As an MSP business, it’s integral that you respect the threats of ransomware. The issue is getting worse, it’s not getting better, and there are a number of reasons for that. One of the biggest is a basic core reality of technology: it’s always in forward transition. Every 18 months, technology doubles on itself in accordance with Moore’s Law intervals. It’s 2020, and Moore’s Law isn’t over yet.
As Rudyard Kipling once said— and this is paraphrased: “When you pay a pirate off, they just come back wanting more.” Well, it’s the same with ransomware. Not only is it getting worse, but if you handle a ransomware issue wrong, it will cost you more and more going forward. Here are a few ways you can avoid being impacted by this pernicious and expanding threat:
Establish Clear Email Protocols; Use a “Sandbox” to “Detonate” Questionable Attachments
An MSP business needs to have clear security protocols pertaining to emails. Getting backhanded by ransomware through your email inbox is, to appropriate a sports term, “bush league.” You should expect clients to have this issue, but as an MSP, you should assure everybody who has access to email is trained in properly secure usage techniques. Also, look into email “sandboxes.” These are basically digitally quarantined environments where email attachments are “detonated” safely to determine if they’re a threat like ransomware. This will do much to keep ransomware from getting into your inbox.
Facilitate MFA Pertaining to Devices Operating on a Remote Basis
Multi-Factor Authentication, often called two-factor authentication, is a key means of avoiding ransomware infection. With MFA, those operating on client sites won’t incidentally compromise your network when they access it remotely. This is especially considerable, as you’ll sometimes be dealing with clients who have definitely been infected with ransomware worms. Remote device security is paramount.
Initiate Automated Software Patching Solutions
You should have automated patch-management. Not all ransomware comes through user error. The 2017 WannaCry worm from North Korea exploited built-in back doors via SMB ports. Patch management saved businesses from being impacted in that scenario. Also, the fact that North Korea was involved raises a sticky issue: sometimes ransomware comes from “rogue” countries. You need to be prepared.
Design Effective Password Management
This goes without saying, but you likely have personnel who aren’t properly protecting things internally: you need to have secure passwords which are updated on a regular basis. You’ll likely be providing password management for clientele, be sure you use some of your own digital “medicine” internally as well.
Safeguarding Operations Against Ransomware
As an MSP business should be especially careful to safeguard against ransomware–the issue is getting worse. Have the right password management, automate patching, utilize MFA, and establish clear email protocols including options like sandboxing. Techniques like these can do much to help your MSP remain free of ransomware.