The online world is still the wild west. A few wrong clicks can lead a user down a path to ransomware, viruses, and all sorts of nasty stuff. In order to keep each of these end points locked down, it’s crucial for MSPs to keep end users’ online experience safe and private. Your job is to ensure that any cloud-based application—whether you or a third-party host it—is secure, easy to manage, and accessible to those who need it. But users themselves are notorious for making mistakes online that can lead to an infection. In the 2nd quarter of 2018,
MSPs worldwide reported the following as the most common causes of ransomware infection (note that respondents were able to select multiple options):
Software can help block spam, malicious ads and websites, and help you enforce strong password policies but none of them are foolproof. Phishing emails still make it into inboxes. That cute animal video that’s actually a virus-filled ad is just irresistible to some users. Spam ads, fake news, and clickbait work because they create an emotional response people are quick to react to. In total,
40 percent of data breaches are caused by employee negligence. You can set up safeguards. You can use every tool available. But a user’s small mistake can unravel your best laid plans. You can’t stop every risky click. But you can help users break bad habits, understand their own fallibility, and develop a more vigilant approach to going online. The key is taking time to educate and test them. Developing Training for Online Security The stats above paint an interesting picture. Yes, your software can do a lot to aid with prevention, but end users don’t know what they don’t know. They might be a bit gullible. They might act on emotion without stopping to think of consequences. That’s why one of the best ways you can help clients with online privacy and security is to drop some knowledge. Here’s one approach to improving their online security acumen:
Do you have ways to test users with
simulated phishing emails? For those who make mistakes, can you reinforce what you taught them? Consider ways you can not only educate users but make sure they’re retaining knowledge and following best practices moving forward.
- 66% - Spam/phishing emails
- 33% - Lack of end-user training
- 28% - Poor user practices/gullibility
- 28% - Weak passwords/access management
- 24% - Malicious sites or ads
- 21% - Clickbait
Work With Clients to Schedule a Formal Training
You can send emails with security tips, create blog posts, or share videos, but these tactics will only reach a small portion of your end-users. Instead, work with clients to schedule a formal in-person training to go over online privacy and security essentials. You may wish to prepare a PowerPoint and handouts that help you cover your material.Help Users Understand Common Mistakes
Your training should help users understand common social engineering, phishing, and scam tactics. Show them examples of nefarious ads, clickbait, and websites. Help them understand what software can do and what the limitations are. Last, help users understand the way online scammers think—this is a great way to help them work online safely.Outline Corporate Policies
Do users need to access systems via VPN? Should they be using a specific web browser? What cloud platforms are approved? Are users responsible for keeping their device firmware and patches up to date? What’s your stance on BYOD? Make sure users understand what online behavior is acceptable and what their responsibilities are as outlined in a client’s corporate policy.Test Users and Reinforce Your Teachings