The online world is still the wild west. A few wrong clicks can lead a user down a path to ransomware, viruses, and all sorts of nasty stuff. In order to keep each of these end points locked down, it’s crucial for MSPs to keep end users’ online experience safe and private. Your job is to ensure that any cloud-based application—whether you or a third-party host it—is secure, easy to manage, and accessible to those who need it. But users themselves are notorious for making mistakes online that can lead to an infection. In the 2nd quarter of 2018, MSPs worldwide reported the following as the most common causes of ransomware infection (note that respondents were able to select multiple options):
- 66% - Spam/phishing emails
- 33% - Lack of end-user training
- 28% - Poor user practices/gullibility
- 28% - Weak passwords/access management
- 24% - Malicious sites or ads
- 21% - Clickbait
Work With Clients to Schedule a Formal TrainingYou can send emails with security tips, create blog posts, or share videos, but these tactics will only reach a small portion of your end-users. Instead, work with clients to schedule a formal in-person training to go over online privacy and security essentials. You may wish to prepare a PowerPoint and handouts that help you cover your material.
Help Users Understand Common MistakesYour training should help users understand common social engineering, phishing, and scam tactics. Show them examples of nefarious ads, clickbait, and websites. Help them understand what software can do and what the limitations are. Last, help users understand the way online scammers think—this is a great way to help them work online safely.
Outline Corporate PoliciesDo users need to access systems via VPN? Should they be using a specific web browser? What cloud platforms are approved? Are users responsible for keeping their device firmware and patches up to date? What’s your stance on BYOD? Make sure users understand what online behavior is acceptable and what their responsibilities are as outlined in a client’s corporate policy.
Test Users and Reinforce Your TeachingsDo you have ways to test users with simulated phishing emails? For those who make mistakes, can you reinforce what you taught them? Consider ways you can not only educate users but make sure they’re retaining knowledge and following best practices moving forward.
Give Users ResourcesLast, make sure users know what to do if they spot something they’re unsure about. If something looks phishy, who should they call? What’s the plan of action if they think they’ve downloaded a virus by mistake? What should they expect from you as their IT provider if they make a mistake?
ConclusionSoftware can do a lot to keep users out of trouble online, but if users know how to browse safely to begin with, they’ll be much more likely to stay out of trouble. As you approach online security and privacy for your clients, be sure to think about how to share knowledge not just how to implement new tools.
You May Also Like
- Channel: MSPs / VARs / SIsMay 18th, 2022
- Data StorageMay 17th, 2022
- Backup and Disaster Recovery RansomwareMay 12th, 2022