Cybercrimes are reaching all-time highs, with many organizations being hit with at least one of the 230,000 attacks that occurred in 2017. As a Managed Service Provider, it’s our job to make security a priory for clients in 2018. By following 3 simple best-practices, we use to begin protecting NetCentral Partners. Built to enhance MSP security, mitigate client risk, and grow your revenue.
Effective anti-virus is essential to keeping your business protected, but it’s simply not enough. With increased risks and social engineering, many have found the need for user education as a major objective for 2019. By educating end-users through security awareness training can reduce the cost of infection or data breaches. These tactics have evolved, and are beginning to target businesses through social engineering, and the favorite method for delivering an attack.
Common Social Engineering Includes:
- Typically, an email from a trusted friend, contact, or colleague, whose account has been compromised. The message will usually have a URL link to open or download, and invoice or website.
- Phishing emails, comments, or text messages luring readers to confirm the legitimacy of your accounts. These are usually fake email vendor emails that have been spoofed or recreated by these criminals.
- Fraudsters are more common in major business cities like San Francisco, Oakland, San Jose, California. These criminals leave USB or zip-drives around the company’s premises, in hopes a curious employee takes it. Hoping a curious employee will insert the temporary storage it into a computer providing access to company and personal data that is saved on your systems.
These attacks are usually devised through relevant and timely education can minimize your exposure to breaches caused by user error. By training our partners and clients on social engineering, and other tactics including ransomware, email passwords or data protection, you assist in fostering the behavior with which you wish to see across your organization.
Backup & Disaster Recovery Plans
Your IT support team should always stress the importance of backups and creating a disaster recovery plan, with regular testing of each asset. If hit with ransomware, without a secure backup, businesses face the intended ultimatum. To pay the ransom and risk the money or lose countless amounts of company data.
We’ve continued to offer our clients options to fit their network, with automated cloud-based backups and physical appliances for any company’s data retention policies to avoid encryption. With access to data anywhere at any time, the best form of proactive support comes with the industry knowledge gained from building business continuity plans.
Things to Consider:
- Who declares the disaster?
- How are employees informed?
- How will you communicate with customers?
The secret to building the perfect disaster recovery plan for your business comes after the plan is implemented. The most common failure point for many businesses before NetCentral support is a failure to test a backup solution. Then a small-scale disaster or accident occurs, and your business can’t restore its data. Imagine the loss of business financials, intellectual property, client data. Insurance won’t pay you for lost information, and your disaster recovery plan is the only thing between business risk and your employees. Once a plan has been implemented and adopted by the staff, it’s important to develop your process.
Patch Management continues to be one of the largest areas of vulnerability for businesses with more than 2 “production” servers. Most updates are security related and should be updated as needed. Outdated technology, including an operating system (OS) or Java, are common exploits in several of this year's largest cyberattacks. By staying atop of operating system updates, you prevent your business from learning a “very costly lesson.” A great example, of this, was back in 2017, with Windows 10. Win10 initially only marked 15% of malware files, while Windows 7 machines saw over 63% according to Webroot’s 2018 Threat Report.
Your patching process should feel like “a never-ending cycle,” of auditing existing systems to generate a complete inventory of all your production systems, their standardization, and operating systems and applications. By building these standards with a trusted IT support team, your patching process will become easier. Through the classification of vulnerabilities, higher priorities can be remedied, while lower vulnerabilities begin to be automated, never disrupting your workday again.
By following these best practices, your business can begin thinking like an MSP. This will ensure the safety of your business, but also securing customer data. Business owners looking to scale operations should be looking to align business objectives, with an MSP that focuses on your IT experience, if you're in need of IT Support and Services, we can help! Contact us, to begin talking about your IT stance.