You asked, and we listened. After being one of our most requested features from partners, we’re delighted to announce the general availability of our Ticketing API to help you automate security workflows effortlessly.
Here’s everything you need to know.
What is it?
Our Ticketing API now offers full access to certifications and desktop security controls, providing deeper integration and flexibility for your customers’ security needs. Whether you want to automate workflows, integrate with other systems, or customise your offerings, our API gives you the tools to do so.
Who is it available to?
All CyberSmart Partners, no matter your tier. Our Ticketing API isn’t currently available to direct customers.
How do you set it up?
Although our Ticketing API offers powerful features, it’s worth noting that it’s not a plug-and-play solution. You’ll require developer expertise to set it up and take advantage of its full functionality.
We’ve prepared some resources to help your team get started, including:
A step-by-step guide to setting up our ticketing API, which you can find here
We recommend sharing these resources with your developers as soon as they begin the implementation process.
What’s next?
We understand that this current rollout is quite technical, and we’re aware that not all partners may be ready to dive in immediately. While this is the first phase, we’re committed to improving and expanding the functionality in the future.
However, for the moment, this is full scope of our Ticketing API release. Rest assured we’ll keep you updated as we work on future enhancements.
We’re excited to see how you use the Ticketing API to unlock new possibilities for your customers. Please reach out with any questions or feedback, and thank you for being a valued partner.
Managed service provider cybersecurity: how to protect yourself and your clients
Managed service providers (MSPs) are at greater risk of cyberattacks than other businesses. The question is, why?
What makes MSPs, like yours, such an enticing target? And what can you do to protect your business and your clients?
Why do cybercriminals target MSPs?
MSPs might seem like an odd target. We tend to think of them as technology experts, with the best cybersecurity solutions, processes, policies, and tools. So surely there are more tempting targets? Unfortunately, this is only partially true.
No matter how well-protected an MSP might be, plenty of cybercriminals believe the risk is worth the reward. MSPs have remote access to their clients’ systems and networks. Not to mention huge amounts of data – everything from employee login credentials to financial records.
In short, cybercriminals target MSPs for the same reason they attack supply chains. Successfully breaching their defences can create a domino effect that extends way beyond the initial target, leading to ‘follow-on’ activity across the MSP’s client base.
What are the consequences of a successful MSP cyber-attack?
Cyber-attacks have direct and indirect consequences for MSPs.
Direct consequences
Disruption is perhaps the most obvious consequence. Unless you catch it early, a successful cyber-attack can bring your systems down, requiring a lengthy clean-up operation to put right. Not only does this impact productivity, it also has a detrimental effect on employee confidence and morale. There may be financial consequences to consider, too.
A serious malware attack can lead to prolonged service outages that directly impact your bottom line. Meanwhile, a successful ransomware attack may result in locked systems or stolen data, leaving you no choice but to pay the ransom. Additionally, you may have to pay a fine if an independent investigator decides your cybersecurity failed to meet the minimum requirements of your industry.
Then there's the possible reputational damage of a cyber-attack, which can make harder to attract new clients and retain existing ones.
Indirect consequences
Often, your clients suffer most from a managed service provider cybersecurity breach – particularly if you work with SMEs.
Only 33% of UK SMEs use threat monitoring tools, according to one government survey. At the same time, even fewer (31%) conducted a cybersecurity risk assessment last year. This makes SMEs more susceptible to threats than large organisations, enabling attacks to spread faster.
The Kaseya ransomware attack illustrates how easily an attack can get out of control. After exploiting vulnerabilities in the provider’s software, the breach spread to dozens of MSPs and over 1,500 of their customers in a matter of hours.
7 tips to defend against managed service provider cybersecurity threats
There’s no doubt cyberattacks can have serious consequences for MSPs. However, adopting a few simple measures can go a long way to protecting you and your customers.
1. Install software patches
Even the best-protected software can develop vulnerabilities over time, presenting a golden opportunity to wily hackers. You can mitigate this risk by updating your software with the latest patches as soon as they become available.
It’s like mending a puncture. The sooner you apply the patch, the less air escapes. Updating your software works on the same principle, allowing you to catch issues before they escalate. The best part? It’s quick and easy, taking only a couple of minutes a month.
