New Year’s is right around the corner, and for MSPs, this means setting goals for your organization. This time of year presents itself as an opportunity for you to ignite growth within your organization in size, revenue, and positive impact on your clients. However, growth for your organization also means growth in the potential threat of cyberattacks. That is why it is vital to take the opportunity to improve your cybersecurity tactics.
1. Set Stronger Passwords
Threat actors are becoming more notorious for their infiltration tactics. One being brute force attacks, where threat actors attempt to replicate your username and password to access your systems, software, and accounts. So, using your favorite sports team and graduation year are out of the question!
This year, you should speak with your clients about setting stronger, more complicated passwords within their organization. These new passwords should not be shorter than eight characters, contain any recognizable words that can be found in the dictionary, or set of numbers that resemble a date. They also need to include symbols like “@”, “!”, and “&” in addition to just letters and numbers. The longer and more “scrambled” your clients’ passwords appear, the harder it will be for a threat actor to guess it and infiltrate their organization(s).
2. Enable MFA
Setting strong passwords is a great first step, but it is not a guaranteed strategy; it is still entirely possible that a threat actor could be able to crack your credentials. Enabling a multi-factor authentication, a.k.a. dual factor authentication (2FA), requires a user attempting to login to provide a code sent to a second source that the rightful owner of the account would have, like a text, email, or secure, third-party MFA application. Whoever is logging in with your stolen credentials will be prompted with MFA and prevented from accessing your accounts and systems. Additionally, if someone who shouldn’t have access tries to enter with your credentials, MFA code messages also present themselves as alerts to let you know whenever someone uses your credentials to log in somewhere when you receive an unprompted MFA notification.
3. Be More Cautious with Potential Phishing Attacks
On average, more than 3.4 billion phishing emails were sent every day in 2022, adding up to over a trillion phishing emails total for the year; and with phishing emails being the top reason why organizations become infected with ransomware, it is without a doubt a priority for countless organizations to become more aware of phishing tactics and measures to avoid them, Before opening any documents or links within any emails, be sure to check a few aspects for authenticity:
1) It may be an unusual sender, but if they claim to be someone you know, confirm the “sender’s” email address is spelled correctly 100%. If there is still suspicion, ask them for confirmation personally.
2) Check the link by hovering your cursor over it. A preview link should pop up on your screen to display the URL.
3) Read the email carefully for any misspellings or grammar errors.
4) A sense of urgency is usually implied in phishing emails. Usually, something along the lines of “I’m in a meeting and need you to take care of something for me as soon as possible.”
*See “Common Types of Phishing Attacks” Blog for a detailed breakdown*
4. Provide Security Awareness Training for Users
You can provide your clients with the best cybersecurity software in the world, and they may still fall victim to malware attacks because of user error. Providing cybersecurity awareness training for your clients is an excellent way to enhance their “user firewall” and keep them better protected from the most prevalent cybersecurity threats. The industries facing the highest level of cyberattacks, in no particular order, include Finance, Healthcare, Defense, and Retail. Whether your clients operate in these industries or not, you should offer services for them that bundle in cybersecurity awareness training.
5. Keep Everything Up to Date
Applications, software, and systems are known for their recurring updates, usually to fix bugs or security issues, but sometimes to implement patches for any newly discovered vulnerabilities within their products. By not implementing the latest updates in your endpoints, you run the risk of threat actors exploiting said vulnerabilities and infiltrating your organization with malicious software like ransomware. ThreatLocker’s security solutions allow you to update your applications, software, and systems as often as you need to without halting day-to-day operations. In addition to this, you can set temporary elevation policies that allow end users to install necessary updates for a brief period of time, making the process easy, seamless, and nearly risk free.
6. Invest in More Than One Security Solution
Unfortunately, there is no one security solution that perfectly covers every cybersecurity need within your organization, as nice as that sounds. To provide the optimal cybersecurity for your organization and/or your clients’ organizations, you should develop a strong security stack that consists of multiple products and services, each serving their own purpose. Your stack can consist of anti-virus solutions, MFA products, and even providing annual cybersecurity awareness training like mentioned above! By providing numerous products and services, you are covering more bases of security that threat actors dream of exploiting.
7. Implement a Zero Trust Security Solution
Creating a well-decorated cybersecurity stack can mitigate many cyber threats, and even prevent them from causing too much harm after infiltrating your and/or your client’s organizations. However, by implementing a Zero Trust solution into your security stack, you are able to set granular policies that prevent malicious software from harming your organization. For example, ThreatLocker’s endpoint security platform operates on a Zero Trust posture, meaning that you can allow only the software you need to operate your organization and block everything else… including ransomware! Zero trust products like ThreatLocker have saved countless organizations from disastrous software created specifically to harm your organization or exploit money from it.
In addition to this, the U.S. Federal Government has issued an executive order that will require certain organizations to comply with zero trust security posture requirements in early 2023. It is vital that you confirm whether or not your organization is required to comply with said executive order.
With times changing and the imminent threat of cyberattacks constantly increasing, there is no better time to set goals to improve your and your clients’ organization security posture than New Years. ThreatLocker’s zero trust endpoint security platform makes for the perfect add-on to any security stack, significantly improving your security posture by allowing only what you need and blocking everything else… including ransomware! If you’re ready to get a head start on your organization's New Year's resolution, reach out to the Cyber Hero Team to learn how you can implement ThreatLocker into your security stack and go into 2023 with confidence!