Fighting the Phish Using Bubble Wrap
Bubble Wrap. That obsessively addictive plastic material, made up of hundreds of small air-filled bubbles we all love to squeeze. Although I tend to think of Bubble Wrap as the original fidget toy—melting away our anxieties with every satisfying pop—most people associate it with helping to protect their most precious collectibles when in transit or being placed in long-term storage.
When I’m talking about #Cybersecurity with our MSP partners, I often use the analogy of Bubble Wrap as a reminder that MSPs need to do everything they can from a program and solution design perspective to proactively protect end users from themselves and ensure they don’t inject undue harm onto their organization’s network. Left unchecked, end users are the real cybersecurity threat facing businesses today—and bad guys know and exploit it.
According to a Verizon 2021 Data Breach Investigations report, 85% of breaches involved a human element and 61% were due to stolen or compromised user credentials.
So as an MSP, what can you do to help Bubble Wrap your customers’ employees to better mitigate their cyber risk exposure?
Four Steps to Help Fight the Phish!
1. Design your cybersecurity programs with the end user in mind
AV, patch, and backup are no longer the hallmarks of a well-designed security program. With the rapid changes in today’s threat landscape, you need to be sure your cybersecurity program is keeping ahead of scammers. To help fight the phish, it needs to evolve to include more advanced security features, such as email and spam filtering that analyze inbound emails to prevent malicious links or attachments from ever reaching the end user’s Inbox in the first place, as well as DNS/web filtering solutions to block access to malicious websites.
2. Implement mandatory multifactor authentication (MFA) for employee access into all critical accounts, applications, and systems
The bad guys are quite savvy about how they trick end users into giving up their password information; but by requiring mandatory MFA for all employees, an additional security hoop is introduced that hackers will need to jump through to successfully infiltrate the organization’s network.
3. Include mandatory cybersecurity training for ALL employees as part of your cybersecurity programs
Education should be at the heart of your cybersecurity programs and automatically included in the monthly fee you charge—not be positioned as an optional add-on. And everyone within the organization—including all managers and executives—should participate in the training. You need to teach end users about the most common types of phishing attacks and how to identify them. Enroll all employees in regular phishing simulations to test and measure their awareness, which will help to detect who may be at risk for a cyberattack.
4. It isn’t IF an attack will happen, but WHEN—be sure your program also includes cyber-resiliency components
Your modern cybersecurity program should extend beyond using traditional antivirus software and contain a next-generation AV solution, like Endpoint Detection and Response (EDR). The new technologies of EDR don’t rely on continuous signature updates to maintain their effectiveness and incorporate rollback capabilities to help revert an end user’s machine to a pre-attack, healthy state in the event something gets through.
When it comes to mitigating and protecting against phishing attacks, it only takes one employee to click on something they shouldn’t to kick-start a chain reaction of dire consequences. As their MSP, it is critical you implement proper cybersecurity programs and policies to Bubble Wrap each employee as much as you can—to better protect themselves and their organization from attack.
This guest blog is courtesy of N-able. Stefanie Hammond is head sales and marketing Nerd at N-able. You can follow her on LinkedIn and on Twitter at @sales_mktg_nerd. Read more N-able guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.