Multi-factor authentication (MFA) is an application security process that requires users to set up two or more verification methods. Alongside the traditional username and password, these include:
Security questions
PIN codes
Biometrics (e.g. thumbprints)
On their own, passwords are vulnerable to data leaks and brute-force attacks. By contrast, MFA is difficult to crack – even for the most sophisticated hackers.
3. Back up your systems and data
Backing up your systems and data provides a vital failsafe should you suffer a breach. In some cases, it can even help you avoid having to pay a ransom.
The simplest and most cost-effective approach is to use data backup software. Once installed, it automatically copies data to one or more external sources. For example, an external drive, data centre, or cloud server.
Not sure what to back up? Use this simple rule of thumb: anything you don’t want to lose, back up.
4. Segregate your networks
Dividing your network into distinct parts (or sub-networks) helps to prevent unauthorised access to sensitive data.
The key to this is setting strict access controls for each sub-network, based on the zero-trust principle. This ensures users only have the privileges they need to do their job. It might sound extreme, but it’s critical in allowing you to isolate affected systems, customers, or accounts in the event of an attack.
Start with the basics. Teach staff how to spot the tell-tale signs of a cyberattack and how to respond. Looking further ahead, consider running regular top-up courses to keep staff up to date with best practices. This gives them the knowledge, skills, and confidence to combat threats.
6. Create an incident response plan
Cyberattacks aren’t inevitable. But, statistically speaking, they are likely. That’s why you need a coherent and actionable response plan, in case the worst does happen.
An incident response plan is a set of instructions that tells employees what to do in the aftermath of a cyber-attack. It helps you organise an effective and coordinated response, minimising damage and helping you recover faster.You’ll also need to encourage your clients to develop their own incident response plans. Just 4% of MSPs say all their clients have active incident response plans.
Is your software/hardware process documented, repeatable, and measurable?
How do you stay updated on emerging vulnerabilities?
What level of malware protection do you have in place?
What physical and digital access controls do you use?
How do you ensure upstream suppliers adhere to cybersecurity best practices?
Remember: when it comes to cybersecurity, a unified approach is the best defence.
Stay on top of cybersecurity
The cybersecurity landscape is like a daunting place. New threats emerge all the time, creating obstacles for you and your customers. But by following these simple steps, you can reduce your exposure to common security risks and work safely.
Key takeaways from the MSP cybersecurity survey 2024
How prepared are managed service providers (MSPs) to deal with cyber threats?
This might seem like an obvious question, but there’s surprisingly little research on the subject. So, we set out to change this. Alongside our friends at OnePoll, we surveyed 250 UK business leaders from every major industry to understand the challenges and opportunities facing MSPs.
The MSP cybersecurity survey 2024: 5 things you need to know
1. MSPs are a popular target for attackers
MSPs are among the most attractive targets for cybercriminals. 87% of respondents said they’d experienced at least one breach in the last year – with many suffering multiple attacks.
So, why are they such a popular target?
Many businesses rely on MSPs for everything from IT support to network monitoring. They provide essential services, but need privileged access to their customers’ critical systems and data to deliver them.
As such, breaching an MSP gives cybercriminals access to data from multiple targets. This allows them to reach more victims with minimal effort, maximising the amount they can earn from a single attack.
2. Malware and ransomware are the biggest threats to MSPs
Cyber threats take various forms. Some, like phishing, are more common than others. But for MSPs, the biggest threats come from malware and ransomware.
57% of respondents ranked malware and ransomware as their biggest concerns, ahead of unpatched vulnerability exploits (41%) and insider threats (37%). These results are particularly interesting given that many businesses don’t have ransomware recovery plans or policies to deal with them.
3. MSPs overlook key cybersecurity risks
Despite growing awareness among MSPs of the biggest cybersecurity risks, our survey revealed some notable exceptions.
The cybersecurity skills gap is a prime example. Only 35% of respondents identified it as a key concern – in sharp contrast to recent World Economic Forum research suggesting it remains a serious threat.
Alarmingly, only 26% recognised supply chain attacks as a threat, while few explicitly mentioned phishing. This is particularly surprising, given that 84% of businesses that reported breaches last year experienced some form of phishing attack.
4. Customers expect more from MSPs
IT services are the bread and butter for many MSPs, providing guidance and support for businesses that don’t have the resources to manage their infrastructure in-house. But customer expectations are changing.
