little boy holding face after making mistake

little boy holding face after making mistake

Working with MSPs every day, we see a lot of cybersecurity mistakes. In fact, preventing these mistakes is the whole reason for BLOKWORX existence. These are the top 3 cybersecurity mistakes we see MSPs make every day.

1. Paying for a Service and Not Fully Deploying It

We recently got an escalated support ticket from an MSP migrating from ProofPoint to our SCUD service. They were having a challenge with MX records (Note: SCUD service does not require a change to MX records, so this becomes a moot point upon switching to our service, but I digress). Upon digging, we determined that they had never configured their MX records to properly utilize ProofPoint. Yet, “for longer than they could remember,” they thought they were deploying ProofPoint and, indeed, paying for their services. Don’t scoff at this poor MSP’s plight. We see things like this more often than we care to think about.

How does this cybersecurity mistake happen?

An MSP legitimately purchases a service, muddles their way through the deployment, and firmly believes that they’re fully protected. Alternatively, they purchase a service, get halfway through the deployment, realize it’s too complicated for them to figure out at that moment, and then never get back to fully tuning the tool. Either way, the result is throwing money down the drain thinking that they’re protected because they didn’t have the knowledge, process, or plan to ensure that the tool was indeed working.

Ultimately, the client goes unprotected, all while believing that their MSP has things under control. The MSP thinks that everything is fine and doesn’t realize a problem until they’re remediating a breach or attempting to restore from a backup because something went south due to lack of security.

There is a way around this. For every tool you choose to deploy, you must have a plan, procedures, benchmarks, and support. That’s why BLOKWORX never sells you just a tool. You can’t come to us simply asking for licenses without the white-glove service to deploy them. There is far too much at stake to simply let you try to figure things out. We will guide you every step of the way through deployment, monitoring, and remediation. You’re never alone.

2. Set and Forget

Tools are only as good as the team monitoring them. Sure, you made it through the beastly onboarding process, and now you’re ready to let the tool do its job while you go back to running your business, answering support tickets, and managing day-to-day NOC challenges. The problem is the tool is now generating hundreds, if not thousands, of alerts. True, many of them are false positives; but if you don’t establish a baseline via routine monitoring, you can’t possibly detect outliers/anomalies.

What should you do instead to avoid this cybersecurity mistake?

At BLOKWORX, we believe in the principle of automation with human validation. The increasing use of security tools using AI and machine learning to prevent threats is a double-edged sword. While the protection is superb, no solution is perfect. There is the slim chance that a threat will go undetected by the AI, while legitimate files may be incorrectly flagged as malicious. This is where trained security professionals come into play— remediating threats that fly under the radar while validating benign files that are classified as a threat.

Unfortunately, far too many MSPs do not have the bandwidth to do this human validation properly if they have the capacity to move past reliance on automation at all. Typically, they’ll assign one of their already overutilized engineers to be the keeper of all things cybersecurity. This works for a while because this individual is jazzed about keeping clients safe and being part of the fastest growing industry in the world. However, they still have their day job. They still have noisy clients; they still have an overwhelming number of tickets. Suddenly, the best intentions to monitor and action all the alerts from a new tool becomes checking once or twice a week to only looking at the alerts after something has gone wrong. This is not a sustainable solution.

Instead, we highly recommend putting your trust in a fully managed SOC, like BLOKWORX. The only tickets we work daily are security related. We are in the always-on cybersecurity monitoring and remediation business. You no longer must try to fill these cybersecurity positions in house or rely solely on automated tools.

3. SOS – Save our Ship

We get far too many calls from MSPs that need our support because the end client has been the victim of ransomware or someone is actively experiencing an email breach. Yes, we have the tools and capabilities to help you in these situations; but in all honesty, if an MSP is worth its salt, things should never get to this point.

Multi-layered cybersecurity can no longer be optional. Restoring from backup cannot be the first response to an issue (especially with the prevalence of backup encryption in recent attacks). MSPs cannot rely on what they’ve done for years. The problem with many MSPs, though, is they’re afraid to have the conversation with the client. They’re worried that the client is going to question what they’ve been doing to protect them to this point. They’re worried that the client is going to balk at a price increase. So, they choose not to have the conversation. That’s just a ticking time bomb for a security event.

How do you avoid this cybersecurity mistake?

Here’s our recommendation. As an MSP, don’t offer cybersecurity as an additional package or a checkbox option. Fully integrate cybersecurity into each of your managed services agreements. Sell it as part of your standard package. Price it accordingly. If someone won’t accept, walk away quickly. Why? You’ll lose far more time, trust, and money in an SOS situation than you would gain in an agreement with a customer stuck in the cybersecurity dark ages.

Haven’t raised agreement prices in years? Make it an incremental increase. Pick your biggest cybersecurity hole, fill it, and move on to the next. Most of our partners start with one of flagship services (MAED or SCUD), finish deployment, then move to the other flagship. It makes the proposition less overwhelming but ensures that you’re adopting cybersecurity protection on every layer of the network.

What should you do next to avoid making these cybersecurity mistakes?

  1. Audit your current services to determine that you are indeed deploying everything that you’re paying for.
  2. Contact BLOKWORX to offload reliance on automated tools and relieve your NOC from also performing SOC duties.
  3. Begin talking with your customers about a cybersecurity shift. Make 2022 your year to get every client into cybersecurity compliance with your organization’s standards.