Heads Up! Top 10 Cybersecurity Best Practices for MSPs serving SMBs!

Geek Speak

Everyone can benefit from reviewing and embracing best practices in cybersecurity no matter what the season or the reason. Whether you like it or not, all Managed Services Providers (MSP) are in the cybersecurity business! So here are some best practices presented as an at-a-glance table that you can print out

and post on a wall for everyone to see. I’ll be using a storytelling technique to make my points, as I’ve found that approach much easier to recall than if I were to just present facts.

Number One:

Common passwords are bad passwords  

A couple of years ago at the annual Spiceworks SpiceWorld event in Austin, TX I enjoyed a security keynote speech from Brian Krebs (KerbsonSecurity) . He spoke about password management and how people use common passwords as a protection baseline and minimally alter the password each time they are requested for a password change. His example of bad password management, in his words, was the following example: changing your password from ”MonkeyButt16!” to “MonkeyButt17” allows the bad actors to see a pattern, making your future passwords much easier to guess.

Personally, after hearing Krebs, I used a popular password management program favored by MSPs and suggest you consider the same.

PS – do not use the same password everywhere.

 

 Number Two:

Secure Every Entrance          

This best practice speaks for itself with, again, strong passwords, using firewalls with threat detection and prevention, secure endpoints (think anti-virus, anti-spam, and anti-phishing tools), and common-sense behaviors (like not using unknown USB keys).

But I want to expand the conversation. Increasingly, MSPs are being brought in to advise on physical security in related industries. There is an intersection between cybersecurity and physical security and it’s typically driven by compliance. You’ve been forewarned.

 

 Number Three: Segment Your Network         

In the past, we would have spoken towards segmenting your physical web servers from your internal network (and you still should if the shoe fits). But with web services increasingly being handled by cloud platforms (Azure, AWS, etc.), this is less of a configuration concern.

If you must allow for guest access, separate it from your internal access. Visually, this looks like a hotel having its private network and then separate network access for guests. With a majority of out-of-the-box cable providers, by default you will have a public open “hotspot” for people walking by the hook (an example is Comcast). Turn this off!

 

 Number Four:

Define, Educate and Enforce Policy

 One of the hottest solutions being offered by MSPs is security awareness training. Training has always been an under-utilized offering from MSPs to customers (unfortunately). But my experience is that MSPs that offer dedicated training (including security awareness), can increase top line revenue by up to ten percent with minimal additional expenses.

 

 Number Five:

Be Socially Aware

Knowledge and awareness are the MSPs BFF as a protection dimension for clients. But did you know that social engineering attacks are part of this recipe?

Social engineering is a technique made famous by Frank Abagnale (watch the “Catch Me If You Can” movie”) where he impersonates a doctor, lawyer, and co-pilot. In the MSP world, this type of character would call into, or create, a trouble ticket for the MSP to reset a password at a client site. Beware!

 

 Number Six:

Encrypt Everything

 Any MSP worth his/her salt will ascribe to this golden rule that you need to encrypt everything. This can include a pre-boot encryption tool installed on laptops. For your Wi-Fi network, consider WPA2 with AES encryption. And ahem, use virtual private networks (VPN) in all scenarios where warranted, especially REMOTE WORK and WORK FROM HOME (WFH)! #TrueThat

 

 Number Seven:

Maintain Your Network Like  Your Car

 Stay up to date with the latest operating system and application versions. Also – with aging hardware consider an extended warranty to enjoy support. This is akin to buying an extended warranty on an aging car that is out of the manufacturer window of support. In technology this is known as Third-Party Maintenance (TPM).

 Number Eight:

Cloud Caution

A good friend in my profession grew up in China and now lives in the United States. She offered the difference between her old country and new is that in China everyone believes the government is listing to phone calls and engaging in cloud surveillance. So, the point is, behave like my friend and, as an MSP, when using the cloud, assume content sent is no longer private.

When it comes to checking the security of your cloud provider, consider penetration testing (Pen Testing) in addition to your reviewing its security policies.

 

 Number Nine:

Don’t Let Everyone Administrate

No one wants too many cooks in the kitchen. Administrator-level privileges are sacred. Protect!

• Don’t allow employees to use a Windows account with Administrator privileges for day-to-day activities.
• Limiting employees to User Account access reduces the ability for malicious software (better known as malware) to do extensive damage at the “administrator” privileged level.
• Make it a habit to change default passwords on all devices, including laptops, servers, routers, gateways and network printers.

 

 Number Ten:

Address the BYOD Elephant in the Room

In the new “abnormal” where work styles (WHF) have changed dramatically, there has been an acceleration of the Bring Your Own Device (BYOD) movement. MSPs were certainly already aware of the mega-trend and perhaps have BYOD policies with their customers. But now more than ever you must plan for BYOD and for occurrences such as an employee losing a device.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The above best practices are just the starting point, but how do you implement security in a proactive and cost-effective way?

PREVENTION IS KEY

Small businesses need enterprise level protection without the complexity, cost, and expertise. Security that consolidates the functions to achieve a high level of protection, doesn’t require a large staff or deep expertise, and security that just flat out works (right out of the box).

Above all else, preventing the next cyberattack is the #1 priority. Solutions that detect when infection has occurred are helpful, but they’re a bit like hearing “Fire” in a crowded movie theater. When you see or hear the alert, then you know you have to take action, i.e. move quickly to the nearest exit or disconnect the infected system from the network. An alert that the fire is out or the attack was prevented means you can continue doing what you were doing.

Here’s how you can secure the network:

There are solution providers, like Check Point, that provide protection from every threat in an easy-to-deploy and -manage “All-in-One” solution

Check Point security gateways are enterprise-grade, meaning they’ve been tested, approved and deployed by thousands of enterprises worldwide. The Check Point Quantum Spark™ Series security gateways are perfect solution for keeping small to medium size businesses safe.

It offers a super easy setup: Just plug it in, follow a simple set-up wizard and your network is secure in minutes.

  • Out-of-the-Box Protection – Security policies are included right out of the box to deliver protection immediately, and adjustments can be made to tailor the policies for your business.
  • Low Price - Starting at just $600, the Quantum Spark family delivers protection with a modest investment. Check Point Quantum Spark security gateways could also be offered by your local Internet Service Provider as a monthly subscription. Simply ask if your ISP offers Check Point Security Gateways.
  • Easy Management - Ongoing management and upkeep is simple with a mobile app to monitor and mitigate any security issues while on the go.
  • Network AND Security Package – Models are available with Gigabit Ethernet, Wi-Fi and integrated cellular LTE modems. These gateways can support multiple ISPs and monitor them for quality-of-service, so you can get the best bandwidth for each application.

Security for a small business is much too important to ignore. With the Check Point Quantum Spark SMB security gateway family, small businesses can feel confident that they have the best security available, in a package that doesn’t require extensive expertise or time to get high levels of protection.

You can double-click further into this topic HERE by downloading further guidance from my friends over at Check Point, offering all of these best practices and more through their family of Quantum Spark Next Generation Firewalls.