Solution providers are judged by the value they bring to their customers. In that sense, the ransomware epidemic provides an opportunity for partners to step firmly into the trusted advisor role and bring a comprehensive, holistic, multi-vendor protection strategy to bear. In-depth knowledge of a client’s business, assets, systems and workflow put the solution provider in a uniquely advantageous position to evangelize the merits of prudent security and deliver peace of mind.
Defending client organizations from ransomware can be challenging. But with the right mix of point solutions, fundamental controls, and a strong, disciplined data backup strategy, today’s solution providers can position their clients to be strongly resistant to—and eminently capable of recovering from—this burgeoning scourge.
Providing ransomware protection and services follows a common set of five steps. They include:
Step 1: Raise Customer Awareness
While reports of ransomware are widespread, SMBs, in particular, are unaware of the threat posed by this malware. Many SMBs incorrectly believe they’re not at risk of ransomware, thinking enterprises are juicier targets. You need to provide SMBs with the facts about ransomware—that it takes only one click on an e-mail attachment to lose their data and halt their operations. While nearly two-thirds of SMB IT professionals have suffered a serious data loss in their careers, only one-third back up their data on a daily basis. Moreover, SMBs are highly susceptible to security disruptions.
Step 2: Assess Customer Security Posture
Bulletproof security is a practical impossibility. Within the realm of possibility is crafting a security architecture that minimizes risk exposure resulting in ransomware breaches. As a solution provider, you should take the opportunity to review the security precautions employed by customers. This means reviewing their operational posture, the security technologies employed, and the policies and procedures practiced to safeguard data and respond to incidents.
Step 3: Close Gaps
Based on the security assessment, work to plug the holes in the customer’s infrastructure. Provide the security products and services needed to deliver an adequate level of protection against the most common threats and risks. A synergistic security strategy employs layers of security technologies to form overlapping levels of protection. Through this “defense-in-depth” and interlocking strategy, your customers will have a better chance of deflecting, detecting and responding to ransomware attacks than if they had porous infrastructures.
Step 4: Establish Policy and Procedures
Security technology is only a part of the protection strategy. Your professional services should include helping customers develop security policies and procedures. Security policies set operational and performance expectations and standards, as well as provide the means for reviewing security effectiveness. Within the security policy should be procedures for performing security checks, maintaining security readiness, implementing training schedules and putting in place incident response measures.
Step 5: Monitor and Support
Threats are constantly changing. SMBs don’t have the resources to manage their security infrastructures effectively and consistently. Through security monitoring and management services, you can help customers remain up-to-date on their security policies, technology configurations and incident responses. Even if you don’t offer managed services, you can periodically review customers’ security posture as a professional service to help ensure they have adequate data protection.
Keep in mind that Carbonite endpoint and server backup services are an essential element of a ransomware protection strategy for SMBs. Through consistent, persistent, and reliable cloud-based backup, Carbonite ensures SMBs will have access to mission-critical data that remains uncorrupted should there be a ransomware attack.
Jessica Couto is Vice President of U.S. Channel Sales & Marketing at Carbonite, a provider of cloud and hybrid backup and disaster recovery solutions for small and midsize businesses.
Guest blogs such as this one are published monthly and are part of The VAR Guy's annual platinum sponsorship.