As an IT managed services provider, you can never take cybersecurity for granted, of course. However, it’s easy to overlook critical steps to ensure your customers are as safe as possible in this era of unprecedented attacks and threats.
With risks on the rise, including as employees increasingly work from home, it’s imperative that MSPs apply a combination of technological protections as well as other best practices to avoid unwanted illicit surprises. Don’t let avoidable pitfalls dash your B2B holiday season or New Year’s hopes and aspirations.
The nine steps summarized below are more than nice to your business, as they ultimately protect your reputation – and your customers’ operations – without excessive cost or unnecessary complexity. Regardless of the time of year, phishing, spam and business email compromise are an ever-present reality: Be prepared!
- Check it Twice: Multi-Factor Authentication (MFA) policies are essential for any service or account containing sensitive information (i.e., ticketing systems, email accounts, payment services, hosting providers, website hosting, etc.).
- Know Who’s Naughty and Nice: Maintain email authentication standards by DNS records such as SPF, DMARC and DKIM to validate and authenticate your outbound emails.
- Eliminate Unhappy Returns: Always use the same domain or subdomain to send all your email communications, so recipients can easily identify messages from you – and not a scammer impersonating to be your (or your customers’) company.
- Keep Them Guessing (and Failing): Protect devices and information by applying strong password guidance and policies that include encryption technology (e.g., BitLocker) in addition to automated critical security updates.
- What Everyone Wants: Protect networks by using anti-virus/anti-malware with sandboxing feature, plus a firewall with optimized policies to filter out inappropriate websites and suspicious/malicious websites.
- Don’t Wait Until It’s Too Late: Business recovery and continuity plans need to be in place internally as well as externally in customer environments; information security policies should govern every aspect of internal and external communications.
- Return to Sender: Since most significant attacks begin with emails (Verizon estimates 90% of malware originates this way, for example), it’s imperative to scan outbound and inbound emails to capture threats or inappropriate content.
- Keep it Hidden: Encrypt and authenticate by using MFA on outbound emails to explicitly identify the recipient (your customer), so no 3rd party can read or see message content.
- Who Wouldn’t Know? Host security awareness trainings to help users remain in tune with steps and actions they should take to identify and prevent common types of attacks; everyone in your company – and customer organizations – should know the do’s and don’ts!
When it comes to holiday wishes, no company or consumer wants to be a victim of scams, phishing schemes, spam, business email compromise or other forms of fraud. Unfortunately, it may not always be clear what to do and not do. Complacency is the last thing you want or need now, especially as wrongdoers troll for opportunity like no other time in history.
Best wishes to you for a cheerful holiday season and New Year. Adhering to the above best practices will undoubtedly help you keep cybersecurity threats where they belong – away from you and your customers. Such tips and preventative measures should always be top of mind for MSPs, regardless of what customers ask for, expect or demand.
If you or any of your customers end up as cybersecurity victims, count on a less-than-jolly impact on other undertakings. Put protection at the top of the list! 
