Top Tips for MSPs: Protecting Customers from Phishing and Ransomware

Posted by Trevagh Stankard on Thu, Nov 18th, 2021

Ransomware attacks are on the rise. Scammers are constantly changing their ransomware campaign tactics. The severity of a successful ransomware attack should not be underestimated, it can have a detrimental impact on victim organizations and their ability to conduct business. The effect of these attacks and business interruption are shared across all industries and organizations of all sizes, including small to midsize businesses (SMBs).

The increased risk load to SMBs hasn’t gone unnoticed by managed service providers.  According to the 2020 Datto Ransomware Report, 78 percent of MSPs reported attacks against SMBs in the last two years and 92% percent of MSPs predict these attacks will increase in the coming year.  While unsettling to say the least, these statistics point to an opportunity for MSPs. Those who have the resources to protect their clients from ransomware can separate themselves from their competition as cybersecurity is a growing concern for digital businesses today in this new era of ransomware.

Improving the Security Posture of your Clients

Ransomware is like any other threat is a risk that must be properly managed.  That requires an organization to have an effective security posture.  At best, the security policy of many small businesses today is reactionary.  Solutions are implemented in an ad hoc manner, usually only after falling victim to some type of attack. Every company must contend with a diverse number of threats and vulnerabilities and those risks are contingent upon the company’s business drivers and security considerations specific to its use of technology.  Every business also has a different risk tolerance.  That’s why its so important for MSPs to understand the business environment and IT estate of their customers.

But while each customer may be slightly different, they all need a basic framework to follow, one that outlines the standards and best practices to manage cybersecurity risk.  There are many great frameworks out there but one of the more popular ones is the N-I-S-T, NIST Cybersecurity Framework, which outlines a five-step process for organizations.

1. Describe their current cybersecurity posture
2. Describe their target state for cybersecurity
3. Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
4. Assess progress toward the target state
5. Communicate among internal and external stakeholders about cybersecurity risk

Improving the security posture of your customers is critical because you can’t be on site all the time.  The goal is to get the leadership of each client to buy into the importance of risk management so that cybersecurity practices are formally approved by management and expressed as company policy.  These policies should also be regularly updated and reviewed to keep them relevant in a constantly changing threat environment.  This also includes educating all users to give them the tools to be vigilant in their everyday interaction with technology to reduce their own risk exposures. This not only keeps your customers more secure, but it also reduces costly helpdesk calls for your bottom line.

Finding and Showing Risk

MSPs are starting to use breach and attack simulation (BAS) tools to help identify vulnerabilities in a client’s cyber defenses.  BAS is much more than mere pen testing.  This relatively new technology can conduct phishing attacks against user inboxes, implement an attack on the company’s firewall, attempt a data exfiltration or emulate a malware attack.  These simulations run fully automated and will not interfere with production operations.  Besides initiating alert notifications, the tools will recommend and prioritize fixes that address the problem.

Leveraging the Right Toolset

Every business faces different risks, every organization must contend with phishing attacks.  More than 90 percent of malware is still delivered by email, with 6.95 million new phishing and scam pages published on the internet in 2020.  That’s why email security continues to play a critical role in any multi-layer cybersecurity strategy today.  By eradicating malware from your customer inboxes, you lessen the dependency on other security layers that lie closer to the victim’s computer. 

In order to leverage your security tools across your entire company base, you need to utilize cloud-based solutions if possible.  SpamTitan by TitanHQ uses a cloud-based architecture, allowing you to manage and secure all your customers from a single web browser.  SpamTitan is rated a 5-star solution by the users of G2 and has been named as one of Expert Insights’ 2021 “Best-Of” award winners in both the email and web security categories.

At TitanHQ, we understand the MSP model.  Our TitanShield MSP Program allows MSPs to take advantage of our proven technology solutions, including WebTitan to sell, implement and deliver them to their client base.  With over 20 years web and email security experience TitanHQ is trusted by over 14,500 businesses and 3,000 MSPs. 

Conclusion

Cybersecurity is a great way to differentiate yourself as a security protection provider as small businesses need outside partners to shore up their security efforts to keep their business operations online more than ever.  As an MSP, you know your customers better than anyone and you know how to educate them in the most effective manner.  We in turn, would like the opportunity to educate you on the value of our advanced tools sets that are ideal for today’s MSPs.

Learn about TitanHQ’s multi-layered security as part of the TitanShield MSP Program. Find out how we can protect your clients from phishing and ransomware attacks with our multi-award winning security solutions. Contact us today.