Everyone in the managed IT services space has faced at least one or more cybersecurity challenges, whether with their clients or even their own internal IT infrastructure. From corrupted patches to malware, from DDOS to physical failure of equipment. While not all incidents were necessarily tied to hackers, they did have a negative impact on the businesses we try to support.
In this post, I am going to go over what I feel are the top five areas that any MSP, MSSP or IT service provider should be doing to help strengthen their security posture and face the onslaught of threats in 2018.
1. Cybersecurity Training
If you aren’t educating your staff and the staff of your clients on cybersecurity best practices, it’s just a matter of time before human error takes over. They could click on a malicious link in an email because they assume it is from a trusted source, or they might still believe a Nigerian Prince really does need their help. To address this, you should start with the basics.
CompTIA has a handful of free (to any member) Cybersecurity Training courses, which take about an hour to watch the mini videos and take the exam. These courses serve as a great starting point, and from here you can get into subscription services to organizations that can provide ongoing training to you and your clients.
Note: If you need help finding some options, please don’t hesitate to reach out to myself or a Continuum rep.
2. Password Management
Seriously ... it’s now 2018, yet the top passwords that were hacked last year were still “123456” and “password.” This needs to change, but we need to have a plan in place in order to do so.
There are a lot of ways to go about improving password management, and I won’t go into details on the specific vendors that can help here, but here are some requirements to look for. First, password managers are a must. Second, two-factor authentication is critical. And finally, it’s important to have the ability to know when passwords are being shared and with whom.
For example, when an employee leaves and the shared password isn’t changed, it puts the whole organization at risk. Simply setting the Group Policy Object (GPO) to expire a password after 30 days (or some other variation) isn’t going to solve this problem. Increased password security should be part of your training, in addition to using a password manager. We can’t be expected to remember every password as varying levels of complexity, so it’s critical to use a password manager that allows you to generate complex passwords.
At onShore, I help businesses achieve compliance and make sense of all the rules and regulations. I suspect many of you reading this are dealing with at least one or more clients who are concerned about meeting some regulatory compliance deadline from NYDFS to NIST-171, so how can you help?
First and foremost, dot your i's and cross your t's with the regulation you need to meet or help your client meet. Documentation is critical here, and in many cases if you have a documented process and procedure—even if it has not yet been mapped to satisfying a control—it is better than having nothing at all.
We must always keep in mind new technologies that can be exploited as most regulations don’t yet incorporate current technologies and threats into their requirements, so be aware.
You can have all the compliance in the world and still not be secure. Look at the controls in the regulatory requirement, and address it from a security business best practice first, and the control or regulatory requirement second. In doing so, you will have a secure environment and satisfy the auditors when they come calling.
People, people, people ... you don’t need Local Admin rights to surf Facebook. In fact, regardless of what does require administrative rights or master key, you don’t need those credentials for your day-to-day—so stop using them.
Strangely, I still get asked why this is such a big deal—and again, it goes back to training and education. Hackers can’t install malware on your computer or start adding users to Active Directory if—when they hack your profile—it doesn’t get them the power they need to make those changes. You’ll notice I said “when” because it’s inevitable that at some point—either in the past, or someday in the future—you will likely experience some level of compromise in your digital world. This leads me to number five.
5. Incidence Response Plan
I don’t want to downplay any of the other elements of secure infrastructure or business security best practices, but throughout 2017 and as we go into 2018, there is an emphasis being placed on having an incident response plan. Security incidents are starting to occur more often, and how you handle an incident could have a serious impact on your business and your clients’ business. When handled correctly, it may have little to no impact at all.
Start internally and create an incident response plan for your own company. Then, you can use that as a starting point for your clients’ incident response plans. If you need assistance with where to start in creating this plan, either click here or contact me directly!
There you have it, the top five cybersecurity areas I believe are going to have the biggest impact on your business in 2018. Obviously there are more than five, but this is a good place to start. Happy New Year everyone, and may you find 2018 to be the year that you meet cyber threats head on with a plan of action!
Handpicked for you:
By Lily Teplow
By Brian Downey
By Dave LeClair