SMBs and Ransomware: 3 Fundamentals Every MSP Must Address

By Troy Gill, Manager of Security Research, AppRiver

In 2017 alone, more than 1.9 billion data records were lost or stolen, lining attackers’ cyber pocketbooks with billions in bitcoin payments. Ransomware purveyors are not just getting richer — they are also getting smarter and creating more professional operations that mimic legitimate technology businesses.

With headlines mainly focusing on big-company breaches, such as the City of Atlanta or Uber, it’s easy to understand why some small-to-midsize businesses let their guard down, thinking they can fly under the radar. Wrong. It’s a false sense of security, likely pushed along by the fact that SMBs often lack the tools and training needed to recognize, prevent and protect themselves from such attacks. As a trusted adviser, it’s up to you to remind them that they can pay some now, or wait and come up with the money to pay attackers — plus a good public-relations team to help mitigate reputation damage.

MSPs can help their clients stay ahead of the game with prevention and protection, but making that sale might require showing them the financial impacts of an attack. On average, a security breach will cost an SMB $117,000 per incident, says a study by Kaspersky Lab and B2B International. Financial loss is not the only concern, either. Companies also face reputation damage that can quickly outweigh the cost of an actual breach. Consumers might avoid doing business with a company that has had a publicized breached. 

Once you have their attention, help SMB clients improve security and safeguard against attacks with three simple strategies: employee education; a security software suite; and data backup and recovery solutions. Managed security services will be a $40 billion market by 2022, and MSPs are in a prime position to grab a slice of the pie. 

To Err Is Human

It all starts by protecting the front line — their staff. The weakest links at any business are its employees, so education is key. Give people the tools and information they need to make informed decisions about email and web content and how to protect data and systems. Establish email policies in a manner that reduces risk of an attack, while addressing the organization’s specific challenges and goals. MSPs can help identify potential vulnerabilities by determining a baseline of end-user security practices. A good training program includes penetration testing, following up on the results and periodic quizzes to make sure staffers are following policies. An MSP can then tailor training to address areas where improvement is needed. That is not just helping the customer; it is also making the service provider an integral, visible part of the organization’s security team. 

Still, educating employees is just the first step. SMBs must also take action to safeguard their networks against ransomware by deploying a security suite that covers risk factors from multiple types of attacks.

The majority of emails are spam or contain malware and viruses. As a result, MSPs must offer their SMB customers a strong anti-spam service that puts a filter between the internet and their mail servers. Routing email messages through filters, which employ a number of continuously updated, sophisticated detection methods, ensures your customers get only legitimate messages. A security suite can also provide web-surfing protection at the DNS level to ensure each site is safe. Since there are thousands of malicious web pages discovered daily, MSPs must offer protection from malware and objectionable web content. By testing all web addresses against a continuously updated list of malicious websites and blocking them, MSPs can offer their clients up-to-the-minute protection. When a threat to the network is identified, a notification is sent and the attack is blocked.

Finally, MSPs can help clients with a layered security approach by building out data backup and recovery plans. Ransomware can find its way to external backup solutions connected to PCs, so online backups are by far the safest form of recovery from an attack. With an online recovery solution in place, businesses are able roll back to a clean state, before the infection, enabling MSPs to help undo damage. Current solutions take snapshot-based, incremental backups, as frequently as every five minutes, to create a series of recovery points. Since data is restored to a point in time before the ransomware infection, customers can be certain everything is clean, and the malware cannot be triggered again.

MSPs can play a critical role in helping clients stay ahead of the risks and better safeguard their businesses. Through a layered approach, encompassing training, a security software portfolio and recovery solutions, MSPs can help SMBs protect their businesses from threats on multiple fronts.

As manager of security research at AppRiver, Troy Gill analyzes data regarding cyber threat tactics, methodologies or vulnerabilities that present threats to IT operations. Such real-time analysis helps Gill apply immediate improvements to cyber-analytical tools and disseminate incident reports, threat trends and situational analysis. Since joining AppRiver, Gill has been instrumental in protecting customer safety. By monitoring inbound messaging threats and identifying methods for blocking them, Gill helps to keep more than 45,000 corporate customers safe from today’s ever evolving IT threats.