Every October, we come together to recognize National Cybersecurity Awareness Month, a collaborative effort between the National Cybersecurity Alliance and the National Cybersecurity Division of the Department of Homeland Security. Since 2004, this initiative has aimed to educate individuals and businesses about the ever-present cyber risks and the best practices needed to bolster our defenses. While cybersecurity is vital year-round, October provides the perfect opportunity to reevaluate our strategies. In light of this, we've put together a comprehensive list of tips to help ensure that your cybersecurity, and that of your customers, is up to date and as robust as ever.
No One Is Immune: Cybercriminals are no longer just targeting large enterprises. In fact, 43 percent of cyberattacks in the United States are aimed at small and medium-sized businesses (SMBs).
Guard Against Social Engineering and Phishing: Phishing attacks have become more sophisticated. Educate users to recognize and report phishing attempts. When in doubt, don't open emails from unknown sources. If an email from a familiar contact seems suspicious, verify its authenticity by giving them a call rather than responding via email.
Invest in Intrusion Prevention and Security Software: Implement a combination of endpoint detection & response (EDR), firewalls, and spam filters on all computers.
Secure Your Travel: Travelers must take extra precautions to safeguard themselves from cyber threats. This includes implementing web security, backing up all files, ensuring multi-factor authentication (MFA) is in use, and keeping software updated.
Proactive Communication: Don't wait until a cyber incident occurs. Proactively engage your customers in discussions about potential threats and how they can defend against them. Consider organizing webinars to educate your clients about Data Protection 101.
Use Statistics: Utilize statistics to convey the importance of cybersecurity to your customers. For instance, approximately 81 percent of all data breaches happen to small businesses, and 60 percent of breached SMBs go out of business within six months.
Educate End Users: Teach end users how to protect themselves from attacks, such as turning off auto-downloads for attachments and saving and scanning attachments before opening them.
Show Real-Life Examples: Illustrate what a cyberattack might look like from the end-user perspective. Real-life examples make your recommendations more impactful.
Keep Customers Informed: Regularly update your customers about current threats through email blasts, webinars, or a dedicated cybersecurity section in your customer newsletter. Sign up for Cybersecurity Threat Advisories to stay up to date with the latest threats.
Schedule Regular Refresher Training: Conduct periodic refreshers and tests with end users on best practices for password management and protection from phishing and keylogger scams. Encourage participation by offering rewards to those with top scores.
Promote Reporting of Errors: Encourage your customers' employees to promptly report potential errors, such as accidentally clicking on suspicious links. Sharing these experiences can reduce the time between identifying a breach and fixing it.
Staying Up to Date
Update Operating Systems: Timely installation of security updates is crucial for maintaining a healthy security posture. Ensure clients are using supported operating systems and apply security updates as needed.
Asset Management: As the Bring Your Own Device (BYOD) culture becomes more prevalent, MSPs must discover new assets, assess their security status, and apply necessary security measures, such as antivirus and web security, to prevent new devices from becoming the weakest link in the client's network.
Leverage AI-Powered Security: Utilize AI-powered security to stay updated on the latest cybercriminal tactics, especially in the realm of email, which remains a prime attack vector.
Implement Password Policies: Enforce password policies within your organization and for your customers' operations.
Discourage Writing Down Passwords: Teach customers methods for generating secure yet easy-to-remember passwords. This simple step can significantly enhance security.
Avoid Password Reuse: Discourage password reuse, as it can expose you to multiple risks if one account gets compromised.
Set Password Expiration Dates: Establish recurring expiration dates for passwords to minimize the chances of former employees retaining access.
Offer Password Management as a Service: Consider offering password management as a service to address customer needs, reduce support tickets, foster brand loyalty, and boost revenue potential.
Regular Backups: Schedule regular backups, especially those with version histories. It's essential to have multiple revisions of your data to facilitate successful restores.
Multiple Backup Types: Use multiple types of backups, such as image, file, and virtualization backup, depending on your needs. This approach ensures flexibility in case of restores.
Secure Data Disposal: Ensure old data is securely erased. Opt for physical destruction of devices or secure deletion to prevent data breaches.
Separate Guest Wi-Fi: If your customer offers guest Wi-Fi, separate it from the company network to prevent threats from crossing over.
Secure Workplace Wi-Fi: Follow the FCC's recommendation to make workplace Wi-Fi networks secure, encrypted, and hidden. Hide your Wi-Fi network by configuring your wireless access point or router not to broadcast the network name (SSID).
Monitor Permissions: Carefully control access to vital data and applications, ensuring that only those who genuinely need access are granted it.
Implement Data Retention Policies: Develop data retention policies to support compliance and reduce the risk of stolen data. Keeping unneeded data can only be a liability.
Use Encryption Policies: Employ strong encryption, such as military-grade 256-AES and SSL encryption, to protect customer data both at rest and in transit.
Consider Compliance: Take industry-specific regulations into account and align your security policies with compliance requirements.
Have a Disaster Recovery Plan: Create a comprehensive disaster recovery plan to know what to do in case of a security breach.
Consider Cyber Warranty: Explore the possibility of offering cyber warranties, enhancing your customers' security, and potentially protecting your MSP business from liability.
As we observe National Cybersecurity Awareness Month, let's commit to implementing these tips and strategies to ensure our digital lives are secure year-round. By being proactive and informed, we can mitigate the risks of cyber threats and protect our businesses and customers effectively. Stay vigilant, stay secure!