Email systems have become a primary source of phishing, malware, and ransomware attacks.
Convincing customers to invest in extra layers of email security can be challenging, but it's well worth it for MSPs to try. After all, they’re the ones who will have to clean up the mess if there is a breach.
For MSPs, the first step in selling customers secure email services is to convince them of the scope of the problem. Small and medium-sized businesses (SMBs) are often victims of cyberattacks, even though many SMBs feel they are not high profile enough to be targets. The Ponemon Institute notes that 55 percent of SMBs were victims of cyberattacks in 2016.
'MSPs are increasingly concerned about customers using basic email protection included with Windows and Office 365 — and with good reason. ' ~@bbabineauClick To Tweet
In the majority of those cases, attackers gained entry via the email system. In fact, 74 percent of all cyberattacks originate with an email containing a malicious link or attachment, according to a SANS Institute study.
Most customers should be receptive to at least discussing a higher level of email security. A Barracuda global study comprised solely of participants responsible for email security at their company found that 98 percent of respondents said they would benefit from additional e-mail security capabilities. Just 77 percent of respondents reported training their employees to improve email security, even though 100 percent said they think that training is essential.
How MSP Can Bolster Email Security Awareness
The challenge with many SMB customers is that they tend to be highly price sensitive — especially if they haven’t yet experienced an email-borne attack or breach. One way for MSPs to get the conversation started around email security and help customers see the value of investing in comprehensive security solutions is by conducting an email threat scan.
MSPs can leverage Barracuda’s a free, cloud-based Office 365 Email Threat Scanner, which examines customers’ Office 365 mailboxes using advanced threat protection techniques including a full system emulated sandbox to remote detonate suspect files and observe their intended behavior. In addition to uncovering advanced threats and spear phishing attacks residing on a customer’s Exchange Online account, the scanner provides a comprehensive report of the customers’ risk profile, along with personalized recommendations for protecting them against advanced threats, phishing attacks, and other malicious email-borne threats, which MSPs can use to communicate the severity of the threat.
Once a customer begins to realize how vulnerable they are, you can educate them about several products and services that can help them move beyond basic security to create layers of protection and reduce email-based attacks.
To get started, MSPs can offer threat intelligence and detection capabilities that will stay up to date on new phishing and malware threats and help spot potential threats as soon as they arrive on the email server. Barracuda’s Advanced Threat Protection (ATP), for example, uses sandboxing to protect against zero-day exploits and targeted attacks.
Additional Ways for MSPs to Protect Customer Emails
Barracuda Sentinel helps MSPs add additional layers of email security for their customers by using artificial intelligence to guard against spear phishing attacks, impersonation attempts, and other types of cyberattacks. It also supports the DMARC (domain-based message authentication, reporting, and conformance) protocol to protect users from domain spoofing and brand hijacking.
MSPs should also provide ongoing employee training on how to spot phishing emails and avoid inadvertently revealing personal or company information. One approach MSPs can take is to periodically send simulated phishing emails to test employees. By analyzing click-through rates on those tests, MSPs can refine training and target problem users or departments.'Customers that rely on the minimal email protection included with Windows licenses and Office 365 subscriptions (i.e., basic spam filtering) are only giving themselves a false sense of security against today’s sophisticated cyberattacks. '~@bbabineauClick To Tweet
MSPs should consider bundling some of these capabilities with their standard email offering. This not only shifts the cost conversation toward the total value of the solution, but it also helps the MSP ensure there are fewer successful phishing attempts on their customers.
Customers that rely on the minimal email protection included with Windows licenses and Office 365 subscriptions (i.e., basic spam filtering) are only giving themselves a false sense of security against today’s sophisticated cyberattacks. Educating them about ongoing threats and the cost of a breach will help sell them on advanced email security and save both the MSP and the customer a lot of grief, aggravation, and money down the road.