Ransomware is a costly threat to consumers,
enterprises, and SMBs alike. According to
data from Emsisoft, 2019 saw a 41 percent increase in ransomware compared to the year prior. Security firm Coveware reports that the
average ransomware payment climbed to $190,946 in December of 2019. Of course, nobody understands these threats quite like managed service providers (MSPs). With their clients all facing ransomware threats, MSPs are on the front lines. But, with critical data and cash at stake, MSPs could find themselves liable if their efforts to prevent or remediate ransomware fail. Luckily, there’s a lot MSPs can do to reduce their risk. Note that while this post offers suggestions, it’s not legal advice. MSPs should always consult with an attorney for that. Let’s dive in.
You can’t be held liable for related damages if you prevent ransomware attacks in the first place. Proactive ransomware prevention falls in two categories: defense and education. Since email is the most common way for ransomware to infect a network, first use tools like firewalls and spam filters to quarantine emails that might contain ransomware. And don’t forget to keep these tools patched and up to date. Next, help your clients educate end-users about ransomware. Be clear about what they can do to stop nefarious emails that sneak past your defenses. This might include creating a presentation to show examples of ransomware emails, or even sending
fake phishing emails to test users. Whatever you do, make sure clients and their end-users understand how ruinous ransomware threats can be to their companies, and what their role is in stopping them.
Take Proactive Measures
You can’t be held liable for related damages if you prevent ransomware attacks in the first place. Proactive ransomware prevention falls in two categories: defense and education. Since email is the most common way for ransomware to infect a network, first use tools like firewalls and spam filters to quarantine emails that might contain ransomware. And don’t forget to keep these tools patched and up to date. Next, help your clients educate end-users about ransomware. Be clear about what they can do to stop nefarious emails that sneak past your defenses. This might include creating a presentation to show examples of ransomware emails, or even sending
fake phishing emails to test users. Whatever you do, make sure clients and their end-users understand how ruinous ransomware threats can be to their companies, and what their role is in stopping them.