By Timur Kovalev

Timur Kovalev

By Timur Kovalev, Chief Technology Officer, Untangle

With the continued rise in cybercrime and the devastating impact incidents can have on companies, many businesses are now looking to establish their first security program. For small and medium-sized businesses, this can be an especially intimidating task. SMBs must be vigilant about cybersecurity, even if they don’t have the staff to handle it internally.

Focused on growing revenue, many SMBs outsource their IT and cybersecurity services to managed service providers (MSPs). This outsourcing allows the SMB to focus critical resources on business operations, while the trusted partner can provide required technology services. That, for the most part, has been the usual. However, many MSPs now are offering distinct security services and changing their business offerings to become managed security service providers (MSSPs).

According to a recent study, nearly 90% of SMBs would consider hiring a new MSP if they offered the right cybersecurity solutions, and nearly half would pay at least 20% more for the right security solution from a new MSP. Knowing what SMBs need makes it possible for MSPs and MSSPs to bundle solutions that specifically cater to SMBs. Their budgets can therefore cover their IT needs, while upgrades and automating additional business tasks remains possible without causing as many operational disruptions.

Top SMB Cybersecurity Issues

So, MSPs and MSSPs — are you ready to be the most helpful to the SMB market? Here are the top cybersecurity issues facing SMBs right now and how you can help solve them.

As the workforce grows, the usual limitations of a headquartered office have dissolved. Companies are now recruiting talent regardless of location because connectivity and accessibility options are at an all-time high.

MSPs should offer SMBs a VPN policy for remote users to ensure a secure and encrypted connection for all traffic bi-directionally. This will ensure the same policies and safeguards are enforced, regardless of proximity to the network.

The shift to BYOD has been driven by the ubiquity of consumer electronics and businesses accommodating employee requests to use their personal devices for work. The bottom line for businesses has also improved from BYOD policies, resulting in increased employee productivity and reduction in overhead costs to track and manage company-owned devices.

MSPs should look to offer SMBs a way of separating IoT and BYOD devices from the main corporate network. This will mitigate any issues if a device becomes infected with malware or if a hacker gains access to the device.

For a layered approach to secure network access, be sure to use an antivirus endpoint protection solution that integrates with an already established network security solution, like a next-generation firewall. These “better together” solutions will give you …

… end-to-end visibility from the host to the gateway.

Hackers have become increasingly sophisticated in their targeting methods, and now employ several types of phishing scams (spear phishing, business email compromise (BEC), whaling and clone phishing) to target employees and gain access to business networks.

MSPs should look to help SMBs by conducting/offering mock hacker attempt “tutorials” to continue educating employees on threat vectors and social engineering. Helping SMBs remain up-to-date on the latest threats, hand in hand, is an important part of training and education for all their employees.

Employees usually choose the same password combinations across multiple platforms — especially because password specifications include numbers, symbols, and combinations of lower and uppercase letters can be difficult to remember — to expedite access to several applications at once.

MSPs should educate SMBs about their users’ following the practice of good cybersecurity hygiene by using complex, difficult passwords that are not reused across sites or shared by more than one-person. This involves educating them that users should change their passwords periodically. Two-factor authentication can also be a secondary line of defense for password access. For this, MSPs can offer a password management solution to help.

Staying ahead of cyberthreats may seem daunting, but there are solutions out there that can help SMBs. MSP/MSSPs are a key component for SMBs to stay ahead in cybersecurity. When SMBs choose a managed security solution, they’re hiring a third-party vendor, an MSSP, with expertise in all aspects of cybersecurity to install, manage, audit and assess their network connections. Hiring an MSSP can help companies save money in the long run because of cost savings attributed to finding, hiring and training new cybersecurity personnel. MSSPs also are well-versed in web-based or cloud-based security solutions, easily integrating or extended current corporate network policies in a scalable and efficient way.

Timur Kovalev serves as the CTO at Untangle and is responsible for driving technology innovation and integration of gateway, endpoint and cloud technologies. Timur brings more than 20 years of experience across various technology stacks and applications. He previously ran Client and Threat Intelligence Technology at Webroot, where he led development of desktop and mobile solutions, cloud intelligence services and research automation systems. At previous jobs he developed dynamic network communication architecture for medical devices and software for patient monitoring, imaging and secure medical data delivery solutions. Follow Timur on LinkedIn or @untangle_inc on Twitter.