Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


June 7, 2024 | Chris Crellin

The Human Firewall: How MSPs Can Train Employees to be the 1st Line of Defense

AI-powered attacks target unsuspecting employees, so it’s vital to ensure employees are trained in cybersecurity awareness and threat response.

As cybercriminals step up their attacks, aided by AI and other technologies, it’s critical for MSPs and their clients to reinforce cybersecurity awareness efforts among their employees.

According to the World Economic Forum, 95% of data breaches can be traced to human error. Security awareness and training can help stop many types of attacks, which rely on social engineering and manipulation as much as technology skills.

With generative AI, criminals can avoid many of the traditional telltale spelling and grammar errors of phishing emails and spoofed websites. AI also helps attackers craft more convincing phishing email language based on data from employee social media feeds, company emails, and other sources.

The emergence of AI-based tools has helped criminals launch more successful attacks. So, both the MSP and their clients must train their employees to spot suspicious emails.

Recognizing Email Threats

If an email arrives asking for sensitive data (passwords, account numbers, etc.), employees should be trained to corroborate the email in person or over the phone with the sender, and to make their IT or internal security teams aware of the potential attack or breach.

Chris Crellin of Barracuda MSP

Chris Crellin

MSPs and their clients should ensure that employees are aware of the level of this threat. They need to understand that ransomware attacks are increasing, as well as receive regular updates alerting them to current security threats.

CISA’s Best Practices

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) provided additional guidance on best cybersecurity awareness practices as part of its Secure Our World campaign. CISA emphasized four best practices to help staff avoid falling for a phishing attack. Those include:

  • Encourage the use of strong passwords and password managers. Most users must juggle dozens of passwords. This is why many people fail to create strong passwords — they’re hard to recall. Businesses need strong password initiatives to include access to password managers to address user frustration. Strong, unique passwords will help protect accounts from being compromised, while the password manager platform will eliminate the frustration associated with forgetting those passwords.
  • Enable multifactor authentication (MFA). Strong passwords aren’t infallible, so MFA plays a key role in securing network and application access. A secondary method of confirming a user’s identity can protect accounts even if a password has been compromised. For businesses, MFA should be part of the default approach to account configuration.
  • Train employees to recognize and report phishing attacks. Scam emails are the primary way cybercriminals trick workers into revealing sensitive account information and data. Provide employees with training on common signs of a phishing attack. Include clear guidance on reporting attacks to the IT security team and management, as well as what to do with the email (delete, quarantine, etc.).
  • Enforce software updates and patching procedures. Software updates help protect your applications from emerging vulnerabilities. Updates and patches can be managed centrally during off-hours to reduce user inconvenience or unwanted downtime. Automatic update settings can streamline this process. For complex IT environments, MSPs can help organize and prioritize these updates based on urgency and scope.

Managing Cybersecurity Efforts

Cybersecurity software and technology can only go so far in protecting networks, data, and applications. For security-centric MSPs, regular client updates and employee training are just as critical for reducing the likelihood of a successful attack and mitigating the damage.

MSPs can also leverage remote monitoring and management platforms, phishing simulation solutions, and other technologies to help streamline these education efforts.

Cybersecurity awareness should always be at the top of mind for both the MSP and their clients, and these efforts should include regular training and updates for all employees.

Chris Crellin is senior director of product management for Barracuda MSP, a provider of security and data protection solutions for MSPs. He is responsible for leading product strategy and management.

Image: iStock

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience