Every day, the headlines fill your customers with fear. Companies shut down by ransomware. Hackers breaching defenses and stealing sensitive data. Reputational attacks against businesses. It’s overwhelming, massively stressful, and driving business leaders to ask what they need to do to reduce their risk.
What can an MSP do today to bring peace of mind?
Firewall, anti-virus and spam filtering aren’t enough. They’re the basics. Every MSP should be developing a more thorough security offering that offers layered protection and appropriate security controls for each customer.
This approach must be proactive to start building trust in your clients’ investment and your ability to keep them safe. Simply adding tools is not enough, security should become part of your regular conversations with clients.
Here are 5 easy ways to bolster your security practice:
Cisco Umbrella (OpenDNS)
Cisco Umbrella provides content filtering and malware blocking. By intelligently blocking infected websites, they reduce the risk of malware entering your network. Should something like ransomware breach your defenses, it blocks access to the command and control nodes, neutralizing it until your anti-virus product can remove it.
Cisco Umbrella is designed for managed service providers, with a great management interface, simple deployment scripts and more.
External Vulnerability Scanning
External vulnerability scanning is like making sure your doors and windows are locked when you leave your home. Scanning tools check your perimeter defenses for known vulnerabilities and provide a simple report for your team to remediate. Standards like CIS, PCI-DSS, ISO 27001 and SOC require or recommend at least quarterly vulnerability scans.
Security Awareness Training
Despite what the news says, most security breaches don’t come from complex technical hacks. Attacks are directed at the weakest link – people. Educating users on attacks and security is key to reducing the risk.
Security training doesn’t have to be exhaustive and boring – it should be tailored to the audience and provided broken up into small, manageable chunks. Companies like Ninjio and Simple Security (coming soon) offer great, bite-sized programs.
Website Vulnerability Scanning
Websites are the welcome mats for most businesses. It’s the first thing a prospective client sees. What happens if it’s been hijacked? I had a prospective client last year whose website was launching porn ads in the background. They were totally embarrassed and concerned about how many clients had seen it.
For most MSPs, the idea of managing and updating a client website is well out of scope, but why not be a guardian of your client’s online reputation and proactively let them know of issues?
There are many services that offer website vulnerability checks or provide website firewall and malware blocking.
Regular Mini Security Assessments
Nobody likes the word audit, so let’s use the term assessment. Assessments are essential to being sure the right settings and security controls are in place. When I do security assessments and audits, it’s a thorough process. There’s several elements of that assessment that should be done regularly:
- Inactive account check – disable any user inactive after 90 days
- Administrative account check – ensure only the correct administrative accounts are in place
- Remote access check – ensure that only the correct people have remote access
- Firewall rule review – use a tool like Nipper to review firewall rules
Many frameworks require that these processes are completed quarterly, except for firewall reviews, which are done semi-annually.
Don’t wait. Start today
For years, real security services have only been available to enterprises and through specialty service providers. The explosive growth of cyber-attacks made a solid security foundation a necessity for all business, and high quality security tools are enabling MSPs to create that foundation.
Don’t wait. Your clients deserve the peace of mind that their security needs are looked after.
|Mike Knapp is an IT Project Superhero and Cyber-Security Simplifier with the goals of helping business be more successful and reducing the risk of cyber-attacks. He is a partner with Incrementa Consulting and the founder of Simple Security.