5 cybersecurity hygiene best practices every MSP should follow
Cybersecurity is not a product but a journey. It requires more than standalone solutions to deliver the basic cybersecurity hygiene businesses need in today’s environment.
What does that mean? One analogy I like to use is home security. You can lock your doors and windows when you are away to stop an opportunistic burglar. Businesses really aren’t much different from your home — you use the security tools you have today to protect your environment to stop an opportunistic bad actor. When that bad actor circumvents those controls, you need to know you have a problem. Visibility is key, and the alarm needs to go off.
Having good cybersecurity hygiene can help your business avoid short-term data loss, business disruption, and long-term damage to brand and reputation. And with cyberattacks on the rise, the need for good cybersecurity hygiene is more urgent than ever.
Global direct financial losses from cybercrime have topped $1 trillion, and overall damages are now above $7 trillion. The most recent Verizon Data Breach Investigation Report (DBIR) indicated that ransomware attacks increased by 13% over the past year. According to the 2021 Internet Crime Complaint Center (IC3) Report, cybercrime complaints in the United States were up 7% over the previous year, and losses have increased from $1.4 billion in 2017 to $6.9 billion in 2021.
Digital transformation initiatives and the move to more web-based applications, cloud-based storage and apps have expanded the attack surface for cybercriminals and increased exposure. As a result, companies need help managing their security postures, which is why MSPs that want to establish long-term relationships and recurring revenue need a holistic approach to cybersecurity.
There are five steps to good cybersecurity hygiene.
- Establish what you want to protect. MSPs need to help clients recognize that they have multiple IT assets and applications that will need strong protection. That includes customer databases, payment systems, ordering systems, CRM tools, web application front ends, mobile devices and even the wireless LAN in the warehouse.
- Build concentric rings of security around your data. make sure you have a defense-in-depth strategy, sometimes called a “cyber kill chain.” If for some reason your endpoint security system or firewall misses something, what do you have in place to pick it up? Lockheed Martin developed the “cyber kill chain” to identify, prepare for, attack, and destroy a target (in this case, a cyberattack). Your security suite should include tools that can scan for vulnerabilities, detect instructions, isolate attackers before they can move through a network, and mitigate damage.
- Visibility is key — enable real-time monitoring. You need to know if you have a problem — that’s why monitoring your environment is basically essential. Detect cyber incidents 24×7 by leveraging a best-of-breed security operations center, which will help keep MSPs ahead of potential threats in their networks and within client networks. This value-added service is essential for preventing ransomware and other types of attacks.
- Reduce your response times. Promptly identifying an attack is one part of the equation. MSPs also need to ensure the right personnel is alerted and that mitigation processes go into action as quickly as possible. Some level of automation in the security solution or monitoring solution can help here, but structuring the notifications and having an action plan is also critical. For an MSP, response time will be one of the most important metrics your clients use to gauge your value when an attack occurs.
- Standardize on accepted frameworks for cybersecurity. Follow established cybersecurity standards, like the NIST Cybersecurity Framework. A framework is not a solution in and of itself, but will provide a way for MSPs and their clients to measure performance against those best practices and continually improve.
With cybercrime on the rise, good housekeeping in the form of cybersecurity hygiene will be necessary for MSPs. That means managed services providers must clean up their own acts while helping guide clients through the process.
This article was originally published in Channel Futures.