How to Establish a Sustainable and Repeatable Process for Responding to Cyber Attacks

By making a commitment to ensuring you have a sustainable and repeatable process for mitigating and addressing cyber attacks, you’ll be able to build stronger relationships with your clients and grow your business. When the clients you serve know they can count on you and your team of experts to help them in an IT crisis, such as a ransomware attack, you have the advantage.

Here are some key tips that will help your managed services business establish and solidify a process for responding to cyber attacks and be ready to take on the growing threat landscape.

Assess and Analyze

In order to start the process of putting an effective plan in place, there are three questions you need to ask yourself:

  1. Does anyone on my team have real world ransomware knowledge and expertise?
  2. How many of my team members completed the appropriate training and know how to address a ransomware attack?
  3. How much time does it typically take for our technicians to remediate ransomware infections and get clients’ staff up and running again?

Honestly answering these three questions will help you assess your level of preparedness and identify where you have gaps to fill. This exercise will also give you the motivation to get your team trained and provide them with the resources they need to successfully help clients navigate cyber attacks now and in the future.

Put Knowledge and Training First

Equipping your team with proper training and certifications is the best way to stay on top of the cybersecurity landscape. When your employees have the proper level of cyber knowledge, they will be able to better understand how to assess vulnerabilities, secure client networks and endpoints and mitigate security incidents.

You should establish and test for the level of expertise you expect your team to display. Lay out the minimum requirements and ensure that all employees can meet those requirements.  This will typically include, infection detection methods, quarantine policies, system and application recovery order, just to name a few.

Leverage Technology

Once training is complete, it’s time to focus on prevention. This is where you will want to put in place a multi-layered defensive technology approach to help clients minimize infections and have the option to recover from data breaches quickly and effectively. Here are some of the technological elements that will be critical in creating a sustainable, repeatable process. 


Planning, testing, implementing and auditing patches should be part of a regular security regimen. With the latest patches, you can close OS security vulnerabilities and prevent threats from sneaking in.

Anti-Virus and Network Monitoring

Keeping virus definition files current is critical to ensuring systems are running at peak performance. MSPs can even leverage an intelligent remote monitoring and management (RMM) solution that’s coupled with antivirus, you can gain better insight into your clients’ environments and address issues faster to stop threats at the source.

Education and Awareness

Not only is it important to keep your team up-to-date on cybersecurity knowledge, but your clients and end users as well. Educate clients and their employees about cybersecurity risks, new ransomware strains and best practices for spotting phishing attempts, suspicious emails and other security risks to help prevent future attacks.

Backup and Disaster Recovery (BDR)

Finally, a reliable BDR solution is the only way to combat ransomware by cutting down on potential data loss and downtime. Doing a full-system backup protects IT systems when an attack occurs and provides a recovery option for unknown threats and even the most catastrophic failures.

If you’re interested in learning more about how to properly shield clients from ransomware and other cyber threats, please visit Autotask’s booth at Navigate 2017!