Businesses today have more options than ever when it comes to computing tools, from desktop machines and laptops to smartphones and tablets. But this explosion of digital options also has created a variety of opportunities for cybercriminals and their increasingly sophisticated efforts to hack into a company.
Small- and medium-size businesses (SMBs) can be an easy target due to their lack of resources to fend off cyberthreats, leaving them feeling overwhelmed and alone against a looming threat landscape. Currently, 43% of cyberattacks target SMBs, with 60% of SMBs reporting that the attacks are becoming more targeted, sophisticated, and harmful. The average cost of attacks has increased to $3 million, with half of that cost due to downtime.
These trends provide an opportunity for managed service providers to become trusted partners to SMBs, helping guide them toward modern, proactive defensive practices. An MSP’s cybersecurity offerings and expertise can help clients defend against a variety of attacks, whether it be phishing, malware/ransomware, zero-day attacks, web-borne threats, and more. MSPs need a multi-layered defensive approach that overlaps safeguards, limited access points, end-user training, and perimeter defenses. Essentially, MSPs need to become digital fortresses, with layers of proactive protection that serve to monitor, detect, alert, and prevent cyberattacks.
Creating a multi-layered defense that can fend off even the most sophisticated cyberattacks doesn’t happen overnight. To achieve the desired levels of cybersecurity, MSPs can follow these steps to develop security expertise and to offer adequate security in the new digital age.
Implement Identity Protection Policies and Solutions
Passwords are the key to accessing an organization’s data, but passwords are becoming an increasingly simple lock for hackers to pick. In fact, 90% of employee passwords can be cracked in six hours or less. So, in addition to implementing strong password policies, passwords should be reinforced with extra layers of security such as multi-factor authentication (MFA).
MFA safeguards access to apps and data by requiring a second form of authentication in addition to a password, such as time-based codes sent via text, email, or app; fingerprints; or answers to personal security questions. Microsoft reported that 99% of account hacks are blocked thanks to MFA, making it essential for MSPs today.
Put Endpoint Security in Place
The rise of wireless devices has drastically increased the number of endpoints in an organization. In addition to servers and desktop devices, each employee’s laptop, tablet, and smartphone adds another possible vulnerability that can be exploited to give incoming malware access to the corporate network. Currently, 70% of breaches originate at the endpoint, but 42% of all endpoints are unprotected at any given time.
Installing antivirus software is no longer sufficient, due to the proliferation of attacks, including email attachments and hyperlinks, web browsing, social media, and apps. These traditional antivirus solutions try to prevent attacks, while modern endpoint detection and response (EDR) solutions actively discover and remediate threats across devices, desktops, and servers.
Advanced endpoint protection solutions use automation, machine learning, and behavioral monitoring to detect, respond to, and eliminate a diverse range of threats, including executable or fileless malware, document and browser exploits, malicious scripts, and credential scraping.
Layer on Additional Email Security
Today, email is the top delivery mechanism for 96% of phishing attacks and 49% of malware attacks. With email as the number one vulnerability for phishing, ransomware, spam, and malware, it is critical to protect sensitive data from leaving the organization and stop threats before they can enter a network through email. The native security features of most email solutions don’t offer enough protection to combat today’s threats, so MSPs should layer on a third-party solution that can provide advanced security features.
Implement Network and Web Security Together
It is critical for organizations to fortify connections to protect and control access to their environment’s entrance and exit. Guest wi-fi networks are important to allowing visitors access to Internet only, but 54% of SMBs don’t have one. About 24% of SMBs report malicious websites and web ads as a top ransomware delivery method.
Network and web security go together to secure incoming and outgoing network traffic. Network security helps protect network systems and data from unauthorized or malicious access, while web security protects users from accessing malicious websites.
Create a Disaster Recovery, Backup, and Incident Response Plan
From malicious threats and user error to physical disasters and hardware failure, there are countless ways for an organization to lose valuable data or experience downtime, which can have a huge impact on productivity, lead to mounting IT costs, and damage the company brand.
MSPs need to know how to respond in case of a data breach, outage, or cyberattack to safeguard data and stay operational. This is increasingly important for organizations in compliance-regulated industries, such as healthcare and finance.
An effective backup and recovery plan should be able to identify the main threats to data and operations, as well as their likelihood, and define the company’s tolerance for downtime and data loss. The plan should also outline a data restoration and recovery strategy, including service/solution, storage location, and processes, and prioritize what needs to go back online first. A communication plan for both internal and external communications in the event of downtime is essential.
Partner with Pax8 to Stay Secure
October is Cybersecurity Awareness Month, established in 2004 by U.S. government agencies to promote awareness and encourage individuals and organizations to learn how to protect themselves from cybercrime.
The Pax8 Marketplace offers curated security solutions for MSPs, and Pax8 Academy provides MSPs with education, support, and community around cybersecurity topics and solutions. This new Pax8 Cybersecurity Hub for MSPs is a one-stop security experience, featuring vendor trainings, on-demand courses, compliance frameworks, and expert highlights. And hear from Pax8 CTO Scott Chasin, who has spent his career in cybersecurity, as he talks about the current state of cyber threats for businesses today.