65% of respondents said customers expect MSPs to implement or manage their cybersecurity. Meanwhile, 73% feel their security capabilities are under greater scrutiny, especially during request for proposal (RFP) and new business meetings.
In response, we’ve seen many MSPs adapt their services to meet this demand. 70% of respondents have expanded their capabilities over the last year, adding cybersecurity support services and products to their portfolios.
5. Cybersecurity confidence is high among MSPs
Nearly all respondents said they were confident in their business’s cybersecurity. We defined this as having or engaging in at least one of the following:
Our survey reveals some interesting truths about MSP cybersecurity.
MSPs remain the most popular target for cybercriminals, with malware and ransomware attacks the biggest threats. Service providers are increasingly aware of the dangers of the digital frontier and are confident in their defences, but overlook some key risks nonetheless.
Arguably, the most interesting point is the changing perception among customers. Many now expect service providers to offer cybersecurity products and services as standard. While this might seem like another hurdle to overcome at first glance, it presents a golden opportunity to MSPs willing to adapt to meet this demand.
5 MSP cybersecurity threats (and how to stop them)
Few targets are as enticing to cybercriminals as managed service providers (MSPs). And for good reason.
From IT support to finance management, MSPs provide essential services to large customer bases. But to deliver them, they need privileged access to internal systems and sensitive data. As such, successfully breaching an MSP can give cybercriminals access to huge amounts of information from multiple businesses.
To help you stay one step ahead, we’ve listed five of the most common MSP cybersecurity threats – along with some simple tips to defend against them.
The 5 most common MSP cybersecurity threats
1. Phishing
Phishing is a form of social engineering attack that tricks people into handing over sensitive information or downloading malicious software. Typically, by impersonating a trusted individual or organisation, or by creating panic.
Cybercriminals often use email to initiate phishing attacks. How many times have you seen messages like this appear in your inbox?
“Hi Jane, this is Bob. We need to send an urgent payment to a new supplier, but I’m in a meeting for the rest of the day. Can you organise it on my behalf, please? It needs to go out immediately. Please see the details attached.”
Generative AI has made phishing attacks harder to spot and more dangerous. For example, advanced AI can clone the voice of trusted contacts.
Quick tips to defend against phishing
Check the sender’s name and address: does it look legitimate?
Read emails carefully: are there any obvious typos or grammatical mistakes? Does the tone sound strange?
Install antivirus software: some programs can spot malicious links or and potential phishing sites.
Train staff: run regular training sessions to help employees spot the tell-tale signs of a phishing attack, and teach them what to do in the event of a breach.
A combination of “malicious software”, cybercriminals use malware to attack business-critical systems, disrupt operations, and steal sensitive data. It comes in various forms, the most common being:
Ransomware
Spyware
Adware
Trojan horses
Worms
Cybercriminals have even begun to lease malicious software. Known as malware-as-a-service, this model allows people with minimal coding skills to launch full-blown cyber-attacks.
Small and medium-sized businesses (SMBs) are particularly vulnerable to malware. Few have the knowledge or skills to handle a targeted attack, which explains why 57% of industry leaders see it as the biggest MSP cybersecurity threat.
Quick tips to defend against malware and ransomware
Only use secure networks: avoid public or unsecured networks when using work devices.
Backup data regularly: create separate copies of important files so you can quickly restore lost data in the event of a breach.
Install anti-malware: this monitors your systems to identify and sometimes remove malicious software.
Invest in a ransomware recovery toolkit: these contain business continuity and disaster recovery plans, helping you respond constructively to breaches.
3. IT vulnerability exploits
Unlike the other MSP cybersecurity threats on this list, IT vulnerability exploits describe a tactic or method – rather than a specific type of threat.
IT vulnerability exploits don’t rely on victims to click on malicious links or download compromised software. Instead, they deliberately target weaknesses in your software, systems, or processes, often using exploit kits.
Common vulnerabilities include:
Misconfigured programs
Unpatched software
Weak passwords
Bugs
Quick tips to defend against IT vulnerability exploits
Patch your software: install updates as soon as they become available to nip vulnerabilities in the bud.
Run penetration tests: simulate cyber-attacks to pinpoint weaknesses and see how your systems stand up to threats.
Follow cybersecurity best practices: create clear processes and policies to minimise vulnerabilities that stem from human error, such as duplicated passwords.
