Better Call an MSP Part 6: Malware & Virus Attacks - Staying Ahead of the Game

Blog News

By Raymond Vrabel, Director, Technical Account Management, Continuum Managed IT Services

The sixth installment of a monthly blog series offering tips and best practices on various

ways MSPs can help their SMB clients work through the most challenging daily business issues.

In last month’s installment of, “Better Call an MSP,” I discussed how to identify the current stage of your MSP. This time, let’s focus on how to stay ahead of the game when it comes to malware and virus attacks. It used to be that simply installing an anti-virus or anti-malware program for clients would deliver complete peace of mind regarding computer security and protection. Now, there is a growing trend where hackers are making a living out of exposing and uncovering flaws and gaps within the security protection programs that you and clients have been relying on.

In addition to protecting your clients’ devices by installing reliable and effective software, you also have another layer to think about—ensuring clients are not inadvertently exposed to any unsuspecting viruses. Below are a few possible scenarios that can occur, and how you can work with clients to best remedy a tough situation.

1.) Take a Multi-Tiered, Multi-Faceted Approach. Many of us may have the attitude of, “I’ve installed an anti-virus program on my client devices, and now I can just let it do the work.” However, with many new threats exposed within these anti-virus programs that we have come to rely on, that won’t cut it anymore. Take a multi-faceted approach and add on other layers of protection like Unified Threat Management (UTM), anti-malware programs and ensure all patches are up-to-date and secure. Patch management also means fixing patch issues as they occur. Ensure malware programs are regularly scanning -- and if you aren’t running a malware program on clients’ devices, it’s best to add that on NOW. By adding this second piece of software, you are using a whole different set of scanning tools. While there might be a security flaw in one product, by adding additional layers, you aren’t putting all of your eggs in one basket and you’re further mitigating risk.

2.) Localize the Issue. Should this type of attack occur on a client device, it’s best to immediately disconnect the user and the device that is experiencing the issue so that it doesn’t spread across multiple devices, branch offices or worse - to the CEO’s PC at company headquarters. The speed at which you react is critical to stop the attack. Here, you are in reactive (rather than usual MSP proactive) mode. Stop the “bleeding” by addressing the problematic device and then focus on ensuring everything is safely up and running. Hopefully your client will have a BDR system in place, and if so, this would then be the time to start recovering and restoring their files if the attack is far along. If they do not have a BDR in place, after the dust settles is the time to have that conversation.

Once the “fire” has been extinguished, be proactive and figure out how the attack occurred or how the hacker got in. Educate clients and their employees on how to best alleviate these situations in the future.

3.) Future Education. The best and most proactive plan is educating the user so that this doesn’t occur again. That includes ensuring all programs are up to date, fixing anything that’s not and finding out if everything is patched. If you are doing all of these things regularly, then chances of a repeat attack is very slim. Still, it’s not time to sit back and relax (it never is when it comes to the security of your clients’ system data). There really is no clear cut answer to a 100 percent prevention of any type of attack, but there are ways to lessen the risks. Here are some helpful hints:

  • Encourage employees not to open or download personal emails on company devices, especially zip files that might contain a virus.
  • Work with your Help Desk or NOC for their advice and expertise on alleviating attacks.
  • Work with your RMM vendor or vendor operations groups to ensure you have the latest patches rolled out on all client devices.
  • Remediate any patches that are currently failing.
  • Speak with clients about securing employee browsing habits and possibly installing some type of Web surf control that can lock down pages that might potentially infect devices.

Unfortunately, there are full-time hackers who are great at their jobs, always finding holes in programs that are designed to protect your clients’ devices. So, there is really no fool-proof answer to preventing attacks but, if you and your clients follow these steps, establishing a multi-faceted layers of defense, you are minimizing the risks of bringing clients’ businesses down.

Raymond Vrabel is Continuum's Director of Technical Account Management and participates in product and service growth initiatives. He manages Continuum's Technical Account Management team, supporting over 3,500 partners worldwide. Vrabel has more than 15 years of experience in the IT industry, specializing in managed IT services, disaster recovery and cloud solutions. Follow him on Twitter: @rayvrabel.