No doubt, the COVID-19 pandemic has us all in a state of bewilderment as nobody really predicted that in 2020 we would all be dealing with such a problem. Yet, here we are adapting to it.
As an MSP, you are the first responder to business IT survival, and have surely been working tirelessly over the last few weeks to keep businesses online and functional. During this disorienting time, hackers and malicious actors have cut us no slack and are actively preying upon SMBs hoping to catch them vulnerable for attack and/or exploitation. Both the U.S. Dept. Homeland Security CISA Division and the U.K. National Cybersecurity Centre are reporting elevated levels of cybercrime during the pandemic1.
At Sophos, our experts have also seen a substantial rise in COVID related domain registrations, some of which aim to prey on unsuspecting users looking for information.
As you prepare your clients remote work strategy it is vital that you reinforce the importance of cybersecurity to them and offer them services that offer the utmost protection. From an unsecured VPN to a COVID-19 inspired phishing email, the threats are real and the war is on.
The following list of tips from Sophos experts combined with Sophos Central, the unified console for managing your next-gen cloud based solution, will help you to easily manage and secure both your clients and your MSP business. We are here to support you during these crucial times so please contact us if you should have any questions with Sophos products/solutions.
1. Protect client services & data with multi-factor authentication (MFA) by any means possible
While Sophos highlights the benefits of having a strong password, we also highly recommend pairing strong passwords with MFA. This ensures that only authorized users and administrators are able to gain access to mission-critical accounts, computers, and other sensitive resources, even in the event where an attacker gains access to a password.
2. Ensure endpoints and systems are fully protected
Ensure all client devices, operating systems and software applications are protected with next-gen cybersecurity solutions. Also make sure that the devices are updated with the latest patches.
3. Secure your RDP!
Make sure to use RDP solutions you are using to remotely connect to machines use 2FA authentication. An open port with RDP leaves you and your clients absolutely vulnerable to cyberattack. A recent Sophos test to gauge the vulnerability of open RDP revealed how easy it is for hackers to gain access. If you use open RDP you will be a target!
4. Revisit End-User Training Schedules
Cybercriminals are looking to exploit the inexperience of traditional office workers who are now working remotely. The importance of having security aware users cannot be understated especially as workers find themselves more distracted by news reports and daily life that is now askew. Regular training will better condition your clients end users to avoid phishing emails and other attempts for malicious actors to gain access.
5. VPN or bust! Create a secure connection back to the office
Top of mind for every MSP setting up remote work for clients should be a secure VPN. Using a Virtual Private Network (VPN) ensures that all the data transferred between the home user and the office network is encrypted and protected in transit. Check out this community post for details on setting up a secure VPN with Sophos XG Firewall.
6. Scan and secure email
Home working will likely lead to a big increase in email as people can no longer speak to colleagues in person. As stated previously, cybercriminals are wise to this and already using COVID-19 inspired phishing emails as a way to entice users to click on malicious links. Ensure your client’s email protection is up-to-date and raise awareness of phishing.
7. Enable web filtering
In the last few months, there have been over 136,000 new COVID-19 themed domains2; some good and some bad, the malicious ones are serving up malware, phishing pages, or other scams. Apply web filtering rules on devices to ensure that users can only access content appropriate for ‘work’ while protecting them from the malicious websites.
8. Manage use of removable storage and other peripherals
Working from home may increase the chance of clients connecting unsecure devices to their work computer – to copy data from a USB stick, or to charge another device. Considering that 14% of cyberthreats get in via USBs/external devices3, it’s a good idea to enable device control within your endpoint protection to manage this risk.
9. Control mobile devices
The rise of iPhone and Android malicious apps exploiting the pandemic should also raise concern for clients. Implement application installation restrictions and a Unified Endpoint Management solution to manage and protect mobile devices.
10. MTR to the rescue!
Times such as these can prove difficult for some organizations to adequately deliver the level of services that are needed due to the strain that the pandemic has placed. With Managed Threat Response from Sophos your MSP is backed by an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats. Sophos MTR not only hunts for threats, we eliminate them.
11. Make sure clients have a way to report security issues
Most likely you have a communication system setup to stay in contact with your clients whether automated ticketing systems or a more informal process. Keep lines of communication open and give clients a quick and easy way to report security issues. Using collaboration tools such as Microsoft Teams will enhance your client engagements and lead to better understanding of security plans and opportunities.
12. Make sure you know about “Shadow IT” solutions
With large numbers of people working from home, Shadow IT – where non-IT staff find their own ways of solving issues – will likely increase. Sophos recently discovered ‘public’ Trello boards containing names, emails, dates of birth, ID numbers, and bank account information. Ensure users report use of such tools.
13. Stay in touch with MSP peers and colleagues
As this article is titled, we are all in this together – MSPs, SMB’s, enterprises, vendors, everyone, globally. Some of the best forms of advice that I have witnessed over the last few weeks have come from MSPs sharing what they are going through and what they are learning. There are many peer groups and social media groups for MSPs to get together virtually and I urge you to search for those groups if you are not already.
Sources:
- Alert (AA20-099A) COVID-19 Exploited by Malicious Cyber Actors
- https://www.helpnetsecurity.com/2020/04/07/covid-19-malicious-sites/
- *The Impossible Puzzle of Cybersecurity, Sophos, 2019
Guest blog courtesy of at Sophos. Read more Sophos blogs here.