A solid plan can help MSPs and their clients weather an increasing number of advanced cyber attacks.
October is Cybersecurity Awareness Month, and that means it is as good a time as any for MSPs to prepare a cybersecurity checklist and revisit their incident response plans. Unfortunately, cybercriminals have stepped up their attacks over the past several years, both in frequency and complexity. As a result, companies of all sizes (including MSPs) have fallen victim to expensive and devastating attacks.
The U.S. Department of Homeland Security and the National Cyber Security Alliance launched Cybersecurity Awareness Month 18 years ago. The theme for this year is “Do Your Part. #BeCyberSmart,” and it’s meant to empower individuals to take a more active role in protecting their particular corner of cyberspace.
As security-minded MSPs know, the weakest link in any security framework is the end user. Therefore, education, training, and simulations are critical for reducing the impact of cyber attacks, phishing, and ransomware. This is especially true as criminals have turned to more complex attacks that rely on exploiting human psychology.
Because the threat landscape is rapidly evolving, and the frequency and success rate of these attacks is increasing, MSPs must remain vigilant to ensure they are ready when a cyberattack inevitably occurs. To prepare for these attacks, there are several critical steps to take, both internally and with clients. A good cybersecurity preparedness checklist should include:
Create an incident response plan for cyber attacks. While the types of attacks are constantly evolving, companies can set up basic procedures should an attack or a breach occur. The more prepared staff are, the faster they can respond, minimizing damage.
The incident response plan should include a list of key personnel involved in the response and emergency contact information. It should also detail the actions taken when an attack is detected, such as removing affected devices from the network, for example. Finally, the incident response plan should include a process plan for restoring data and operations (e.g., recovery actions, accessing backup files, restoration priorities).
Create a customer communication plan. For an MSP, this can be the most important part of incident response, as an attack on an MSP can potentially do significant damage to client networks and applications. There should be a point person in charge of this communication who can quickly get information from the incident response team, relevant account managers and client contacts. Communication should be rapid, honest, and clear.
Develop thorough IT documentation. It can be challenging to assess the scope of an attack if you do not have adequate documentation of the IT environment. Robust documentation should include detailed information on all systems, applications, and customer information. It should also include guidelines on recovery processes and operations for that client. This can significantly speed the restoration process in the event of an attack.
Regularly test all backups. Backup and recovery are the bedrock of a robust security framework, but MSPs need to ensure these systems will work as expected during an emergency. That means regular testing of both the MSPs backups, as well as each client backup. Backups should be tested to ensure they are current and reliable, and relevant personnel should run through the recovery process a few times per year (like a fire drill).
Update education and training materials. Every month brings a new threat. Therefore, MSPs should regularly update all internal and client-facing education and security training materials to reflect recent developments. In addition, touch base with clients about refresher training for their staff (both veterans and new hires) so knowledge gaps do not create unnecessary vulnerabilities.
Cybersecurity Awareness Month only comes once per year, but a solid cybersecurity checklist can help MSPs maintain client security all year long.
Doris Au is a Product Marketing Manager for Barracuda MSP. In this role, she connects MSPs with IT solutions that helps them deliver multi-layered security services that their SMB customers need.