Managed Service Providers (MSPs) cover every aspect of your network, including end users. Many business owners often forget the human element of technology and fail to anticipate human error in their technology planning.
The reality is you can have the newest firewall, top of the line backup and disaster recovery device, custom anti-virus software and still lose everything. This is because you overlooked a major part of your security plan: your end users. When it comes to security, your employees are the most vulnerable access point for your business.
As a business owner, it is impossible to stay on top of the security of every machine in your company. Sure – you assumed by setting a password policy all of your employees updated the complexity of their passwords, right?
They also got rid of all of the pieces of paper they had lying around with passwords written on them, and they stopped using the free and unsecure chat software you asked them to uninstall. They did all of these things; however, your network was still compromised.
Unfortunately, your employees don’t come to work every day with cyber-security at the top of their mind. They come to work ready to do what they were hired to do, and hackers know that. Cyber-criminals are banking on the fact that your employees are too busy to examine every email they receive.
When you partner with a Managed Service Provider they will document and examine your environment for vulnerabilities. They will examine all of your workstations and access points to find where your business may be compromised. After the assessment, your MSP will also continue to monitor all of the workstations in your network to ensure you are protected.
When your HR department is recruiting a new administrative assistant they aren’t looking for cyber-security training on their resume, right? They will instead find listed organizational skills, multi-tasking experience and the ability to take initiative, all of the qualities that make a good admin.
Here’s a likely scenario:
Your team finds the perfect candidate, Dave, to support your VP of Development. Dave is extremely organized and has prior support experience. During his first week, Dave meets with all of your team leads and is briefed on the VP of Development’s primary contacts and schedule.
Dave is a proactive employee and likes to complete his work ahead of schedule in hopes of growing within the company.
During his third week Dave gets an email from one of your company’s main vendors asking for payment on an open invoice. Wanting to impress the VP by taking initiative, Dave quickly fills out the invoice and sends the payment to your vendor.
In a hurry to tackle his inbox, Dave did not notice that the name of the company was misspelled and that the email did not match the company domain. Dave lost the company thousands of dollars and fell victim to a targeted phishing attack. Dave was let go the following day, but was he to blame?
No, Dave was not to blame in this scenario because he was not properly trained to detect phishing attacks. If your company partnered with an MSP Dave would have received security awareness training. MSP’s offer either on-site or off-site training for employees. In Dave’s case, an MSP would recommend phish testing for your employees.
Phish testing is when your MSP periodically sends fake emails to your employees to see how they respond. If an employee falls for the phishing attempt, your MSP will alert you and continue to test them until they are confident the employee can spot an attack. It is much safer to have your employees fall for the test than the real thing.
Many companies believe their business is secure because they have asked their employees to secure it. But, is it enough? Don’t leave the fate of your business at the mercy of your employee’s judgement.