4. Insider threats
As the name suggests, insider threats originate from within your business. They fall into two broad categories: accidental and malicious.
Accidental: caused by someone unintentionally exposing your systems to cyber threats. For example, by clicking on a malicious link, visiting a compromised website, or leaving an unprotected device in a public place.
Malicious: caused by someone deliberately abusing their access rights to steal data or damage your systems. Malicious insider threats often stem from disgruntled employees, contractors, or partners.
This MSP cybersecurity threat has become more common in recent years. 38% of UK SMEs attribute this to the cost-of-living crisis, and it stands to reason. Financial pressures force many businesses to reduce headcount, while some employees may need to find other revenue streams to make ends meet.
Quick tips to defend against insider threats
Set strict access controls: only give administrative rights and account access when employees need it to do their jobs.
Embrace multi-factor authentication (MFA): enforce MFA on business-critical systems and accounts to provide extra protection.
Look out for suspicious activity: monitor systems for common insider threat indicators, such as unusual login behaviour or privilege escalation.
Enforce strong security policies: ensure a consistent approach to cybersecurity across your business, with clear guidelines governing things like password etiquette and access privileges.
5. Supply chain attacks
Supply chain attacks are an indirect MSP cybersecurity threat. They work by exploiting weaknesses in third-party software, hardware, or services to bypass your defences and give cybercriminals access to your systems.
Because they originate through legitimate suppliers, supply chain attacks are difficult to spot. For example, it took months for cybersecurity professionals to discover the root cause of 2019’s infamous SolarWinds attack.
Enforce strong cybersecurity measures: before worrying about your suppliers, ensure your cybersecurity is up to scratch.
Speak to your suppliers: start an open dialogue with channel partners to discuss cybersecurity challenges and best practices.
Conduct cybersecurity risk assessments: evaluate current and new suppliers to ensure their cybersecurity meets minimum requirements.
Follow NCSC supply chain security guidance: this lists the five basic steps to secure your supply chain.
No threat is insurmountable
MSP cybersecurity threats come in many forms. The good news is that most are relatively unsophisticated. Adopting simple and affordable security measures can go a long way in securing your business. Not sure where to start? Consider a cybersecurity certification, like the government-backed Cyber Essentials scheme. Built around five security controls, it provides impartial guidance to help you improve your cyber hygiene.
Although MSPs are increasingly under threat, the current landscape also offers new opportunities. Read our latest report to find out more.
Press release: MSP market is pivoting towards providing cybersecurity solutions, new CyberSmart Research indicates
Increased focus on offering security as a service from the customers of Managed Service Providers, CyberSmart survey finds
New research conducted by CyberSmart, a leading provider of SME security solutions indicates that Managed Service Providers, historically expected to manage IT infrastructure for their customers, are increasingly expected to protect this infrastructure too.
The research, conducted by OnePoll in Spring 2024, polled 250 senior leaders at UK-based Managed Service Providers, found that 65% of MSP customers now expect their provider to manage either their cybersecurity infrastructure or both their cybersecurity and IT infrastructure.
This interest in Managed Service Providers’ security capabilities has been noted by the MSPs surveyed in new business/RFP meetings, where 73% suggested either somewhat more (51%) or much more (22%).
The expectation that MSPs should manage security as well as IT can be viewed as a response to the security capabilities which their customers have in-house: 37% of respondents indicated that only 20% or less of their customers have a specific cybersecurity role in-house, reflecting the need for MSPs to take ownership of cyber on behalf of their customer base
What’s more, it has been reflected in strategic and structural changes taking place at MSPs. Respondents indicated they had made the following changes in the past 12 months:
33% had increased the associated budget for their security capabilities
28% have increased the associated budget for their regulatory capabilities
28% have made specialist cybersecurity hires
14% have made specialist regulatory hires
“This change in customer expectation and need reflects a sea-change in how Managed Service Providers need to operate,” said Jamie Akhtar, Co-Founder and CEO at CyberSmart. Managed Service Providers are a lifeline for many SMEs and the underappreciated backbone of much of our economy’s IT infrastructure as such. As IT and cybersecurity threats become increasingly intertwined, it makes sense that managed service providers would begin to offer more security services. However, as previous research has indicated, MSPs themselves are vulnerable to cyberattacks. It’s important that they - and the wider security industry - do all that they can to empower MSPs to provide the security services they are now expected to with absolute confidence.”
