Post-Crisis analysis: 4 ways to protect your clients against ransomware

By Trent Schwartz on Jul 31, 2017

Thanks to the recent widely-publicized “WannaCry” and “Petya” ransomware attacks, the threat of ransomware is on your customers’ minds. Many are probably having nightmares about the prospect of their organization falling prey to malware that locks and encrypts all of their company’s files, leaving access only to a ransom note.

Hopefully none of your clients were victims of either attack. But as an IT partner, it’s important to proactively engage customers in dialogue about their options for protecting their valuable business data against threats—including ransomware and other common causes of data loss.

The reality is, the need for data and ransomware protection is enormous, even for the small businesses that you would think would fall below hackers’ radars. Surprisingly, a recent Osterman Research Survey report indicated that nearly 50% of U.S. businesses had been hit with ransomware in the previous year. Globally, close to 20% of ransomware victims saw demands exceeding $10,000.

Customers are relying on you, their Managed Service Provider (MSP), to help protect them against this threat, which is growing more complex over time. Where as in the past nearly all ransomware was triggered by phishing scheme links and attachments. In 2016 the FBI noted that a growing number of hackers are now seeding legitimate websites with malicious code that takes advantage of flaws in visitors’ unpatched software. These attacks entirely bypass the need for specific action on the part of the victim. We’ve built a short, general resource on ransomware to help guide MSPs.

Think broadly about Business Disaster Recovery

The ransomware threat makes it clear that MSPs need to think broadly about Business Disaster Recovery (BDR), and ensure that their clients have a multi-layered security system in place. Here are five of the things that you can and should do:

  1. Provide end-user training. Although some ransomware attacks have become more sophisticated, many have not. Phishing schemes, malicious links in online ads and other things that require the user to do something are still quite common. Because users are the absolute weakest link in the system, user training is imperative. As a trusted advisor, you can offer this training as a value-added service.

    Many of the experts cited in a recent article on “Ransomware Protection & Removal: How Businesses Can Best Defend Against Ransomware Attacks” spoke about the need to focus on the end users. They recommend that end-user training should explain the stakes involved and stress what behaviors everyone should avoid, such as:
  • Clicking on links or attachments from an unknown source, or even from a known source if they look suspicious.
  • Opening phishing emails (show them what phishing emails typically look like), including emails in their spam folder or from people you do not know.
  • Installing apps that offer a typically paid or free app, or claim to download other apps for you.

End users should also be counseled on how to put mobile device security measures in place, if their devices are used to access the organization’s IT systems.

After the training is over it’s a good idea to provide periodic refresher courses, and subject your customers to test phishing campaigns to see if they’re applying what they learned.

  1. Get a robust backup system in place. As Scott Bekker stated in his article, “MSP's Guide to Ransomware,” “Ransomware has single-handedly turned every backup and recovery vendor into a critical security partner for their customers.” As an MSP you should be selling backup with every system you sell.

    Having a full and accurate backup is vitally important—particularly because every organization has a very weak link in their system: the end users. If other defenses fail to prevent the ransomware attack, having an unaffected backup ensures that the organization’s data can be restored.

    The backup system should include endpoint backups, a system-state backup or snapshot, and Office 365 cloud backups (if applicable). Although many of your customers may not realize it, having a cloud backup system in place is necessary for complete Office 365 data protection. Although Office 365 offers some level of protection, it has limitations. Which means that data loss happens, even in the cloud.

    If you did not have the cloud backup discussion with your clients when you initially sold Office 365 to them, the renewed ransomware threat gives you an excellent excuse to revisit the issue. Explain how the same backup system—such as SkyKick’s Cloud Backup for Office 365— that can protect them against accidentally deleted content and other hazards can also be the saving grace if their systems are hit by a ransomware attack. Interestingly, when Osterman Research did a follow-up survey of those who were hit by ransomware and chose not to pay the ransom, they found that it was frequently the availability of recent backups that enabled organizations to make that decision.
  2. Discuss the importance of patch management. Every one of your clients should be running patch management tools to ensure they stay up-to-date. The WannaCry attack took advantage of unpatched systems in over 200,000 computers in 150 countries. As Brad Smith, Microsoft’s President and Chief Legal Officer, recently stated, “[The WannaCry attack] is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone.”

    Don’t ignore updates—make sure patch management takes place for ALL of the applications that the business relies on.
  3. Help them develop a disaster plan. Even if your clients already have Business Disaster Recovery Plans in place that address system failures, general hacking attacks, fires and natural disasters, there’s a good chance their plans don’t directly address the ransomware threat. You can provide tremendous value by helping them develop disaster plans that address all contingencies—including verifying backups and running practice drills to ensure that the plans actually work.

    In addition, an important part of preparing to respond to a ransomware attack is having a response team ready to deploy. A recent article on “How You Can Protect Customer Data and Keep Customers Safe” provides advice regarding who to include in this group.

Be sure to protect your own interests, too

As an MSP, an important thing to keep in mind is that you can’t just sell backup protection and other BDR services to your clients. You have to continually communicate the value of what you’re providing, too.

After all, data protection is like insurance. You hope you’ll never need it. If and when you do need it you’re extremely glad you have it. But when you go month after month, year after year without needing it, you start to question the necessity of the ongoing expense. To ensure your clients stay protected you must regularly reinforce the value of having the protection in place.

Some MSPs have integrated BDR deeply into their sales process and made it a standard practice for all of their clients. Others have gone so far as to have a client sign an “opt out” agreement that clearly lays out that you believe they’re taking an unnecessary risk for which you will not be held liable.

Of course, protecting your own interests also means protecting your own data. To make this easy, SkyKick has partnered with Microsoft’s Internal Use Rights program through which Partners receive free, perpetual use of Cloud Backup for Office 365 to back up their own business’ data. SkyKick’s Cloud Backup for Office 365 provides lightning fast search, one-click restore, and an auto-discovery feature that makes setup ridiculously easy. Register now to receive unlimited backup of Exchange Online, SharePoint and OneDrive for Business.

Cre

Topics: Cloud Backup For Partners Security & Privacy