Chris Swagler | September 13th, 2022

Managed service providers (MSPs) want to provide their clients with the best services, including maintaining their data security and updating their systems. Having complete command of information security fundamentals is the first step in communicating between MSPs and their clients’ teams. Companies have prioritized cybersecurity, however, factors like increasing remote work are speeding up the growth of cyber threats. Our threat intelligence indicates 30% of people working from home disregard cybersecurity best practices. According to 67% of IT leaders, they receive complaints about the restrictive security policies on a weekly basis. An increase in incidents was caused by careless approaches to security.

More than 80% of reported security incidents involved phishing attacks with Google registering a total of 2,145,013 phishing websites in January of 2021. The United States Treasury reported that it had connected $5.2 billion in Bitcoin transactions to ransomware payments. When it comes to ensuring that clients adhere to cybersecurity best practices, MSPs play a crucial role. Cyberattacks not only pose a risk to clients’ financial and legal standing, but also to their immediate security. MSPs handle their clients’ website infrastructure and general tech support. However, are MSPs providing the best services if their companies are not applying the cybersecurity fundamentals? Here are some fundamentals to consider.

Cybersecurity Strategy for Each MSP Client

MSPs use on average 45 different tools as a part of their tech stack. Each of the tools may appear to play a crucial role on paper, however, they may not work in practice. Is it possible for the MSPs’ teams to effectively monitor, maintain, and master all the tools at the same time? MSPs need to examine all the tools they employ and analyze how each one benefits their clients to prevent bloat.

To better understand clients’ needs from the outset, numerous companies include cybersecurity assessments in their pre-sales toolkit. The primary objective is to use the appropriate tools with the appropriate clients and without any extraneous additions. MSPs need to anticipate their clients’ needs because 92% of companies have stated that they would use a new IT service provider if they offered the “right solution.”

Know Where Backed Up Data Is Stored

MSP clients have important data, projects, and assets that if lost, can have serious consequences. It’s important for MSPs to not only back up their data but maintain logs of where all the data is stored so that MSPs have backups in case anything happens.

Keep Clients’ Networks and Devices Protected

Having strong passwords is an essential security practice. Google reports that 52% of American adults use the same passwords across multiple websites. There are numerous apps and websites which allow users to create and remember complex passwords. Multi-factor authentication needs to be used on all clients’ websites and accounts as another cybersecurity practice. They will be informed if anyone other than the account owner attempts to log in. Suggest clients use a Virtual Private Network (VPN) and a firewall. VPNs are important because they encrypt clients’ internet traffic and can be used to conceal their identity and location. Employees working remotely often have insecure networks and therefore, a VPN is extremely useful for them. Ensuring MSPs’ clients encrypt all hard drives to protect clients from breaches is another area of concern. The Identity Theft Research Center estimates that there were 17% more data breaches in 2021 than in 2020. Encryption can help MSPs protect client data.

Monitoring Potential Cyberthreats

When the news come out about the vulnerability in the Log4j Java logging package, it became a huge story across the information and cybersecurity industries. There will likely be more news stories as threats continue to evolve, along with lessons that MSPs and end users can apply. The good news is that keeping up with industry news is easy for MSPs due to the numerous tools that are available. MSPs have an automated approach to dealing with any threats when tools can do monitoring for their team. One tool is called “TweetDeck”, which allows MSPs to create organized feeds to track any keyword/subject you want. Additionally, MSPs can configure theirs to not only notify them of newly discovered threats but track what experts are saying about the threats. Another tool called “Feedly”, like TweetDeck can be configured to track certain keywords. MSPs will receive articles, blogs, and other long-form written content instead of tweets. Even though these resources are a good place to start for receiving regular updates on cybersecurity threats and trends, numerous MSPs need more specialized knowledge to serve their clients.

Have an Incident Response Plan for Each Client

Having an incident response plan can provide details on how clients will respond to threats. Breaches and incidents will occur regardless of MSPs having all security measures employed. A proper incident response plan is important because how quickly problems are identified, isolated, and informing the proper stakeholders usually determines how much harm they create. The essential elements are:

  1. Post-Breach Activities – MSPs need to contact their clients’ insurance companies to assist with any activities needed for their clients to file a claim. MSPs teams need to immediately contact their SOC while conducting an isolated backup of everything, including infected or encrypted computers.
  2. Identification – Review, investigate, and record all details about the incident thoroughly.
  3. Preparation – Use the information from the preparation phase to assess the security perimeter for the incident together with a cybersecurity company’s SOC.
  4. Containment – Identify the attack vector used and neutralized any active threats while preventing the breach from spreading and causing more harm.
  5. Remediation – Go through all isolated machines to identify and remove the breach’s primary source.
  6. Recovery – MSPs need to restore and return affected systems to production environments once all previous steps have been completed. After everything has been restored, but before users are permitted back into the networks, MSPs need to run a new backup operation.
  7. Debrief – MSPs need to determine the lessons learned from the breaches and how to communicate them to the clients by working with a cybersecurity company’s SOC. MSPs need to thoroughly debrief their clients to put a security plan in place to defend against future attacks.

With the security landscape always changing, it’s important for MSPs to utilize the basic insights mentioned above to assist their clients. When MSPs need to help their clients build their security stack to tackle all threats, SpearTip helps MSPs in defending their clients’ data networks and move beyond the basics. At SpearTip, our pre-breach risk services allow MSPs to upsell their security offerings into their current catalog. SpearTip’s ShadowSpear Platform, an integrable managed detection and response solution, allows MSPs to focus on their clients’ core IT objectives while providing industry-leading protection against malicious threats. By partnering with SpearTip, MSPs receive a turnkey SOC, and a team of certified engineers dedicated to their accounts on a 24x7x365 basis

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.