Is your MSP ready for cyber threats?
With 87% of MSPs experiencing breaches, understanding the current cybersecurity challenges is crucial. Access the CyberSmart MSP Survey 2024 to equip your organisation with the knowledge to stay ahead.
CyberSmart research reveals high levels of cyber confidence in MSPs, despite 87% experiencing a breach in the past 12 months.
London, UK - July 10th 2024 - New research conducted by CyberSmart, a leading provider of SME security solutions indicates that nearly all MSPS report high rates of cyber confidence across their organisations, despite the vast majority having experienced at least one data breach in the past 12 months.
The research, conducted by OnePoll in Spring 2024, polled 250 senior leaders at UK-based Managed Service Providers, found that an overwhelming majority of MSPs - 87% - had experienced at least one data breach in the past 12 months, with 16% indicating they had experienced more than 5 incidents in the same timeframe.
This track record on cybersecurity stands in contrast to the associated cyber confidence that the surveyed MSPs reported. Almost all - 97% - of the MSPs surveyed suggested that their organisation had either a ‘fair’ amount of cyber confidence or a ‘great deal’ of cyber confidence.
Another interesting aspect of the results is that this confidence appears to be projected onto MSP customers too, with respondents reporting that they believed 85% of their customers had either a fair or a great deal of cyber confidence.
What are the top threats to MSPs?
Both the customers and providers identified ransomware and malware infection as the top concern, at 55% and 57% respectively. For MSPs, inflation and spiralling costs came in second (43%) and for customers, exploitation of unpatched or undisclosed vulnerabilities was the second most concerning threat (44%).
“The associated confidence noted by MSPs is heartening but needs to reflect the reality on the ground for MSPs, and their own perception of their security posture is concerning and highlights the need for the cybersecurity to step up and work closer with Managed Service Providers,” said Jamie Akhtar, Co-Founder and CEO at CyberSmart.
“MSPs, due to the levels of privileged access they will have into multiple companies, make for an appealing target for cybercriminals. This, coupled with the fact they are responsible for the IT infrastructure of companies without IT or security resources, means it is paramount that security providers work closer with them to protect the £ 5.5 million SMEs who in many cases turn to MSPs to keep them safe. Failure to do this could be existential for many of their customers.”
MSPs suggested that a focus on cybersecurity training, IT policies and fostering a more security-conscious culture would help them to achieve complete cyber confidence.
Discover the latest cybersecurity insights for MSPs
Uncover the critical findings from the CyberSmart MSP Survey 2024. Learn how managed service providers are navigating the evolving cybersecurity landscape and what it means for your business.
Do you run a small charity or legal aid firm? If so, you could be eligible for funded Cyber Essentials certification to help you put basic cybersecurity measures in place. Here’s everything you need to know.
What is the funded Cyber Essentials scheme?
Small charities and legal aid firms protect and serve some of the most vulnerable in our society. However, unfortunately, they’re also a key target for cybercriminals. The NCSC’s Cyber Breaches Survey 2022 revealed that 30% of UK charities identified a breach in the last 12 months.
The reason for this is simple. Charities and legal aid firms process large volumes of highly sensitive data but often have relatively weak defences – making them an ideal target for cybercriminals. To counter this, the National Cyber Security Centre and IASME have launched the new Funded Cyber Essentials Programme. This offers small organisations in high-risk sectors free, practical support to help put basic cybersecurity controls in place and achieve Cyber Essentials certification.
How does the scheme work?
Qualifying organisations will receive up to 20 hours of remote support with a Cyber Essentials Assessor – all at no cost. Our assessors will spend this time helping you identify and implement the improvements needed to meet the 5 technical controls of Cyber Essentials. We’ll follow this up with an assessment to ensure everything is in place.
With our guidance, you’ll be ready to take the Cyber Essentials and Cyber Essentials Plus certifications. If it’s not possible for you to complete Cyber Essentials Plus after 20 hours of support, we’ll give you clear directions on how to become assessment ready.
Is the certification free?
Yes. IASME has agreed to fund both Cyber Essentials and Cyber Essentials Plus certification for successful applicants to the scheme.
Who is eligible for the scheme?
