MSP Blog Logo


Business Growth


Help Desk



Sales & Marketing


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

Drastic Measures You Can Take to Improve Employee Security Training

Posted November 11, 2015by Ben Barker

In light of new encrypting ransomware like CryptoWall 4.0 which was just discovered last week, how can you improve end user security practices and prevent clients from becoming victims of these malicious schemes? You can force videos upon people and make them score a 100% on an online quiz before they have "passed" their security training, but does that really work? If you ask Engin Kirda, chief architect at Lastline and professor of computer science at Northeastern University in Boston, he'll tell you that it's not. In a recent article on eWeek, Kirda said that the only time that people seem to take cybersecurity seriously is after they have become the victim of an attack. Okay, that's good to know, but you certainly don't want all of your clients to get hit with malware in order for them to realize the seriousness of the threat. So what else can you do?

We reached out to users on Reddit and Mangolassi, an IT community that we recently joined, to see how MSPs and IT service providers conduct user education in a way that actually works. Beyond literature and best practices emails, which you can't guarantee people will read, we asked these professionals to explain how they implement a more "realistic and effective" security training program. Their answers were fascinating and worth experimenting with at your own business!

Simulating Attacks

As you can see, companies are actually starting to bait (no pun intended) their employees with "mock phishing" attacks on their emails or even with actual physical drives to prepare them for the real thing. As crazy as it sounds, this is becoming a more common practice for larger companies looking to improve their employee security training.


The Opportunity

While this trend is more common in larger companies, and perhaps not as apparent in the SMBs that many MSPs serve, look to these examples and take advantage of the opportunity to start your own initiative. Consider coming up with similar client security training programs that you can carry out in the new year. If you don't have the time or resources to do this, there are third-party security companies out there that may be able to help you.

As CryptoWall 4.0 has reminded all of us, your clients should trust you to back up their sensitive data, should it ever be lost or compromised. Still, providing users with training similar to the ideas presented here could go a long way towards avoiding these user error-generated issues all together.


Help keep your clients' stored data safe!


Also suggested for you:

Ben is a graduate of Emerson College and a huge Boston sports fan.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus