14 Tips for MSPs to Prepare For the Inevitable Cybersecurity Incident

MSPs need to strengthen their defenses and develop viable and tested plans for continuing operations in the event of a cyberattack. Here are 14 things you can do to protect yourself and your clients against the latest threats. It doesn’t matter if additional cyberattacks are coming due to the Russian invasion in Ukraine, it is imperative that MSPs or other tech businesses take immediate action to mitigate the risks. It’s time to strengthen defenses and create viable and tested plans for continued operations after an attack.
MSPs feel less secure than they did last year. CompTIA’s State of Cybersecurity 2021 research found that only 69% of respondents felt the cybersecurity state was improving in 2021, compared to 80% in 2020. Here are 14 things MSPs must do to protect themselves and their clients.
Keep bullet-proof documentation. Many cyber incidents are caused by a lack of accurate, accessible and complete documentation. This can lead to frustration, delays, and even failure to recover. You need a repository that is not susceptible to encryption or damage. Not having documentation in backup is sufficient. Even large enterprises have problems with back-ups. They could be deleted, encrypted, or corrupted. Even if they aren’t, restoration takes time. In a major cyber-event, time is something you don’t have.
Update, Test, Repeat. Many recent attacks on businesses, large and small, were caused by poor firewall hygiene and other failures in network edge management. Harden your network edge. This can be done by using the right devices, which are properly configured and kept up-to-date. Get tested. Outside vendors should test the work of professionals who are responsible for the network’s management. Regular testing can identify weaknesses, find errors, and even detect ongoing attacks.
Plug your Holes. All types of vulnerable applications can be patched or otherwise fixed. It is not possible to patch an operating system and leave your internet browser to manage itself. If possible, test all your applications for known vulnerabilities and poor configurations.
Keep complete, preserved logs. It is often difficult to determine who, what, where and when a cyber incident occurs. The logs are not kept or captured by victims or their IT service providers. They might have captured them, but the threat actor deleted them. As they occur, collect and export the logs to a separate location where they are not susceptible to being corrupted or deleted. This gives you and your tools the data necessary to catch the threat actors before they set fire to the house. It helps us understand what happened, and allows us to close any holes that allowed people to get in. It can also help us understand what didn’t happen, such as the deletion of sensitive data from a database.
Validate your mail tools and processes. Phishing attacks remain a major cause of system breaches. Phishing is a highly effective attack method. It involves dropping malware on your system or convincing users to enter their credentials in a fake site or form. Get control over your mail systems. Stop all spam mail and personal emails that are not properly filtered. Enterprise-class email spam and malware protection. Use DNS and URL reputation services to block known nefarious sites. Block blacklisted websites. To test if the education is effective, educate users.
Be aware of your website usage. It is possible to infect your computer by landing on malware-infected sites. You can infect your computer by landing on malware-infected websites.
Monitor All Endpoints. Configure an enterprise endpoint detection and response (EDR), tool that monitors for abnormal behaviors and responds to them. A good EDR tool without someone monitoring it is like listening to a concert recording. Although you may be able to hear the music, you have already missed the show.
Keep looking for threats. Continuous threat hunting and vulnerability testing are essential. Snapshot testing is not a good idea in today’s world. You won’t know what happened if you don’t constantly look for vulnerabilities, misconfigurations, or presence of threat actors until the criminal informs you in their ransom notes.
Enhance Password Policies. The number of cases that were triaged.