Ransomware may be the most talked about malware currently wreaking havoc on businesses and organizations of all sizes, but the one often overlooked aspect of these threats is how malicious actors are able to deliver a ransomware payload.
More often than not, SPAM or phishing emails are the main attack vector used by hackers to deliver malware such as ransomware. A recent VIPRE Security research report in which over 500 independent technology solutions providers were surveyed discovered that SPAM and phishing emails accounted for 63% of their customer’s ransomware infections.
With the cyberattack methods used by malicious actors becoming increasingly sophisticated, a MSP may wonder how they can protect themselves and their clients from these threats. There are numerous steps MSPs can take to prevent these types of intrusions from inflicting irreparable damage on a business.
Here are three of the ways a Managed Services Provider can protect their clients and themselves from email attacks.
1. Education
The human element is incredibly important when it comes to general cybersecurity. According to a recent report by Beazley Breach Response Services, accidental breaches caused by employee error or data breaches controlled by third party suppliers account for 30% of overall breaches, only slightly behind the level of hacking and malware attacks.
Educating clients and employees can be a key differentiator in the reduction of phishing attacks experienced by targeted companies. A few areas MSPs can dive into are: common phishing language, how to identify suspicious emails and links, how to protect their personal information, and what to do in case a breach occurs. Additionally, security awareness training can be offered to provide additional value to services or as another possible way to increase revenue. As part of their security awareness program a services provider could utilize solutions that allow for launching of simulated phishing attacks. This gives the sophisticated MSP the opportunity to provide not only additional value, but proof that there is need for their services.
2. Use Multi-Factor Authentication
One of the most basic and long-held security beliefs is that an end-user must protect themselves from attacks by changing their password every 30 to 180 days. One school of thought believes when a user changes their password every month it limits how long a stolen password would be useful to a stealthy attacker. However, according to Purdue University CERIAS, the mandatory password changes can cost companies billions in lost productivity and does little to improve security.
The safest way to protect end-users is by utilizing multi-factor authentication (MFA). MFA leverages several types of authentication to reduce the probability of compromise. Most organizations use “user and password” as the primary authentication factor and add a second factor such as a “one-time password” generated by a token (hardware or software), sent through an SMS message.
3. Implement Cloud Email Security
Probably the most effective way of removing human error from becoming a problematic factor in ransomware attacks is to prevent the malicious emails from even reaching the inbox of a user. Implementing a solid email security solution is the answer. With the right software a MSP will be able to thwart most of the possible attacks that target their end-user clients. Savvy solution providers should choose a solution that keeps clients safe from emerging email-based threats using a multi-layered security posture. The layered security posture sends each email through multiple checkpoints that check for various characteristics of emails that are malicious. Finally, look for advanced protection features such as spam filtering protocols, anti-phishing measures, and malicious attachment filtering.
There is never truly one singular foolproof method of protection from phishing attacks. The best path to take is to utilize a layered security approach that uses email and endpoint security which decreases the possibility of being penetrated by attacks. As the sophistication of attacks grows, creating multiple security checkpoints will reduce liability, increase security, and create long-term value in your services for your clients.
Kevin Raske is a marketing specialist for cloud security at VIPRE Security. Read more blogs from VIPRE here.
