Named National Cyber Security Awareness Month by the Department of Homeland Security, October is a time for the whole nation to become more aware of information security. And while companies should work to increase both internal and external resilience all year long, MSPs are advised to use this period to revisit the cybersecurity conversation with clients.
Where to begin? As you know, cybersecurity encompasses everything from proper password management to encrypted data backups. Rather than overwhelm prospects and clients by detailing all of this, however, start out simple. Frame cybersecurity as a way of providing medical services for client data. Just like in medicine, there are only two classes of service: prevention and treatment. Companies must spend time and effort to either prevent criminals from accessing data or maintain operations in the event of an attack or data breach.
1. Prevention: What Can You Do to Prevent Attacks?
There are two concepts that are helpful to think about when considering how to prevent an attack: attack surface and extended security team.
Your attack surface is how appealing you look to an attacker. Having a large technology stack means that there are lots of potential vulnerabilities to exploit. Software that is not regularly updated can be rife with known security holes that are easy to use to gain entry to the rest of your network. Eliminating unused or little-used software keeps your attack surface small.
Your extended security team is the number of virtual eyes that are protecting your organization. Large software vendors like Microsoft® and Intuit have robust, continually active teams scouring their software for vulnerabilities to fix. If they find something serious, they immediately get to work, patching the software and shipping it out to you.
Monitoring provides the necessary information for thoughtful action. For example, if your website is defaced at 3 a.m., automated monitoring provides a way to find out about it before your customers do. For endpoint security monitoring, there are several options, from basic antivirus to more advanced intrusion detection. They cover a wide variety of price points, including many that are accessible to small- and medium-sized businesses.
2. Treatment: What Can You Do if There Is a Breach or Loss of Data?
There are two options when a company has to restore its operation after a breach: practice or delegation.
If a company decides to take the the practice route, start with documenting and practicing a recovery plan. Security incident response starts with preventing further unauthorized access and then returning your organization to its most recently uncompromised state.
Once further damage has been avoided, it is time to get back up and running. Usually that means picking a point of known integrity before a breach and restoring it. The science of restoration has grown sophisticated and powerful in recent years. Storage technology, in particular, has grown in leaps and bounds, adding simple snapshots, virtual storage, and granular backups at every level from the raw disk to the entire application.
Creating regular backups that are logically separate from your production infrastructure is the essential first step in providing business continuity. Even if attackers are able to access your data, they may not be able to retrieve offline copies or ones on a different network. Disk- and flash-based approaches slowly replace tape while giving similar benefits without requiring a separate tape infrastructure.
And if you are not diagnosing your own breaches and handling restoration, then have the phone number of a company readily available to handle all of the above.
The National Cyber Security Awareness Month ends next week, but cybersecurity is a year-round responsibility. There are always small steps that you can take to be more prepared than yesterday. Start by checking that your prevention software is up-to-date and printing out your recovery plan.
By Lily Teplow
By Brian Downey
By Dave LeClair