To qualify for this scheme, your organisation must be:
A micro or small business (1 to 49 employees) that offers legal aid services
A micro or small charity (1 to 49 employees) that processes personal data
No previous cybersecurity experience or certification is required. Even if you’re completely new to cybersecurity, we’ll guide you through the process.
How long is the scheme running for?
The scheme runs until the end of March 2023. However, it’s worth noting that IASME is offering a limited number of funded packages. So it’s worth getting your application in as soon as possible.
What is Cyber Essentials?
The Cyber Essentials scheme is a UK-government-backed cybersecurity certification that outlines the security procedures a company should have in place to secure its data. Cyber Essentials is highly recommended for SMEs because this certification protects you against 98.5% of the most common cyber threats. Cyber Essentials Plus includes all of the same technical controls but with one major difference. Whereas Cyber Essentials is a self-assessed certification, Cyber Essentials Plus includes a technical audit of your systems. This next step gives you
complete peace of mind your cybersecurity is up to scratch. And, your clients and partners don’t have to take your word for it that you’re cyber secure – they can rely on the expertise of a professional.
Can I apply to the scheme through CyberSmart?
Yes. As the UK’s leading provider of cybersecurity certifications, we’re proud to be taking part in this scheme.
To apply for the scheme, head to IASME’s Funded Cyber Essentials page and fill in the form at the bottom of the page. If you’re successful in your application, IASME will pass you over to us (or another certification body) to complete the certification process. Alternatively, if you’re one of our partners or MSPs and want to refer a customer for the scheme, get in touch. We can apply on your client's behalf and ensure the support and certification is carried out by CyberSmart.
Want to know more about cybersecurity certifications? Check out our in-depth guide to cybersecurity certifications in the UK.
Why managed service providers (MSPs) are a target for cybercriminals
According to security services from the ‘five eyes’ countries – Britain, the US, New Zealand, Australia and Canada – Managed Service Providers (MSPs) are increasingly at risk of cyberattacks. But why? What makes MSPs such an enticing target for the bad guys? And, more importantly, what can MSPs do to protect themselves and their customers?
Why are MSPs being targeted?
Upon first hearing, it might sound odd that cybercriminals are targeting, and often successfully attacking, MSPs. We think of MSPs as IT and cybersecurity experts with good defences, so surely there are more tempting targets?
Unfortunately, this is only partially accurate. Although it’s true that many MSPs do have pretty robust cyber defences, there’s another reason they get cybercriminals champing at the bit.
MSPs are so attractive to hackers because they can typically remotely access clients’ networks and IT environments. And, that’s before we mention how much data the average MSP has access to – everything from financial information to breakdowns of customers’ security.
In short, MSPs are being targeted for the same reason as supply chains. Successfully breaching an MSP means cybercriminals gain access to much more than the initial target. It could lead to ‘follow-on’ activity across the MSP’s whole customer base.
In other words, it’s a huge win for the bad guys. And cybercriminals are very obviously aware of that fact. According to new research by N-able, 90% of MSPs suffered a successful attack in the last 18 months. The study also found that the number of attacks prevented by MSPs almost doubled during the same period.
What are the consequences of a breach?
The impact of a successful attack on an MSP can be severe. The best way to think about it is to split the consequences into two categories – direct and indirect. Let’s deal with direct first.
Perhaps the most obvious impact of a breach is the disruption it could cause an MSP. Your business could be hit with a lengthy clean-up operation, systems downtime, and a big dent in staff morale. What’s more, depending on the kind of attack, there may be a financial aspect to the disruption.
A ransomware attack could lead to your business having to make a hefty payout. Meanwhile, a serious malware attack, with a long period of systems outage, could lead to you haemorrhaging revenue. Likewise, the reputational damage to any MSP successfully breached could be grave. Most MSPs pride themselves on their strong security and market themselves thus to customers. So the news of an attack could seriously weaken customer trust, leading to a PR nightmare and potential loss of revenue. We’ve dealt with the direct consequences, let’s move on to indirect. As we mentioned earlier, the major reason why cybercriminals are targeting MSPs is due to their customer base. And it's your customers who could be the most affected by an attack. A real-world example of this is the REvil ransomware attack on Kaseya, the MSP software provider. The breach spread to dozens of MSPs and over 1,500 of their customers, illustrating just how fast an attack could get out of control.
