By Hope McCluskey

Hope McCluskey

Recent ransomware attacks – which have affected nearly every sector, from our critical infrastructure to local governments and private businesses – have forced enterprises and governing agencies to confront how vulnerable we really are against the increasingly sophisticated methods of bad actors.

In the past few years, we’ve seen an exponential increase in these kinds of attacks, and they’re only going to get bigger and more common. Contrary to popular belief, Verizon’s latest Data Breach Investigative Report (DBIR) reveals that a major risk to cyber defenses isn’t malicious outside threats, but in everyday people like you and me, as 85% of all data breaches are caused by (mostly unintentional) employee error. The average employee is a bigger cybersecurity risk to companies than anything or anyone else, with the power to undo many established defenses through a simple click on a link that turns out to be malicious. Rather than quelling the symptoms, it’s vital that enterprises and agencies acknowledge the threat their employees present and address it directly through proper awareness and training.

Cause for Alarm

That’s the easy part. The hard part comes when you realize how many cybersecurity training options are at your disposal. Often companies may hire managed service providers (MSPs)to handle the process of buying services and programs according to their organization’s needs. What we’ve seen is that even though more and more reports emphasize the value of employee cybersecurity training, MSPs aren’t offering such training their clients and companies. It’s a missed opportunity – and at the rate at which security defenses are breached by employees every day, it’s also cause for alarm.

MSPs have a responsibility to provide the right service bundle for their clients. With this in mind, it’s important for an MSP to educate customers on the basic hygiene around protecting themselves and their company. For instance, employees often reuse and share passwords in the workplace and many still don’t recognize a phishing link. This commonplace behavior gives the organization an elevated level of exposure and unnecessary risk.

Protecting the Business

So how can MSPs go about promoting cyber safety? For one, they can bundle cybersecurity training services into their offers. By tailoring the training program to what best fits the client’s budget, workforce size and risk level, MSPs can ensure that the company is not only working at its best capacity, but also that it is protected against any threat to that capacity.

Of course, sometimes companies are less inclined to jump at the idea of additional expenses, and that brings us to our second point. As the source for determining the best bundle to optimize company performance, MSPs can promote the topic of cybersecurity training at client meetings and emphasize the significant financial – and often reputational – loss that can come with a data breach, as well as the cost-benefit of investing in a cybersecurity training program vs. the significant loss that will result from a breach. Having the right security software is important, but an employee can negate much of its benefits by clicking on a bad link. By offering security awareness training, MSPs can protect their clients’ investments.

Thirdly, if clients still aren’t sold on the value of trainings, MSPs can offer phishing simulations. Seeing is believing, and by witnessing how much risk untrained employees pose to the organization and the associated costs, company executives are more likely to appreciate the ROI of a good training program and run with it. Faced with the possibility of stubborn executives, it also helps MSPs to remind their clients of business compliance requirements. Specific regulations and cyber insurance policies may make it necessary for them to adopt training.

A trained employee is key to an efficient, safe and profitable organization. The MSP is key to pulling together the necessary services for a productive, secure and sustainable enterprise. It only makes sense to tie the two together. As companies across various industries begin paying more attention to building their defenses, it’s high time that MSPs start adding cybersecurity training to their tech offerings, as it will not only be helpful but vital to keeping an organization protected from a malicious attack.

Hope McCluskey is director of channel marketing at ESET. She previously was director of client services and marketing manager at Ingram Micro. You may follow her on LinkedIn or @ESET on Twitter.