HowTo: Level Up MSPs’ Cybersecurity

A recent advisory issued by combined international cybersecurity agencies Five Eyes warned that cyber-attacks against managed service providers (MSP) are increasing. With this trend expected to continue, MSPs need to take strategic action to reduce their risk of falling victim to a cyber intrusion. After all, since MSPs have privileged access to customers’ networks, successful attacks give hackers the green light to hit thousands of customers with ransomware in one blow. 

Only the most robust cybersecurity protection and recovery strategy will keep clients digitally safe and protected. However, despite many MSPs understanding that they need to optimize their cybersecurity protection, many are yet to take actionable steps, leaving them vulnerable to threats. 

Why is Cybersecurity Important for MSPs?

For MSPs, being a guardian of clients’ assets means securely protecting their data. To avoid potentially devastating consequences of a supply-side cyber-attack, educating clients on cybersecurity best practices is key. After all, a breach can incur costly ransoms, financial impacts and legal costs, exposing their entire client base and leaving their reputation in shatters.

Adding to this, since the pandemic-induced widespread distribution of devices and applications in tech ecosystems due to working from anywhere, cybersecurity practices are slacking. An HP study claims that 30% of people working from home ignored cybersecurity best practices. Furthermore, the Government’s Cyber Security Breaches Survey 2022 reports that of the 39% of UK businesses who experienced an attack in the last 12 months, the most common threat vector was phishing emails (83%).  

There are always ways organizations can improve on their digital defenses. Here are five key steps MSPs can take to sharpen up their cybersecurity best practices:

1) Define a Cybersecurity Strategy for Each Client

The first phase should be to assess the current applications and tools the MSP uses. With typically about 45 different tools within an average MSPs tech stack, it’s worth assessing if any have become obsolete, are duplicating a function or need upgrading. A streamlining process can reduce the load for the team to monitor, maintain and manage. Knowing that 92% of organizations would all too easily drop their MSP for one which offers the “right solution” is a threat worth heeding.

2) Know Where Backed up Data is

MSPs can’t afford to overlook data backup – particularly since data is arguably a client’s most important asset. In fact, the entire file directory for the Pixar film Toy Story 2 was nearly lost due to a simple accidental delete and was merely saved by an employee who happened to have a copy – saving hours of work and millions of dollars. A robust data strategy isn’t just backing up – it means keeping a log of where all the data is stored for easy retrieval.

"MSPs can’t afford to overlook data backup – particularly since data is arguably a client’s most important asset"

3) Help Clients Secure Their Network and Devices

MSPs must steer clients towards apps that create strong passwords, backed up with a universal password policy, to ensure their data has a frontline layer of protection. Multi-factor authentication (MFA) is another imperative cybersecurity practice for any sites/accounts, which prevents access to anyone but the account owner. However, Microsoft has found that only 22% of enterprise customers that can implement MFA actually do it. A virtual private network (VPN) is vital to encrypt your internet traffic and conceals yours and your location’s information – particularly useful when working from anywhere. Ensuring clients encrypt their hard drives adds another layer of protection. 

4) Set Up Proactive Monitoring for Potential Cyber-Threats

Knowing the current threat levels and trends is vital. For times like when the Log4j Java logging package vulnerability story broke, MSPs must have tools to offer news alerts. Automated tools used in conjunction with a SOC can perform proactive threat monitoring. Free apps like TweetDeck and Feedly can track selected topics or keywords and even track industry expert commentary.

Furthermore, some dedicated cybersecurity vendor resources provide regular reports on the latest security issues, which are useful for MSPs. Events like IT Nation Secure are ideal for meeting cybersecurity experts face-to-face.

5) Establish an Incident Response Plan for Every Client

With 39% of UK organizations experiencing a successful breach, MSPs must ensure clients have a robust incident response plan to minimize downtime for the organization. This should include immediate post-breach activities, such as the MSP contacting their client’s insurance company and SOC. An isolated backup of everything should be carried out.

A full identification process should include a review, investigation and recording of all the incident details. The MSP should work with their SOC to assess the security perimeter for the incident.

At the containment stage, the MSP should determine the attack vector and contain the breach to prevent further spread or damage. Remediation can now begin – to find and eliminate the root cause of the breach.

Recovery involves restoring and returning affected systems to a production environment. And lastly, the debrief: Working closely with the SOC will determine lessons learned from the breach and implement a security plan that heightens defense against future attacks.

Common Mistakes MSPs Make with Cybersecurity

As MSPs play a critical role in their clients’ cybersecurity health, anything that isn’t communicated or overlooked can have serious consequences. MSPs should be careful not to deploy the same security strategy or tool for a client because it works for another client. Rarely are security situations the same. However, it may not work to be too flexible, as it may not be possible to offer and administer a broad suite of services and best practice approaches for each client.

Often, looking at clients’ challenges rather than the tools they require is the most effective way to win their trust. Talking too technically can lose a client’s interest and investment, so having ready answers to some of their likely questions will share your expertise and reassure them of their needs. Making them feel like you’re a true partner and that decisions are shared will help to build mutual trust.

First Steps to the Best Digital Defense

Having the tools means nothing if MSPs don’t explain cybersecurity policies and practices in plain English to their clients. Regular cybersecurity training sessions are essential to educate employees and clients on best practices. And last but by no means least – a strategic incident response plan that includes the chain of escalation and how to handle client accounts will minimize the impact of a threat, should the worst occur. MSPs that monitor, deploy and respond will be a step ahead of their competitors.

What’s Hot on Infosecurity Magazine?