The online world is still the wild west. A few wrong clicks can lead a user down a path to ransomware, viruses, and all sorts of nasty stuff. In order to keep each of these end points locked down, it’s crucial for MSPs to keep end users’ online experience safe and private.
Your job is to ensure that any cloud-based application—whether you or a third-party host it—is secure, easy to manage, and accessible to those who need it. But users themselves are notorious for making mistakes online that can lead to an infection. In the 2nd quarter of 2018, MSPs worldwide reported the following as the most common causes of ransomware infection (note that respondents were able to select multiple options):
- 66% – Spam/phishing emails
- 33% – Lack of end-user training
- 28% – Poor user practices/gullibility
- 28% – Weak passwords/access management
- 24% – Malicious sites or ads
- 21% – Clickbait
These stats show that while it’s certainly in an MSP’s power to help clients prevent various online security issues, the biggest problem isn’t really software. It’s people.
A Human Problem, Not a Software Problem
Software can help block spam, malicious ads and websites, and help you enforce strong password policies but none of them are foolproof. Phishing emails still make it into inboxes. That cute animal video that’s actually a virus-filled ad is just irresistible to some users. Spam ads, fake news, and clickbait work because they create an emotional response people are quick to react to. In total, 40 percent of data breaches are caused by employee negligence. You can set up safeguards. You can use every tool available. But a user’s small mistake can unravel your best laid plans.
You can’t stop every risky click. But you can help users break bad habits, understand their own fallibility, and develop a more vigilant approach to going online. The key is taking time to educate and test them.
Developing Training for Online Security
The stats above paint an interesting picture. Yes, your software can do a lot to aid with prevention, but end users don’t know what they don’t know. They might be a bit gullible. They might act on emotion without stopping to think of consequences. That’s why one of the best ways you can help clients with online privacy and security is to drop some knowledge. Here’s one approach to improving their online security acumen:
Work With Clients to Schedule a Formal Training
You can send emails with security tips, create blog posts, or share videos, but these tactics will only reach a small portion of your end-users. Instead, work with clients to schedule a formal in-person training to go over online privacy and security essentials. You may wish to prepare a PowerPoint and handouts that help you cover your material.
Help Users Understand Common Mistakes
Your training should help users understand common social engineering, phishing, and scam tactics. Show them examples of nefarious ads, clickbait, and websites. Help them understand what software can do and what the limitations are. Last, help users understand the way online scammers think—this is a great way to help them work online safely.
Outline Corporate Policies
Do users need to access systems via VPN? Should they be using a specific web browser? What cloud platforms are approved? Are users responsible for keeping their device firmware and patches up to date? What’s your stance on BYOD? Make sure users understand what online behavior is acceptable and what their responsibilities are as outlined in a client’s corporate policy.
Test Users and Reinforce Your Teachings
Do you have ways to test users with simulated phishing emails? For those who make mistakes, can you reinforce what you taught them? Consider ways you can not only educate users but make sure they’re retaining knowledge and following best practices moving forward.
Give Users Resources
Last, make sure users know what to do if they spot something they’re unsure about. If something looks phishy, who should they call? What’s the plan of action if they think they’ve downloaded a virus by mistake? What should they expect from you as their IT provider if they make a mistake?
Software can do a lot to keep users out of trouble online, but if users know how to browse safely to begin with, they’ll be much more likely to stay out of trouble. As you approach online security and privacy for your clients, be sure to think about how to share knowledge not just how to implement new tools.