We’re in This Together: Cybersecurity Tips to Keep You and Your Clients Safe

No doubt, the COVID-19 pandemic has us all in a state of bewilderment as nobody really predicted that in 2020 we would all be dealing with such a problem. Yet, here we are adapting to it. As an MSP, you are the first responder to business IT survival, and have surely been working tirelessly over the last few weeks to keep businesses online and functional. During this disorienting time, hackers and malicious actors have cut us no slack and are actively preying upon SMBs, hoping to catch them vulnerable for attack and/or exploitation. Both the U.S. Dept. Homeland Security CISA Division and the U.K. National Cybersecurity Centre are reporting elevated levels of cybercrime during the pandemic. At Sophos, our experts have also seen a substantial rise in COVID related domain registrations, some of which aim to prey on unsuspecting users looking for information.

As you prepare your clients’ remote work strategy, it is vital that you reinforce the importance of cybersecurity and provide services and cybersecurity tips that offer the utmost protection. From an unsecured VPN to a COVID-19-inspired phishing email, the threats are real and the war is on.

The following list of cybersecurity tips from Sophos experts combined with Sophos Central, the unified console for managing your next-gen cloud based solution, will help you to easily manage and secure both your clients and your MSP business. We are here to support you during these crucial times, so please contact us if you should have any questions with Sophos products/solutions.

1. Protect client services and data with multi-factor authentication (MFA) by any means possible.

While Sophos highlights the benefits of having a strong password, we also highly recommend pairing strong passwords with MFA. This ensures that only authorized users and administrators are able to gain access to mission-critical accounts, computers and other sensitive resources, even in the event where an attacker gains access to a password.

2. Ensure endpoints and systems are fully protected.

When providing cybersecurity tips, be sure to stress the importance of ensuring that all client devices, operating systems and software applications are protected with next-gen cybersecurity solutions.  Also make sure that the devices are updated with the latest patches.

3. Secure your RDP.

Make sure the RDP solutions you are using to remotely connect to machines use 2FA authentication. An open port with RDP leaves you and your clients absolutely vulnerable to cyberattack. A recent Sophos test to gauge the vulnerability of open RDP revealed how easy it is for hackers to gain access. If you use open RDP you will be a target!

4. Revisit end user training schedules.

Cybercriminals are looking to exploit the inexperience of traditional office workers who are now working remotely. When it comes to cybersecurity tips, the importance of having security-aware users cannot be understated, especially as workers find themselves more distracted by news reports and daily life that is now askew. Regular training will better condition your clients’ end users to avoid phishing emails and other attempts for malicious actors to gain access.

5. VPN or bust! Create a secure connection back to the office.

Top of mind for every MSP setting up remote work for clients should be a secure VPN. Using a Virtual Private Network (VPN) ensures that all the data transferred between the home user and the office network is encrypted and protected in transit. Check out this community post for details on setting up a secure VPN with Sophos XG Firewall.

6. Scan and secure email.

Home working will likely lead to a big increase in email as people can no longer speak to colleagues in person. As stated previously, cybercriminals are wise to this and are already using COVID-19-inspired phishing emails as a way to entice users to click on malicious links. Ensure your clients’ email protection is up-to-date, and raise awareness of