The Ultimate Cybersecurity Checklist for Your SMB Customers
We learned from 1,000+ MSPs surveyed in Datto’s 2016 State of the Channel Ransomware Report that ransomware is a major problem for SMBs today. Instead of standing by and allowing clients to be “sitting ducks” to these daily cyber attacks, let’s get proactive by spreading awareness of the ransomware threat and, most importantly, providing basic cybersecurity training to all employees.
Here’s a great checklist to help your customers get started with cybersecurity game.
- Conduct a security risk assessment. Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs.
- Protect your network and devices. Implement a password policy that requires strong passwords that expire every 90 days. Deploy firewall, VPN and antivirus technologies to ensure your network and endpoints are not vulnerable to attacks. Consider implementing multifactor authentication. Ongoing network monitoring should also be considered essential. Encrypt hard drives.
- Keep software up-to-date. Update all software when updates are available and be vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data – these updates are your friends.
- Control access to computers. Use key cards or similar security measures to control access to facilities, ensure that employees use strong passwords for laptops and desktops. Administrative privileges should only be given to trusted IT staff.
- Create + distribute straightforward cybersecurity policies. Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. This will vary from business to business but may include policies on internet surfing, social media use, bring your own device, authentication requirements, and shared resources. This policy should be reviewed and updated annually to ensure it accounts for any new threats.
- Train All Employees. Roll out a semi-annual, mandatory cybersecurity training session for all employees. Take one hour and explain the most common cybersecurity threats facing businesses today. Most importantly, provide employees with visual examples of social engineering attacks they might face as well as instructions on what to do if/when they do encounter a hacking attempt or data breach. Give your employees the keys they need to defend themselves (and the business).
With this handy checklist, your clients will be well on their way to protecting their data and avoiding any cybersecurity threats that may come their way. For even more tips and templates on all things cybersecurity, check out The Essential Cybersecurity Toolkit for SMBs.