By Raymond Vrabel, Director, Technical Account Management, Continuum Managed IT Services
Part 9 of a monthly blog series examining tips on how MSPs can work to break “bad” business habits that they might unknowingly fall into as a result of just wanting to get things done.
In honor of October being designated as Cyber Security Awareness Month, it’s only fitting that this month’s blog focus on how MSPs can protect themselves (and their SMB clients) from cyber-attacks and other types of network disasters. With viruses like Cryptolocker and Cryptowall 2.0 running rampant, now is the time for SMBs to re-examine their BDR and security policies. Here are four important steps to take when examining security:
1.) Have a Reliable BDR Plan in Place: If you think that security breaches can only happen on an enterprise level, such as the recent hacks occurring within Target and Home Depot, you are fooling yourself. In fact, cybercriminals are now (at an alarming rate) targeting SMBs, which they often feel have fewer resources dedicated to cybersecurity. According to a 2013 survey by the National Small Business Association, 44 percent of small businesses have been victims of cyber-attacks, costing an average of $8,700 per attack. If those figures aren’t enough to get you talking to your clients, think about instances other than actual security breaches.
For example, how does a natural disaster like Hurricane Sandy wreak havoc for your clients’ networks? Two years ago, Sandy pummeled the East Coast and millions lost power; some for more than two weeks. I recall hearing a story of an MSP, who, prior to Sandy, was unsuccessful in getting his client, a doctor’s office in the New York metro region, to set up a BDR plan. He didn’t listen to the MSP, and unfortunately, because the client had his servers located in the basement of his building with no backup to speak of, all of his data, including confidential patient records, was destroyed.
I can’t reiterate enough how BDR is the number one most important technology that all SMBs need.
2.) Ensure Security Infrastructure and Processes: Once you’ve helped your client realize the importance of BDR, and you have the tools in place, work with your staff on a process of who will handle what for each client should a disaster occur. First and foremost: How will the disaster (by type) be handled (and by whom)? Also, make sure your help desk is equipped to handle these types of situations. The last thing you want is for your staff and techs to be scrambling around at the last minute trying to figure out a game plan. The most important thing to remember is: The least amount of downtime, and the quickest recovery time, minimizes negative impact of the disaster.
Aside from the technology component of disaster response, the business end of this plan must also be solid and in place. Understand expectations on both sides, and review your contracts and SLAs with all clients. If possible, combine all of the business aspects together into one cohesive and individual report, so they can be accessed quickly and efficiently. The last thing you need, especially after a service interruption or security breach, is to have to tell your client they have to pay extra or additional costs that neither of you had previously planned for.
3.) Educate your Clients on Safe Internet Habits: Make sure your clients and their staff are practicing safe searching while they are online, especially if they are accessing social media sites like Facebook, Twitter, etc., which can be platforms for virus attacks. If a link doesn’t look legitimate, it’s probably a virus or phishing scam.
A good example of this is the latest Cryptowall virus, which is disguised to look like a user is receiving a suspicious email with a ZIP or PDF attachment disguised as an invoice, purchase order or other business communication. MSPs should advise their clients to verify with the sender that they did in fact send the message prior to opening the attachment. Know that this can happen to anyone, at any time, even to the most tech-savvy of people. I recently received an email like this from one of my credit cards, regarding a past due bill, which I had already paid. A simple phone call to the company proved that the email was a hoax and I deleted it immediately.
4.) Frequent Anti-Virus Updates are Key: Aside from safe Internet searching, it’s paramount that every employee’s PC and relevant mobile device is up-to-date with anti-virus or anti-malware programs. While it’s great to have these in place, if they haven’t been updated in months, they can actually be more of a threat than a protector. Make sure your clients have best practices in place to ensure regular updates and patches are being installed. You can also save time by having the client’s employees learn how to do the updates themselves; it just takes a simple calendar reminder. Or, even better, have pre-scheduled, system-wide updates running. This is also something that you as the MSP can do for your own business. Map out a specific plan on how you handle updates and patches for you and your employees, and then share best practices with your clients.
Bottom line: When it comes to establishing a BDR/security plan, this is not something to be taken lightly – and it’s important to drive this point home with your clients. Start by sharing your own best practices including a reliable BDR, solid security processes, exercising safe Internet searches and updating anti-virus program regularly. Then if disaster or a cyber-attack does strike, both you and your clients are able to handle it with little to no down time.
Raymond Vrabel is Continuum's Director of Technical Account Management and participates in product and service growth initiatives. He manages Continuum's Technical Account Management team which supports over 3,500 partners worldwide. Vrabel has more than 15 years of experience in the IT industry, specializing in managed IT services, disaster recovery and cloud solutions. Follow him on Twitter: @rayvrabel.
