Cybercrime has become a global epidemic, and shows no signs of slowing down. Indeed, the latest research from IBM and the Ponemon Institute found that the average cost of a data breach is $3.9 million and that it takes 279 days on average to identify and contain a breach—279 days!
Statistically speaking, without the right people, processes, and technology in play, you and your customers’ networks are likely to have been compromised already—and you may not even know it. And we do mean “you.” As the Department of Homeland Security warned last year, hackers are targeting MSPs as well as end users these days.
As with many things in life, when it comes to cybersecurity, the best defense is a good offense. Don’t wait for the attack; take a threat-focused approach to defending yourself and find trouble before trouble finds you, or even worse, your customers. Here are six tips that can help you better prepare, prevent, and minimize the damage from a cybersecurity attack and get back to business as soon as possible:
1. Know who to call. Proactively identify the people within the organizations you’d need to call if a breach happened—think lawyers, your cybersecurity insurer, your customers. Make a short list and note a few backup players on the roster too just in case you can’t reach him or her.
2. Be ready to document everything you know and everything you do. Many countries, localities, and industries have regulations and other laws that require reporting unauthorized network access or data breaches. Documenting what happened and each remediation step is a necessary part of preparing for that reporting. It also allows you to do a post mortem and ask, “What can we do better or different in the future to minimize our risk of another breach?”
3. Follow the 3-2-1 rule. The most significant difference between those who end up having to pay a ransom vs. those who don’t is their backups. Many companies, including MSPs, take it for granted that their data is backed up regularly, and they learn otherwise when they need to do a restore. In the case of ransomware, it’s important to distinguish between data synchronization in the cloud and a valid backup. In the former scenario, infected data sets can be uploaded to the cloud and can overwrite good data. With a true backup, which follows the 3-2-1 backup rule, you’ll avoid this problem. The 3-2-1 backup rule means you should have three copies of your data, as well as your customers’ data, store the copies on two different media, and keep one backup copy offsite.
4. Use virtualization. Readily available, virtualization enables faster backups and recovery times; plus, it allows you to restore data to dissimilar hardware and makes it easier to test your backups, as well as those of your customers, regularly to avoid any surprises when you need to do a real restore.
5. Isolate the problem. Whether it’s your network, or your customer’s, make sure that infected devices are taken off the network and shut down whenever possible until they can be diagnosed. The longer the infected machine remains online, the more potential it has to affect others and exacerbate the situation.
6. Lockout further damage. If personal or company identity data is stolen, immediately notify your bank or your customer’s bank, credit card companies, and credit monitoring agencies. This will limit the thieves’ ability to continue using the stolen data.
As you’ve seen in the headlines, the odds are not in favor of the MSP, so be ready. Always do what you can on the front end so you and your customers are taking a threat-focused, proactive approach to preventing cyberattacks.
Mike Hanauer, chief revenue officer for cloud-native MSSP SKOUT Cybersecurity, oversees sales, marketing, and partner success, including expanding SKOUT’s relationships with MSPs focused on SMB customer engagements.