As an managed service provider (MSP), you must remain vigilant to protect yourself and customers, as well as be prepared to respond to a cyberattack when it occurs. We have prepared the following cybersecurity checklist that can help you be prepared for any cyber incident event.
Note: If you are looking for latest threat advisories, we recommend subscribing to CybersecurityThreat Advisories.
- Develop a cyber incident response plan: a cybersecurity incident response plan prepares you for the inevitable and equips your team to respond before, during, and after an incident. The plan should consist of:
- Emergency contact information of required personnel, including the IT team, as well as executives who needs to be involved
- Actions required when an attack is first detected such as isolating the infected devices, removing all connection to the network, and so forth to reduce the damage of the attack.
- Recovery actions such as the sequence of which parts of the network need to be restored first, identifying a clean version of the backup, and many more. This will ensure that you will have a consistent recovery plan across all your customers’ environments and reduce the amount of time and effort it takes when a cyberattack strikes.
- Be meticulous with documentation: a well-documented IT environment enables MSPs to operate efficiently and effectively, but it doesn’t end there. Written documentation can also help in recovering all key business information in the case of a disaster such as a cyberattack. Strong documentation includes all your customers’ information with detailed guidelines for specific operations and recovery processes that should be followed in the event of a disaster. This will prevent the MSP from reinventing the wheel if a disaster strikes when restoring their customers’ environments.
- Develop a customer communication plan: MSP should communicate with their customers during a cyber incidence. The communication plan should include who they need to communicate with and the questions they need to answer. In addition, it should include contact details of your incidence team, who has message approval rights, who the message needs to go to, and the communication channel(s) to deliver the messages.
- Test your customers’ backup: a reliable backup is a key to a successful and speedy recovery. It is important to regularly test your customers’ backups to ensure that the latest data is available. It is also important to have a backup solution that offers features such as immutable storage. An immutable backup or storage means that your data is fixed, unchangeable and can never be deleted. Further, having an air gap, or the absence of a direct or indirect connection between a computer and the internet, is also key to protecting data.
Avoid ransomware with these steps
In addition to the cybersecurity checklist, Mark also recommends that there are many preventive security measures MSPs should take now to ensure their customers and themselves are protected from the heightened cyberthreat landscape. These measures include:
- Proactive security updates. Ensures clients and their own systems are up to date with security patches to eliminate security vulnerabilities.
- Turn on multifactor authentication. Can prevent unauthorized access from cybercriminals to businesses’ resources.
- Audit access control. Frequently auditing access to businesses’ systems to remove inactive users or users who are no longer with the company can minimize cybersecurity risks.
- Deploy security solutions across all attack surfaces. This includes email, network, web applications, web, and antivirus for all devices and users in an organization.
- Consider upgrading VPNs to Zero Trust Network Access (ZTNA). Zero-trust technology not only provide access control to company’s resources, but it verifies the security posture of the device prior to granting access so that unsecured devices are blocked from sensitive applications or data.
- Educate end-users with security awareness training acts as the last line of defense. Educated users will not click on malicious websites or links but will instead report suspicious links to IT to ensure the threats are removed from the system to prevent damage.
The cyberthreat landscape is constantly evolving and despite the preventive measures being used by companies, it’s inevitable that a security incident will occur. It is best to be prepared and to recover quickly when it does occur.
Barracuda MSP has been helping MSPs for 20 years with remote monitoring and management, security, and data protection solutions. To learn more, please visit our website at www.barracudamsp.com.
Photo: Andrey_Popov / Shutterstock
This post originally appeared on Smarter MSP.