Ransomware isn’t a customer problem — it’s an everyone problem. Increasingly, that includes solution providers who have become targets of cyber criminals because of their relationships to numerous small business customers.
Last year, research by Continuum revealed that 83% of managed service providers (MSPs) have reported customer cyber attacks, and 74% of those said they’ve been a cyber victim themselves. Unfortunately, in most instances it appears that it’s only a matter of when, not if, providers will fall prey to the bad guys.
Even if you think you’re bulletproof, it behooves any company to have a plan in place. To help that cause, CompTIA’s IT Security Community developed a Data Breach Response Planning Guide that lays out a blueprint for incident response to help your customers through a worst-case scenario.
The guide starts with preplanning, including identifying plausible scenarios and identifying an incident response team that can quickly assemble in the event of a breach. Second, the guide examines detection and protection, what to do when something’s gone wrong and the business is at risk.
Next, MSPs should have strategies for communication and recovery, everything from engaging with insurance companies to communicating with other customers too.
Mike Semel, a member of CompTIA’s IT Security Community and president of Semel Consulting, which specializes in helping tech companies in business continuity and compliance issues, helped put the guide together. MSPs make mistakes too and need to be prepared for when it happens, he said.
Incidents can occur anywhere, anytime, and most MSPs don’t have the technical and forensics skills and certifications to adequately respond to an incident, according to Semel. The worst thing you can do is try to be the hero without a proven strategy in place.
“That can get you and your client in trouble if there’s a lawsuit and the chain of evidence is tainted. You might have gone in to try and fix something and end up inadvertently destroying evidence that could have been used in a case,” he said.
You may also risk not being paid for your services if you are not preapproved by your client’s cyber insurance carrier.
“The risks are higher than ever. MSPs and solution providers need to know how to deal with these situations — not just for your clients, but also to protect yourself,” he said. “We get tired of hearing about things like ransomware, it’s increasing. One of the things I’m seeing is that people aren’t talking about it as much as they could. They’re not leveraging the news to get business.”
Even with proper training, humans make mistakes and that puts businesses at risk, added Semel. With honest forethought, clear scenarios, solid security design, and continual training and practice, managing the inevitable breach of sensitive data is possible, according to the guide. “The IT Security Community strongly encourages every technology business to develop, maintain and execute its own strong data breach response plan to help combat cyberattacks.”