Working from Home? Here’s the Security Advice you Should Be Giving Your MSP Clients

Since the coronavirus pandemic began, the FBI’s Internet Crime Complaint Centre has received more than 3,600 complaints around cyberattacks that are attempting to leverage the panic and confusion around this difficult time.


“Unfortunately, there’s a lot of precedent for criminals taking advantage of natural disasters and government relief packages to conduct fraud, including through cyber means,” Assistant Director Matt Gorham commented.


It is more important than ever to make sure that your clients are aware of the methods that hackers and those with malicious intent use to launch their attacks, especially while they are working remotely or under extraordinary pressure.


Atera’s Top Tricks for Secure Remote Monitoring and Management Work During Covid-19


1. Think before you click


99% of email attacks rely on victims clicking links. So, think hard! When you get an email, even if it claims to be from someone that you know, take a moment to double check. Any correspondence that mentions Covid-19 should be looked at with particular caution during this time, as many opportunists are using the crisis as a way to get past people’s defenses.


If you recognize the name in the send box, make sure that they haven’t simply forwarded something that they received themselves from an unknown third party, and if you’re not sure what something is, just don’t click on it at all. This goes for attachments as well as links.


2. Protect your credentials


According to Forbes, 74% of data breaches start with stolen credentials. That means communication where users are asked to provide their password, or login to their accounts through what is actually a phishing website. Never reply to these messages or give any information on an unsolicited sales call, as no legitimate company will ask for your credentials via email or phone call. If you are torn, or the communication is coming from a co-worker or a manager, try calling the company or member of staff directly, and verify what they need.


This same process should be followed if you are being asked for a specific action, especially if it’s in a financial context. Buying gift cards, transferring money, paying into a specific account – these are all extremely unlikely to be legitimate requests from the apparent sender.


3. Double down on office hygiene from home


Especially when you are not in the office, now’s the time to make sure that you follow all the rules for smart IT best practices. This could be anything from saving your work and locking your computer with strong credentials, to logging off from your remote PC in full, rather than just disconnecting to save a few seconds of time. If you have an office mobile phone, making sure to password protect this with a strong password that includes a mixture of upper and lowercase letters and numbers or symbols. When you are browsing online, take extra caution, and never call a phone number from a pop-up, always make sure you head back to the contact page from the main website to ensure you are using safe information.


Home PCs and laptops may not have the same security practices taken as standard, so make sure to remind staff to install and run antivirus software, ensuring that their subscriptions are always up to date. While employees might choose to ignore Windows updates at their own risk on personal computers, if they are using these devices to work from home or log into the network, it should be clear that this is no longer an option and can lead to serious blind spots or vulnerabilities.


4. Set up a procedure with your MSP clients


It can be helpful during this confusing time to establish a clear protocol for how you are going to support and maintain your MSP clients, including remote access where necessary. Cyber-attackers could mimic your branding or your communication channels to launch remote access sessions with your clients, leveraging this to gain a foothold in the network.


Remind your clients that you will never start a remote support session without calling or confirming first, and that you will not ask for their credentials or sensitive information. Encourage your clients to call you directly if they are even slightly nervous about any correspondence and reassure them that you are happy to receive those kinds of calls, as your first priority is their security and peace of mind.


Any other tips and tricks you are using to keep your clients feeling secure during this time?