How COVID-19 Is Changing Cybersecurity Tides, And Why Your MSP Needs To Ride The Wave

It’s no secret that the work arena has changed drastically for many businesses over the last few months. Practically overnight, COVID-19 forced businesses of all sizes to become enabled for remote work as safety protocols were put in place and stay-at-home orders were mandated. Now, thousands of companies all over the world have been scrambling to figure out ways to ensure that they stay in business when, even now, many brick-and-mortar offices remain closed.

MSPs are no exception to this scrambling. In fact, the work they do for their customers is more crucial than ever because the landscape of where and how work is being done has shifted. MSP customers are so overwhelmed by the new steps they have to take to ensure their business continues running remotely that they’re likely not always considering the risks they’re creating by doing so.

What does this drastic shift in business mean for MSPs? What should they be doing to make sure they’re still serving their customers the way those customers need? How do they stay viable when the landscape for how they do business is changing?

Navigating A Business Through A Crisis

The push to at-home work is a productive reaction to crisis. It came about rapidly, but MSPs should use it as an opportunity to help their customers successfully set up their businesses to survive this shift. The best way to do that is to break the process down into a three-phase system:

  • Pushing to remote
  • Securing the setup
  • Staying viable
  • Pushing To Remote

The first phase is pretty self-explanatory, and many have completed the transition. MSPs should continue to work with their customers to help them figure out how to optimize their employees’ setups to work from home. For many businesses, this process involves setting up new equipment like laptops and signing up for services that make working remotely possible, like VPN access and videoconferencing apps. Even though it can be a lengthy process that’s brand-new for many customers, completing the setup isn’t the most daunting part of the process.

The hardest part is making sure the business is still operating securely. That’s where the importance of the services an MSP can (and should) provide really shine.

Securing The Setup

This is by and large the most important item for MSPs to be paying attention to right now. Now that everyone is settled at home, they need to make sure the work they’re doing is secure. “The surface area, or attack area, for cybercriminals to get in has now significantly grown thanks to remote work setups,” says Kevin Lancaster, founder of ID Agent and general manager of Kaseya’s security solutions. “Employees are having to log into applications they’ve never used in the past. Inevitably, every time you download one, set up a username and password for it, and start using it, you create another potential exploit area.”

Whereas these employees were previously contained inside their corporate network or inside their company’s firewall, they’re now accessing work platforms, cloud platforms, and networks from insecure home Wi-Fi. Employees and their families are creating new user accounts for leisurely use and data-swapping between personal and professional devices. All these activities provide ample openings for cybercriminals to slip right through a company’s cybersecurity defenses. That’s why it’s so critical for MSPs to be extra proactive about the security they offer.

“There has to be a dramatic shift in priorities,” Lancaster says. “Acquiring customers and growing the MSP has always been the focus, but right now, it’s most important to maintain current customers by migrating them to secure remote work and ensuring that they are, in fact, secure by providing high-value security services.”

There are three minimum offerings every MSP should have for their customers: multifactor passwords, single-sign-on capabilities, and password management. Increasing security around account access is crucial because there’s been a dramatic increase in the ability to exploit an individual. “Once an individual has been exploited, it’s easy to leapfrog to being able to exploit the business,” says Lancaster.

Offerings like multifactor authentication for access to company networks and accounts are critical. “Many MSP customers are using VPNs for the first time, and the challenge is that access to those VPNs is often just an email address and a password. There’s no multifactoring,” he says. It’s just as easy for cybercriminals to access a VPN as it is any other account if the proper protections aren’t put in place.

Another way to dramatically reduce the chance for attacks is by adding single-sign-on capabilities for any accounts that MSP customers use to access cloud applications. The more email and password combinations there are to punch in, the more chances there are for cybercriminals to access them. So, take the element of the password that can be exploited and add a second layer of protection to it by offering single-sign-on services.

For those MSP customers who need multiple email-password combinations to access information, it’s critical to instead encourage them to use a password management system.

Close to 80% of security compromises stem from access to a sign-in credential in some form. Phishing, password hacking, and forced attacks are all ways for criminals to get what they want, and the decreased security created by at-home setups makes it that much easier for them. The duty of MSPs is to make their job hard again, no matter what their customers’ work setups look like.

Staying Viable

Not all MSPs were providing the crucial security services their customers needed to make the shift to remote work simply because it wasn’t expected. Those that were offering them are now ahead of the curve, but those that weren’t are playing catch-up. Either way, most MSPs should see this as an opportunity to embrace a changing future.

“The MSP security market is starting to mature. COVID-19 forced people to take security much more seriously and accelerate the adoption of these tools,” Lancaster notes. “There are two schools of thought for how things will play out from here: Some businesses will go back to being fully on-site, where employees can be directly monitored. But others will have learned that work can be done from anywhere. They’ll feel liberated by eliminating costs like rent and by reducing utility bills and will become more profitable and efficient in other ways. Those businesses are going to stick with remote work and all the necessities that go with it.”

That’s what MSPs have to look forward to and how they can position themselves as a viable service, no matter how their customers decide to conduct their business in the future. MSPs should shift their mindset and their offerings to be more enabled for both in-office and at-home customers. It’s about offering the old and the new.

The New Frontier

COVID-19 is ushering in a new way of thinking when it comes to the way businesses can and want to operate. MSPs should be ready to support those ways of thinking if they want to remain viable. You can leverage the current tides as an opportunity for your customers to expand their business practices. In turn, that means you’re also creating new opportunities for the work and capability of your MSP. Great change enacts great change.

When it comes to business operations, a new reality is going to emerge from the crisis we’re working our way through. We’re just starting to see what that reality could potentially be, but no matter what, if your MSP doesn’t see the benefit of adapting, then it may not be around long enough to discover what that new reality is.