What Every MSP Wants Its Clients to Know About Cyber Security

January 31, 2018

IT, executives and every employee must work as a team with a clear strategy and solid communication to stay ahead of cybercrime and avoid becoming the next victim.

Question #1 – What responsibility and knowledge does every client need to know today with cybersecurity?

One of the most important things we need to realize in today’s always-connected world is that, historically and traditionally, cybersecurity was the responsibility of the IT department. This included cyber incidents, data breaches or even security questions, which got deferred to IT for the answers. Now, with today’s big data breaches and very costly cyberattacks, the responsibility of cybersecurity has become more discussed and visible at the executive level in the boardroom. Cybersecurity has become an important boardroom discussion and priority; however, failure to translate cyber risk into business risk has left many businesses clueless on what to do.

The issues and challenges associated with cybersecurity — the measures taken to protect computer systems against unauthorized access or attack — come up almost daily in our work and home lives these days. Media headlines highlight the latest breaches of confidential information, exposing millions of personal information records. Executives lose their jobs because of these incidents. Companies sometimes see a sudden drop in their stock market value. Others must pay a “ransom” to get their hijacked information back. Smaller organizations may even find that their very existence as a business may be threatened.

Despite billions of dollars spent each year on sophisticated technology to help protect critical information assets, hackers and malicious insiders continue to steal information with seeming impunity. The vast majority of breaches in cybersecurity are the result of human errors or actions that often occur without people even being aware of what they have done.

Technology alone can’t protect your identity or sensitive information. Hackers and other threat actors target humans, seeking ways to trick them into giving up vital information unknowingly. They do this because it’s the easiest way to get at valuable data in a process known as social engineering. So, it’s not surprising that exploited humans are the weakest link in the cybersecurity chain and yet the best hope for preventing a cybersecurity disaster. We need to have both people and technology work better together so that technology is helping to identity when suspicious activity is occurring and what the risks are.

In our always-connected world, where the private information of individuals and organizations is vulnerable to exposure and misuse, cybersecurity is everyone’s responsibility. Hackers or malicious threat actors who steal proprietary information don’t care about age, gender, race, culture, beliefs, or nationality. They probe your digital footprint and your Internet-connected computers based on opportunity, often seeking financial gain.

It is vital that we work together. IT, executives and every employee must work as a team with a clear strategy and solid communication to stay ahead of cybercrime and avoid becoming the next victim.

Question #2 – We hear almost all breaches are caused by humans, why?

People are the number-one target and cause of cybersecurity failures because most of them are trusting individuals who want to help or contribute as part of human nature and their jobs. Hackers and malicious insiders take advantage of that trust by appearing to make legitimate business requests from bosses or sharing social items of a more personalized nature. They’re counting on people’s curiosity and willingness to cooperate to get them to “click on the link” in a business or personal email.

One single click on a malicious link, however, can download malware onto your computer that can immediately lock up data in a “ransomware” attack, and oftentimes, you have to send money to regain access. Or, the downloaded malware can, unknowingly to the user, begin instantly collecting information aimed at gaining credentials and passwords for exploiting later. While many of these actions by humans are accidental or not intended to be harmful, the result can cause considerable damage to themselves, their family, their co-workers, their company, and their community. Because of humans’ trusting nature, hackers will continue to exploit this weakness.

Question #3 – What can clients do differently or change to be better at cybersecurity?

The next time you’re about to go online — whether at work or home — stop, think, and then connect. Remember that you are both the target of cybercriminals and the strongest line of defense against cyber threats to your employer, your loved ones, friends, and yourself. Clients need to take a balanced approach to reducing the threats from cyberattacks by balancing both people and technology. The following are 8 tips on what clients can do to become a more effective and efficient organization at preventing and reducing cyberattacks.

1. Educate on the fundamentals of cyber security.

2. Backup Important and sensitive data.

3. Take a people-centric approach to cyber security and prioritize ease of use and less complexity.

4. Use a password manager to help protect accounts and make passwords security stronger.

5. Enable two-factor authentication for emails and all sensitive accounts.

6. Enable encryption to protect your credentials and privacy.

7. Run antivirus scans and Install software updates.

8. Think before you click.

Joseph Carson, Chief Security Scientist, has more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security and virtualization, access controls, and privileged account management.