What can MSPs do to protect themselves and their customers?
We’ve painted a pretty terrifying portrait so far. However, just because the consequences can be dire, it doesn’t mean there aren’t things you can do to protect your business and customers. Here are a few of the most important.
Set up multi-factor authentication (MFA)
MFA is an authentication method that requires you to provide two or more verification methods to sign into an application. Instead of just asking for your username and password, MFA adds some extras, like a randomly generated pin code sent by SMS, a thumbprint, or a piece of memorable information known only to the user.
MFA is also a sure-fire way to protect your business against cyberattacks. Passwords alone are vulnerable to data leaks and brute-force attacks. MFA, on the other hand, is very tricky for even the most sophisticated hackers to crack.
Back up your systems and data
Backing up your systems and data can provide you with a vital failsafe after an attack. In some cases, it can even help you avoid having to pay a ransom. And, when it comes to what to back up, use this simple rule of thumb: ‘anything you don’t want to lose, back up’.
Both you and your customers should segment networks and systems as much as possible. What do we mean by segment? Well, one example is to never use admin credentials across multiple customers or systems.
Another is to ensure that no one has access or privileges beyond what they need to do their job. That might sound harsh but, in the event of an attack, it’ll allow you to isolate affected systems, customers, or accounts.
Train staff
At CyberSmart, we’re constantly pushing the importance of training. After all, if your staff don’t know which security behaviours are harmful or don’t know the warning signs of an attack, they’ll struggle to protect themselves or your business.
Training can fix this. And it’s probably the single most important thing you can do as a business. Find out more, here.
Develop incident response plans
A successful attack on your business isn’t inevitable. Nevertheless, statistically, it is likely. So you need a coherent, easy-to-action response plan, in case the worst does happen. You’ll also need to encourage or help your customers to develop their own. Currently, just 4% of MSPs report that all their clients have an incident response plan. And, this means thousands of weak links across the IT sector.
Regularly patch software
Patching or updating any software you use, so that it doesn’t have easily exploited weak points, is incredibly simple but very important. Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated. Applying patches released by the software provider can fix this. Think of it as being like fixing a puncture. You apply the patch so no air can leak out. Updating your software effectively does the same thing, giving you air-tight cybersecurity.
The best part? It won’t take you anywhere near as long as fixing a puncture, just a couple of minutes each month.
Map your supply chain risks
Last of all, understand your supply chain risks. Assuming you’ve locked down your own cybersecurity, identify who among your customers or suppliers could pose a risk. Alongside this, talk to your customers and partners about their cybersecurity. The best defence against threats is a unified approach and common strategy.
To find out more about the threats facing businesses, read our guide, The State of UK SME Cybersecurity. It’s full of useful insights on the risks small businesses face and what can be done to counter them. Get your copy here.
CyberSmart forges new channel partnerships to reach SMEs
We are delighted to announce two exciting new partnerships this week at CyberSmart. The first with Ingram Micro Cloud, part of one of the world’s leading channel distributors (IMUK), and the second with Synaxon UK, one of Europe’s largest channel buying groups.
Through these partnerships, we are extending our reach to allow us to help many more SMEs who are struggling to balance the demands of their business with the risks of cyber security.
“The team at CyberSmart is thrilled to be teaming up with new partners to do what we do best, and that is to defend the underdogs,” says Hugh Furness, CyberSmart’s Head of Channel Strategy.
“SMEs are often neglected in cybersecurity. With a lack of resources and expertise, they are an easy target for bad actors. With the help of these partners’ help, we hope to extend our reach and foster a strong security culture across the channel.”
The streamlined CyberSmart service makes it easy for any business to achieve the UK government-backed security certifications including Cyber Essentials, Cyber Essentials Plus, and IASME-GDPR. And the prevention of cyber attack doesn't stop at certification. A compliance software ensures every device, personal or professional, used by a business is always secure.
Timing is everything
Cyber security is more important than ever. As the UK begins to reopen and offices welcome staff back, many businesses have emerged from the crisis into a hybrid world. The mix of remote and office working adopted by many organisations brings with it new security risks.
A recent report from VMWare reveals that 91% of organisations have seen an increase in cyber attacks as a result of employees working from home. Online protection has become more important than ever before, but many businesses, especially smaller ones, still find the idea of it daunting.
