Three ways MSPs can assist with ransomware prevention

With researchers seeing more than 120 separate families of ransomware in use today, it’s not surprising that cyber attacks have been making big headlines.

While large organisations are common targets due to their resources, the Symantec 2016 Internet Security Threat Report reveals that 43 per cent of cyber attacks in 2015 targeted small businesses. Cyber criminals are well aware that SMEs often lack often lack sophisticated cybersecurity tools – and even if they do have them, they lack the staff and knowledge to successfully administer them. Criminals take full advantage of this fact.

SMEs are valuable to cyber criminals, because they can hold competitive intelligence or trade secrets and can sometimes serve as an entry point to larger organisations. In addition, due to SMEs’ less sophisticated cybersecurity measures, criminals can target more SMEs for less investment. With the amount of threats now facing SMEs, it’s critical to ensure their network and data are protected.

To help businesses cope with inevitable cyber threats, managed services providers (MSPs) have begun to offer cloud-based cybersecurity solutions. Of course, the term “cybersecurity” can encompass many types of solutions. If you’re considering a managed cybersecurity offer, ensure it has the following elements to protect your business before, during and after an attack.

1. Perimeter Defence

When an attack occurs, you must ensure your perimeter is protected at as many entry points as possible. These entry points include servers, computers and any personal devices being used for business purposes.

Firewalls and sophisticated unified threat management (UTM) devices form the backbone and first line of perimeter defence for any network. These devices are the “gatehouse” of your business, providing a barrier between your organisation’s network and untrusted networks. If your company doesn’t already have a suitable firewall or UTM device, it is only a matter of time before hackers compromise your electronic assets.

It’s also important to protect servers with file-level anti-virus along with intrusion detection and prevention; deep packet inspection; port scanning and protocol inspection; and perimeter anti-virus and malware blocking. However, staff shortages can lead to firewalls quickly becoming outdated as they often don’t receive the attention they need.When sourcing a managed firewall service from an MSP, enquire about the level of support the vendor provides. Do they assist with the implementation process only? Perform periodic maintenance? Provide ongoing support?

The more support the MSP is able to provide, the less time IT will need to spend managing equipment and system settings, and the more you reduce the odds of your business being breached due to out-of-date network security tools.

2. Data Vaulting

Ensuring that your data is protected is the first step in an effective data breach response approach. As ransomware variants continue to evolve, so too do the methods to avoid complete data loss or, even worse, having to pay the ransom - which is never recommended, as it only encourages hackers.

If one of your employees falls victim to a ransomware attack, having a current off-site backup is critical in order to regain access to your files. This method is also useful when newer releases of ransomware that target on-site backup infrastructure come along, so your business does not end up with unusuable recovery data.

Managed IT service providers are in an excellent position to have noticed the growth of vaulting data in the cloud as it becomes an increasingly popular means of moving data off-site. Of course, businesses managing critical and confidential data want to keep it close to home, in order to maintain control over such data, and to help SMEs strike that balance without sacrificing security, ITS launched a solution that allows clients to vault data.

The problem is having the time and expertise to manage this data. Having an MSP assist with data management helps ensure backups are current, validated and accessible when you need them. This service can be particularly beneficial to SMEs, which typically don’t have the internal resources to dedicate to a full-fledged data security and compliance program including security, staffing and infrastructure.

If the MSP will be handling sensitive data in the cloud, however, first ensure that the files remain encrypted in transit and at rest. Also verify that the vendor offers service level agreements (SLAs) that provide adequate recourse in the unfortunate event that data is lost.

3. System and Data Recovery

Following an attack, you must be able to recover your critical data. Many assume that just because an MSP offers backup services that they’ll also offer recovery services. That’s not always the case, however, and unfortunately some businesses don’t realise this until they seek the vendor’s help with recovering their business data and are refused.

Even if the MSP does provide recovery services, the amount of time it takes to restore the backup can potentially prolong a significant business interruption. For example, Lukas Hospital in Neuss, Germany, had complete backups of all systems in place, but when it was plagued with TeslaCrypt 2.0 ransomware, the hospital estimated that it would take up to 48 hours before its IT environment was fully functional again.

As a result, 20 per cent of the hospital’s surgeries had to be rescheduled, and less critical care had to be temporarily shifted to other hospitals. Calculating the maximum allowable downtime of your organisation can help you determine your recovery time objectives (RTOs) for critical data and applications. You can then select a backup solution that has the ability to restore the backup files within the required time frame.

Any vendor you work with should provide an SLA that holds the service provider contractually responsible for restoring your company’s data within a specified time to minimise effects on business operations. Without an SLA, there’s no guarantee that you’ll be able to recover your data within your RTOs.

Cyber criminals might be outpacing your IT team, but that doesn’t have to lead to a data disaster for your business. By enlisting the services of a trusted MSP that provide comprehensive data and network security services backed by SLAs, you can be fully prepared to respond to cybersecurity incidents.

Matt Kingswood, Head of IT Specialists (ITS) UK

Image source: Shutterstock/Carlos Amarillo