December 4, 2019
By Timur Kovalev
By Timur Kovalev, Chief Technology Officer, Untangle
With the continued rise in cybercrime and the devastating impact incidents can have on companies, many businesses are now looking to establish their first security program. For small and medium-sized businesses, this can be an especially intimidating task. SMBs must be vigilant about cybersecurity, even if they don’t have the staff to handle it internally.
Focused on growing revenue, many SMBs outsource their IT and cybersecurity services to managed service providers (MSPs). This outsourcing allows the SMB to focus critical resources on business operations, while the trusted partner can provide required technology services. That, for the most part, has been the usual. However, many MSPs now are offering distinct security services and changing their business offerings to become managed security service providers (MSSPs).
According to a recent study, nearly 90% of SMBs would consider hiring a new MSP if they offered the right cybersecurity solutions, and nearly half would pay at least 20% more for the right security solution from a new MSP. Knowing what SMBs need makes it possible for MSPs and MSSPs to bundle solutions that specifically cater to SMBs. Their budgets can therefore cover their IT needs, while upgrades and automating additional business tasks remains possible without causing as many operational disruptions.
Top SMB Cybersecurity Issues
So, MSPs and MSSPs — are you ready to be the most helpful to the SMB market? Here are the top cybersecurity issues facing SMBs right now and how you can help solve them.
Remote offices: Remote workers and branch offices can be a liability when accessing company data and information without the proper cybersecurity safeguards in place. While these employees still need to access company data and information, sometimes over cloud-based software solutions, the network connections are often unsecured home or public Wi-Fi connections.
As the workforce grows, the usual limitations of a headquartered office have dissolved. Companies are now recruiting talent regardless of location because connectivity and accessibility options are at an all-time high.
MSPs should offer SMBs a VPN policy for remote users to ensure a secure and encrypted connection for all traffic bi-directionally. This will ensure the same policies and safeguards are enforced, regardless of proximity to the network.
BYOD and IoT devices: Bring-your-own-device (BYOD) and Internet of Things (IoT) devices are all looking to connect to the network. IoT devices are built for efficiency and connectivity, without security in mind. Similarly, businesses cannot control what users are doing with their own devices or gain access into the security status of these devices.
The shift to BYOD has been driven by the ubiquity of consumer electronics and businesses accommodating employee requests to use their personal devices for work. The bottom line for businesses has also improved from BYOD policies, resulting in increased employee productivity and reduction in overhead costs to track and manage company-owned devices.
MSPs should look to offer SMBs a way of separating IoT and BYOD devices from the main corporate network. This will mitigate any issues if a device becomes infected with malware or if a hacker gains access to the device.
For a layered approach to secure network access, be sure to use an antivirus endpoint protection solution that integrates with an already established network security solution, like a next-generation firewall. These “better together” solutions will give you …
… end-to-end visibility from the host to the gateway.
Employee education: Employee error is the top cause for breaches, such as data being stolen, viruses rendering business applications unusable, or ransomware putting the company in the moral dilemma of losing thousands of dollars when systems are locked up. Teach employees how to identify suspicious emails, not to open attachments from unknown senders, and to report anything suspicious to the IT team.
Hackers have become increasingly sophisticated in their targeting methods, and now employ several types of phishing scams (spear phishing, business email compromise (BEC), whaling and clone phishing) to target employees and gain access to business networks.
MSPs should look to help SMBs by conducting/offering mock hacker attempt “tutorials” to continue educating employees on threat vectors and social engineering. Helping SMBs remain up-to-date on the latest threats, hand in hand, is an important part of training and education for all their employees.
Passwords: Leaving passwords to their default setting has been the cause of major breaches in the past. Using easily guessable passwords, reusing them across multiple services, or sharing passwords are easy ways to get business accounts hacked.
Employees usually choose the same password combinations across multiple platforms — especially because password specifications include numbers, symbols, and combinations of lower and uppercase letters can be difficult to remember — to expedite access to several applications at once.
MSPs should educate SMBs about their users’ following the practice of good cybersecurity hygiene by using complex, difficult passwords that are not reused across sites or shared by more than one-person. This involves educating them that users should change their passwords periodically. Two-factor authentication can also be a secondary line of defense for password access. For this, MSPs can offer a password management solution to help.
Staying ahead of cyberthreats may seem daunting, but there are solutions out there that can help SMBs. MSP/MSSPs are a key component for SMBs to stay ahead in cybersecurity. When SMBs choose a managed security solution, they’re hiring a third-party vendor, an MSSP, with expertise in all aspects of cybersecurity to install, manage, audit and assess their network connections. Hiring an MSSP can help companies save money in the long run because of cost savings attributed to finding, hiring and training new cybersecurity personnel. MSSPs also are well-versed in web-based or cloud-based security solutions, easily integrating or extended current corporate network policies in a scalable and efficient way.
Timur Kovalev serves as the CTO at Untangle and is responsible for driving technology innovation and integration of gateway, endpoint and cloud technologies. Timur brings more than 20 years of experience across various technology stacks and applications. He previously ran Client and Threat Intelligence Technology at Webroot, where he led development of desktop and mobile solutions, cloud intelligence services and research automation systems. At previous jobs he developed dynamic network communication architecture for medical devices and software for patient monitoring, imaging and secure medical data delivery solutions. Follow Timur on LinkedIn or @untangle_inc on Twitter.
Read more about:MSPs
You May Also Like