Four Cybersecurity Tips for a Safe and Secure 2022
We are in the last week of Cybersecurity Awareness Month, an observance started in 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security.
Now in its 18th year, the annual awareness effort has grown into a powerful campaign that serves to energize and educate the general public, while giving institutions and enterprises the guidance and tools they need to keep their data safe, and their people protected. The theme for Cybersecurity Awareness Month 2021 is “Do Your Part. #BeCyberSmart.”
This is a powerful message, and one that is crucial at this juncture in history. The past decade — and the past several years especially — has seen an explosion in the prevalence, sophistication, and destructiveness of cyberattacks, with the Covid pandemic only exacerbating what was already a serious problem.
Things aren’t going to get any easier, either. In fact, experts predict that cybercrime costs will steadily rise over the next several years and exceed $10 billion by 2025. Fueled by success, emboldened by new technologies, and in some cases, backed by nation-states, cybercriminals are certainly gearing up for a busy year. Cybercrime isn’t going anywhere. But here’s the thing . . .
Neither are we. MSPs aren’t going anywhere, nor is their commitment to keeping their clients and their data safe. The IT industry as a whole isn’t going anywhere, and there are a lot of us, willing to fight the good fight and keep threat actors at bay. The United States isn’t going anywhere, nor is the global community in which America plays a vital role. This brings us back to the theme of Cybersecurity Awareness Month 2021, and why it’s so apt and timely.
We — individuals, institutions, businesses, communities, countries — can’t afford to treat cybercrime as a purely technological issue with no direct connection to daily life, or more simply, ‘not my problem.’ It is all of our jobs to keep cyberspace from being overrun with nefarious activity. If we all do our part and stay smart, we can win this fight. But we can’t hesitate or hedge our bets — it’s time to go all in!
The Role of MSPs
Managed service providers (MSPs) are in a unique position to lead the fight against cybercrime. By making cybersecurity a priority and an integral part of operations and internal culture, MSPs can inspire their client businesses to do the same. This will have ripple effects that strengthen our entire country’s security posture.
So, let’s get smart and do our part. Here are four cybersecurity tips for MSP Owners going into 2022.
Tip #1 – Adopt a Culture-First Mentality
When it comes to cybersecurity, there’s a temptation to immediately think about technical solutions: the right tools and software with which to protect your MSP business, and by extension, your clients’ businesses. But given that the overwhelming majority of data breaches involve a human element (i.e., human error), it makes sense to think about cybercrime as a human/social problem, calling for a cultural solution (i.e., a shift in thinking).
Establishing a culture of cybersecurity awareness might sound like a vague undertaking — something you agree with in theory, but which seems like it wouldn’t amount to much in practice. But this couldn’t be farther from the truth.
Building a robust cybersecurity culture at your MSP means taking very concrete measures: building employee cybersecurity training into your onboarding process, emphasizing cybersecurity in your marketing collateral, making sure your clients’ software and applications are being regularly updated, encouraging your technicians to report any potential security issues — even if the issue might be a false alarm. In short, adopting a culture-first mentality about cybersecurity means taking action on all fronts, so that your staff and your clients’ businesses can all get on the same page. A unified front is the end goal, because all it takes is one weak link for something bad to happen.
Tip #2 – Get Smart about P#ssw0rds!
Let’s talk about passwords. We all use them for both personal and professional platforms. They’re central to our lives. Our crucial data rests on their strength. And yet, bad passwords remain a rampant issue and an easy point of ingress for threat actors.
You might know good password hygiene, but do your clients? What about their end-users? A survey from 2019 found that nearly a quarter of Americans have used “Password,” “Qwerty,” “123456,” or something similarly obvious for a password. The bottom line is that people systematically underestimate how easy it is for hackers to guess weak passwords.
Your MSP can help clients shed this attitude for good, by not only conveying the dangers of weak passwords, but also, by offering solutions such as Password Managers, training, and educational content. One good idea is to provide a sequence of onboarding emails and include one devoted to password hygiene. After all, strengthening your clients’ cybersecurity posture is something to do immediately and proactively, not after disaster has already struck.
Tip #3 – Implement Multi-Factor Authentication
Multi-factor authentication (MFA) is a shining example of layered security in action. Instead of following the old cybersecurity methodology, and treating “the network” as a trusted space enclosed by a fixed perimeter, MFA employs a “zero trust” approach to cybersecurity by requiring that all users provide, in addition to their log-in credentials, a second piece of identity-verifying evidence before gaining access to an application or service.
When your organization is equipped with MFA, threat actors can’t infiltrate your systems simply by illicitly obtaining log-in credentials through phishing and other means. This raises the difficulty level for hackers exponentially, and although MFA doesn’t offer 100% protection for your MSP and its clients (no cybersecurity tool does!), it does greatly mitigate the risks of a social engineering attack.
Here at The 20, we believe strongly in MFA, because we understand that employee training can only go so far. At the end of the day, you want an additional layer of security to keep threat actors out. Our tool of choice for MFA is ID 20/20, an authentication solution that makes identity verification fast, easy, and secure. Learn how it works here!
Tip #4 – Come Together as a Community
This last one is less a tip and more a rallying cry. The cybercriminal of today is not an isolated actor, cooped up in a basement and carrying out attacks for personal reasons. On the contrary, today’s threat actors operate within highly sophisticated and politically motivated organizational structures. Hackers work in groups (e.g., DarkSide and REvil), and their coordinated attacks are strategic components of broader campaigns to undermine national infrastructure and social wellbeing.
Standing up to these opportunistic and highly organized criminals requires that we adopt an equally — no, a more robust and coordinated cyberdefense strategy. There is indeed strength in numbers, and if the last few years have taught us what hackers are capable of when they have institutional resources at their disposal, let the next few years be a lesson on how strong America’s businesses and people are — especially when we put our differences aside and commit to taking down a common foe.
Right now, we don’t need heroes to fend off cybercriminals; we need each other. Your MSP can set a tone of cooperation and collaboration by working closely with clients to enhance their security posture, and by providing the IT community at large with thought leadership and actionable content.
Working together to kick a** and help businesses sustain growth and profitability . . . Now that is an idea The 20 can get behind!