An uncertain world can become a hotbed of cybercriminal activity. In situations like our current climate, users let their guards down and technicians have less control over customer environments as people work from home. The guardrails normally reducing companies’ cyber-risks start to disappear.
In a previous post, we spoke about the challenges of the current environment and emphasized that practicing sound cyberhygiene has to remain paramount to keep your customers safe. We also gave five tips for helping prevent and deal with cyberthreats through sound foundational security practices. If you want to catch up, you can read the post here.
Today, we’ll cover another five tips for reducing your cyber-risk. If you want to keep your customers safe, make sure to continue practicing these tactics (or start implementing them if you don’t already).
1. Monitor for suspicious activity
You can take a lot of steps to prevent cyberattacks, from patching to firewalls to email protection. These preventive steps still need to be put in place, but prevention isn’t enough to protect your customers. You can’t just “set and forget” security—you need to actively monitor for threats and remain vigilant. This could mean monitoring network traffic for potential intrusions, using endpoint detection and response (EDR) tools to monitor for anomalous endpoint behavior, or watching for failed login attempts to prevent account takeovers. Ultimately, if you want to improve your customers’ security postures you need to put active monitoring in place.
2. Have a backup
It’s impossible to predict everything that can happen in an IT environment. Problems can occur at any time—from someone deleting critical data to natural disasters affecting either business continuity or affecting a data center. That’s why it’s absolutely critical to back up data so you’re prepared for the unpreparable.
With ransomware threats in particular, backup is one of the main lines of defense. Yet, many ransomware attacks will first seek to delete local backups. So it’s important to have a good cloud-based backup in the event you have to restore critical data on someone’s machine. This is even more important as more workers continue operating out of home offices. Make sure to set up your backup solution to automate backups to run on a set schedule. Beyond this, make sure to periodically test your backups’ recoverability—the last thing you want is to be in a recovery scenario and find out your backups have an issue.
3. Prevent attacks from spreading
Another important point to remember is that many of today’s attacks grow worse due to the increasing interconnectedness of modern IT environments. If ransomware lands on one machine, your goal should be to prevent it from spreading across a corporate network. This can keep a small problem from snowballing into a catastrophic one.
To tackle this issue, make sure to reduce any unnecessary connections. Try to isolate the most sensitive devices or resources from the rest of the network. And make sure team members and end users know not to share credentials. This is particularly critical as cybercriminals target MSPs in their attacks. One account compromise could give the criminals access to multiple businesses’ sensitive data. Try getting a good password manager to help enforce strong password hygiene among your own team.
Cybercriminals shift their tactics regularly. Ransomware victims now have to worry both about getting their data encrypted and potentially having that data exposed on public websites. Criminals have also changed their targets for ransomware attacks toward smaller governments, often taking those victims offline for days. More recently, criminals have sought to launch attacks by using fear around COVID-19 as a hook in phishing campaigns and scams. And malicious actors have increasingly come to rely on methods to circumvent antivirus by using malware obfuscation techniques or fileless attacks, making endpoint detection and response tools more important.
The point here is that you want to continue educating yourself and your customers on the latest threats. Knowing the trends in cybersecurity can help you best focus your resources on threats and stay ahead of the cybercriminals. Make sure to educate your users during this time via security training and reminders as well. This gives you the opportunity to not only help them prevent attacks, but also gives you a chance to remind customers of the value you provide.
5. Stay vigilant against spam
The previous section mentioned cybercriminals using news around COVID-19 to try to scam users. This simply underscores the importance of email security. Since many attacks begin via email, it makes sense to put in place safeguards against email-borne threats.
For starters, it helps to add an email security gateway to bolster the native security in customers’ native email solutions. For example, SolarWinds® Mail Assure uses collective intelligence from its user base combined with threat intelligence to help take email security to a new level. Additionally, use your user training opportunities to teach customers how to recognize and avoid spam and email phishing. With so many employees working remotely, email security should be thought of as the first line of defense against common threats.
Unfortunately, during times of confusion and uncertainty cybercrime can often increase. Despite this, there are still plenty of steps you can take to help keep your customers secure. So stay strong—your customers need you now more than ever.
In this piece, we spoke about the importance of password security. This is particularly important for MSPs. If criminals can get the password to a technician’s account, they can often breach multiple customers. SolarWinds Passportal + Documentation Manager is a cloud-based password management system designed to help you maintain password best practices across your MSP team. Learn more about how it can help you today.