Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

October 17, 2024 |

8 Critical Steps MSPs Must Take to Prevent Cyberattack Disasters

A swift, well-planned response strategy can mean the difference between a minor disruption and a major catastrophe for your clients.

Cyberattacks are painful, but with the right policies and response, MSPs can help clients get back on track. The key to success is an effective escalation plan to help avert a disaster.

MSPs play a crucial role in helping businesses withstand and recover from cyberattacks. “The right response is critical,” according to Carl J. Mazzanti, CEO of eMazzanti Technologies, a Hoboken, NJ-based cybersecurity MSP.

Given the high stakes, MSPs should establish a formal escalation plan that team members can use to respond swiftly and effectively. Here are eight essential steps:

Step 1: Preplan

Know your client, their industry, regulations, your capabilities, and what specific actions to take. “You can’t spend valuable minutes or hours deciding what to do, whether you need outside assistance and who to contact,” emphasized Jayson Ferron, CIO of Interactive Security Training. “Everything needs to be clearly spelled out ahead of time.”

Step 2: Detect and Analyze the Cyberattack

Carl Mazzanti of eMazzanti Technologies on cyberattack response

Carl J. Mazzanti

It’s important to act the instant you detect a cyberattack, Mazzanti urged. Initially, the most critical issue is to assess the type and severity of the incident. This determines the next steps. As bad as ransomware is, it’s obvious when it is present. Other intrusions — such as a compromised router or hidden malware — may require deeper analysis.

Step 3: Contain and Eradicate

Address short- and long-term containment issues. First, consider specific actions to stop the problem from spreading, such as pulling affected devices or curtailing user access. Later, you scan the network and data backups for additional malware while addressing issues like patching and adapting access controls.

Step 4: Notify Relevant Stakeholders

It’s vital to inform all key internal groups — IT staff, developers, executives, etc. — about the breach and how it will affect their departments and customers, Mazzanti said. You may need to notify external groups, such as an insurance provider, law enforcement agency, regulators, or the public (See Step 7 for more).

Step 5: Restore and Recover

Getting business operations back to normal is vital. Understand which systems are critical and which can wait. When a ransomware attack occurs, Ferron said he won’t take chances. “We rebuild the machines from a zero image and scan all the backup files to ensure they don’t contain hidden malware.” In addition, an MSP must focus on IT patches, updates and technical changes that can harden systems. Then, verify and validate systems.

Jayson Ferron of Interactive Security Training

Jay Ferron

Step 6: Investigate

The investigation stage has two components, Ferron noted. First, an MSP must review the incident response process to understand how to improve it. As part of this, do a forensic analysis to examine the incident’s root cause, which will include collecting information for insurance, legal, or regulatory reasons. Second, determine the extent of the damage, including financial losses and reputational damage.

Step 7: Address Reporting Needs

You may need to file an external report to regulatory agencies and other outside organizations. If the breach affected customers or has broader public repercussions, there will likely be a need for more public outreach and communication. Also, keep track of required reporting timeframes. “If you miss them, an insurance company may refuse the claim or fines may follow,” Ferron cautioned.

Step 8: Conduct a Post-mortem Examination

After the dust settles, thoroughly discuss and dissect the event, Mazzanti said. Have a conversation with the affected firm, as well as internally at your MSP about ways to refine and improve future responses. Address technology changes, policy and procedure updates, and how to improve training and awareness.


Featured image: iStock

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience