When it comes to keeping your business protected against cybercriminals, it’s way too important to do it yourself. I’ve worked in IT for 25 years, and as the CEO of Astrix Cybersecurity I’ve seen many holes and flaws in MSPs’ online protection. The tactics used by cybercriminals to extort money and data from businesses have become increasingly complex. Thankfully, cybersecurity solutions have developed alongside criminal tactics. I’ve partnered with Pax8 to support their business and help protect them from the bad actors looking to profit from their hard work.
MSPs are at the frontline when it comes to keeping their clients’ organisations secure. But who are they working with to ensure that their cybersecurity strategy is up to scratch?
Why Are MSPs Overlooking Their Own Security?
At Astrix, we regularly see MSPs not adhering to the basics when it comes to cybersecurity best practices. Staff logging onto business applications as administrators rather than users, the absence of formal training, and a lack of regular vulnerability assessments are just three examples of flaws in cybersecurity measures. It’s important not to be complacent when it comes to keeping a business safe online. MSPs can think they have everything sorted, or be so focused on their clients’ protection, that they leave their own network exposed. Don’t get stuck in the mindset that ‘it’s working for me, so I don’t need to do anything.’ There’s always something else that can be done to keep an organisation more secure against cybercriminals.
There’s a difference between selling cybersecurity solutions and implementing them. Business systems and practices become entrenched, and flaws in systems become increasingly difficult to spot. The nature of technology means that both online threats and protective software are constantly becoming increasingly advanced. Measures implemented years ago — even months ago — are no longer sufficient. Keeping an organisation adequately protected against cybercrime is time-consuming, but it’s a task that’s well worth the investment.
Flawed Cybersecurity Measures Mean Increased Risks to Businesses
The risks posed to MSPs by criminals are countless and can often be devastating to businesses. If an organisation is successfully breached by a criminal, it could bring the whole operation to a halt and cost significant sums of money. Worse, the criminal could sit within the business’ network and attack clients from the position of privilege held over these networks by MSPs. Is it worth saving time and money now to risk potentially astronomical costs and reputational damage later?
In the past four months alone, 15 of 30 MSPs audited by Astrix Cybersecurity had security policies that weren’t up to scratch. While most MSPs recognise the issues and risks posed and implement security policies, these often aren’t sufficient. On multiple occasions, the MSP had implemented a top line endpoint security product, but they hadn’t configured their SPF or DMARC record correctly. Ensuring robust cybersecurity practices to protect a business means doing the basics well and consistently.
Keeping Your Business Protected
There are several ways to keep a business secure. Installing multi-factor authentication software on all applications and ensuring that all passwords are randomly generated and safely stored using software like LastPass are arguably the most important and easy changes to make. Pax8 offers world-class security vendors — so build these into a robust security policy.
Cyber insurance is a key investment for any MSP business. A breach in a business’ security is likely to be costly. Taking out insurance now could save the money that would otherwise be spent on remediation fees if the worst-case scenario becomes a reality.
Arguably, the most effective tool in an MSP’s arsenal when it comes to keeping an organisation secure is ensuring that team members know what to look out for. Regular and in-depth training will play a key role in minimising the risks posed by cybercriminals to a business’ data and profits. Make sure that people know the warning signs, and what to do if something doesn’t look quite right.
Another point to consider is how many members of a team are accessing the business’ online workspace as an administrator unnecessarily. Granting staff admin rights rather than the rights of a user will make them more attractive targets for hackers and increase the potential damage they could inadvertently cause to a business if they make a mistake. While regularly updating user rights for each employee may take additional time, it’s a worthwhile investment when it comes to keeping an organisation’s data secure.
Cybersecurity is too important to manage yourself. Join me at a Pax8 Cybersecurity Masterclass to learn how to keep your organisation, its data, and its profits secure.