To say that the business world has changed drastically over the past month would be an understatement. Amidst the genuine fears of spreading COVID-19, many SMBs have had to send employees home and turn to remote work to keep their businesses running and staff paid. Unfortunately, making this radical change over a short period has left many vulnerable; where the rest of the world seems to be coming together to combat COVID, cybercriminals are taking advantage of the chance to make a quick buck.
Let’s take a look at the most prevalent cyber-concerns for the SMB and what MSPs can do to combat those threats. That top 5 includes:
1. Phishing
While these sneak attacks have always been a popular method amongst cybercriminals (with a third of all breaches in 2019 starting with one), pandemic themed emails are fueling more growth. From messages impersonating the World Health Organization (WHO) and the Centers for Disease Control (CDC) to insurance companies and banks, hackers are increasing their attempts to gain account information, hijack donations, and spread malware.
While end-user training may seem more difficult with a distributed workforce, now, more than ever, those efforts must continue. MSPs must help their clients educate their employees on the risks associated with coronavirus-related emails: no clicking on links or opening attachments. They must also be wary of websites asking for donations or offering support. Phishing training programs are essential in normal times. However, with cybercriminals ramping up more innovative threats against temporary remote workers and what may be more vulnerable systems, those educational activities are even more critical.
2. Backup and DR Systems
Ensuring that data restoration systems are working correctly with everyone in remote locations is just as crucial as when employees are in the same building. Just because people are outside of the office shouldn’t mean their company should sacrifice its compliance, security, and business continuity objectives. Regularly test their plans and perform system updates to ensure everything works as intended, even during an epidemic, and carefully consider the increased bandwidth and hardware requirements for all the remote locations. Email archiving should also be a top consideration for MSPs (and your clients).
3. Credentials
With the majority of SMB employees working in traditional office environments, the sudden transition to a home setting can be complicated. Regardless, MSPs must ensure their end-users uphold all existing cybersecurity guidelines. The first step in that process is to closely adhere to all current password management guidelines and enhance those protections whenever possible. With many staff members working on personal devices outside the corporate perimeter, those systems are more vulnerable to cyberattacks.
Safeguarding passwords and employing other defensive best practices is essential. Remind all end-users to select multiple long passphrases (one for each system) and leverage a password manager to simplify the process and help them keep track of it all. Simplicity is a sure way to strengthen protection for remote workers (and your clients).
4. Encrypt and Protect Information
Cybercriminals understand the situation. Your clients may be more vulnerable with their employees working from home in less familiar environments, and hackers are looking to take advantage of their unfamiliarity. MSPs need to amp up protection with the sharing of so much data between so many locations. Since staff members can no longer collaborate in face-to-face meetings or informal hallway chats, their use of email and other forms of electronic communications are likely rising.
Employees may be sending sensitive business regularly without being aware of the consequences of someone intercepting their messages, whether on purpose or by mistake. Those working in an office should be encrypting all emails, and that standard is even more crucial for those outside the perimeter, including home environments. These systems ensure that only those with the keys can access text and information they send and receive. When you provide easy to use encryption solutions that don’t require a complicated implementation or login process, end-users will be more likely to encode (and protect) their communications containing company and personal data.
5. No More Perimeters
A newly distributed workforce means that people are working outside the corporate firewall. To ensure employees are not easy targets, MSPs should provide VPNs to ensure secure connections, encryption to safeguard data, password management tools to protect credentials, and other solutions to defend essential business systems and information.
Cybersecurity must be a priority in both good times and bad times. When your customers are feeling the weight of these unprecedented times and a shift in workplace conditions, or adapting comfortably to the changes, provide the support and services needed to keep their workers productive and safe.