"Cybersecurity is a huge issue and the importance of achieving Cyber Essentials certification and demonstrating that you are ready to protect your organisation, employees, and data, has never been greater," echoes Mike Barron, Managing Director of Synaxon UK. “Our partnership with CyberSmart has come at exactly the right time. With more companies now operating virtually and most employees working at home, that’s becoming crucial. We've received an immediate and extremely positive response from Synaxon UK members who are using CyberSmart to get certified themselves and encouraging their customers to follow their lead.”
“Adding to our Cyber Security portfolio, CyberSmart aligns perfectly with our desire to create a unique environment in which our partners get the best in-house solutions, services and support,” concurs Colin McGregor, General Manager – Cyber Security, Ingram Micro UK, “We’re excited to show our partners just how we can facilitate their cyber needs, with CyberSmart no doubt contributing to this success."
The CyberSmart team believes that every organisation should be able to easily comply with recognised standards to protect their data and infrastructure. Synaxon and IMUK will help us deliver that ability to many more businesses.
About our new partners
Ingram Micro Cloud (IMC), a division of Ingram Micro UK Ltd, was established in 2014 to help its partners realise their share of the cloud market opportunity. Ingram Micro Cloud is a master cloud service provider (mCSP), offers channel partners and enterprises access to the leading global Cloud commerce platform, expertise, solutions and enabling programmes that empower organisations to realise their potential in the digital economy. Ingram Micro Cloud is the leading Cloud aggregator in the UK and a software company that is the powering engine for the channel.
Synaxon UK was launched in the UK in 2008 and has since become firmly established as the market-leading channel services group. Synaxon is much more than a dealer buying group. It’s a thriving, dynamic and forward-thinking community that works to advance the development and growth of its members. Synaxon offer a wide range of services as well as personalised account management and business development support to help MSPs, resellers, retailers, and office products dealers thrive.
A note from our CEO, Jamie Akhtar, on Covid-19 and business continuity
As the Covid-19 virus outbreak continues to escalate across the planet, I would like to update you on how the situation is being addressed at CyberSmart.
First and foremost, our thoughts are with all who have been affected by coronavirus, especially the ones who have contracted the virus and to their families that support them. Our team wishes you a speedy recovery.
Our team, customers and partners
The safety of our employees, their families, and our partners and our clients, is our greatest priority. That is why we have transitioned the business to fully remote operations, effective as of Monday 16th March.
Remote working is a practice that has been tried, tested and encouraged since the beginning of our business - we are “remote by design”. With team members across the globe, the ability to work remotely has always been an integral part of our business continuity strategy, and we are grateful for that now. This experience allows us to continue delivering our services to the highest standard, and uninterrupted, even in unprecedented times like these.
We hope this information helps our customers, partners and any other members of the business community to take on remote working safely and productively.
Business as usual
CyberSmart’s daily operations are carrying on unaffected and we foresee no impact on our operations. With information security at the core of what we do, our team is particularly well-prepared to maintain business as usual, and continue to serve our customers with the highest quality of service.
Because of our remote capabilities, we are now delivering all certification fully remotely. This includes Cyber Essentials Plus which is normally conducted by an in-person auditor. However, our team of assessors is able to use the CyberSmart app to remotely test all devices who have it installed and help you achieve certification. Remote audits can be conducted regardless of if your team is in the office or working at home. We support both company provided and users own devices (BYOD) so all situations are catered for. As always, we commit to rapid turnarounds - we will get you certified in as little as 24 hours for Cyber Essentials and 7 days for Cyber Essentials Plus.
Be aware of your security
I’d like to urge our customers and the public about the importance of cybersecurity to businesses right now as we are seeing an increase in opportunistic people using these ambiguous times to make gains for themselves through phishing and cyber breaches.
We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.
We urge you to take a look at our content for all the tips to make your business safe and, should you have questions, please contact our team. We are here to use our in-house expertise to aid and advise, free of charge.
CyberSmart is here to help
These are unprecedented, challenging times and I believe we will only make it through by bringing the business community together and supporting each other. As we become more socially distant, it is more important than ever that we stay connected.
Please feel free to reach out to me and our team on hello@cybersmart.co.uk if there’s anything you think we can support with.
Stay positive, stay healthy and remember - together we are stronger.
