs and MSPs alike, not as a replacement but as a complement to effective security policies. Since your customers rely on you for IT support, it is only a matter of time before someone decides that the MSP should be held responsible when things go wrong. You can watch this webinar on why it pays to be prepared.
Photo: Andrii Yalanskyi / Shutterstock
This post originally appeared on Smarter MSP.