How to decide when to schedule patching, Part 2


One way of mitigating cyber-risk is to reduce the potential ways that criminals can make off with valuable data. This means keeping data on a need-to-use basis and making sure that only the right people can access the right information. For example, a graphic designer won’t need access to company HR data or customer financial data. By making sure users can access only the data and systems they need, you can not only reduce the likelihood of insider threats but also reduce the damage done if an external malicious actor does compromise their accounts. 

To do this, you want to make sure new accounts and existing accounts conform to this principle of least privilege. User permissions can grow unwieldy over time, so now’s a good time to schedule some time to run an audit and take action as needed. Plus, it’s worth scheduling these audits to occur on a regular basis. 

3. Know and protect your crown jewels

You can’t paint security with a broad brush. Some data could be riskier to lose than others. Some employees need more sensitive access than others. These are your crown jewels, and they should gain additional protection compared to the rest of the organization and infrastructure. This allows you to focus your security efforts and resources in the right places and avoiding overburdening individual employees.

For example, systems administrators will have a lot of power and access to critical data and systems. Adding more steps requiring them to turn on strong two-factor authentication (2FA) for access to critical systems (or even more factors) could be one step for this. Another should involve active monitoring of their accounts for indicators of suspicious activity (which may indicate an insider attack, but more likely means an account was compromised). For lower-risk employees like graphic designers or salespeople, you may not require the same number of hoops for them to jump through. 

4. Protect your endpoints

With more users working outside the office, the battle for security gets waged even more at the endpoint. Endpoints are simply everywhere—from company-issued laptops to store-bought, personal internet of things (IoT) devices. MSPs have less control over the networks to which the endpoints connect, so endpoint security has become more essential than ever. 

Antivirus (AV) needs to remain up-to-date, but ultimately, this increasingly hostile environment often requires more advanced protection. A good endpoint detection and response (EDR) tool can help detect—and remediate—threats at the endpoint level beyond malware. Since attackers increasingly use malware obfuscation methods and fileless attacks, having an EDR that can detect anomalies that could be attack indicators beyond traditional malware files will be essential for protecting customers working outside their corporate office. 

5. Patch, patch, and patch

Patching should be one of the most fundamental practices for any security package. Vulnerabilities get discovered frequently, and cybercriminals can quickly rush to exploit these issues. Making sure your customers’ endpoints have the latest patches—both for their operating system and for their third-party software—helps prevent a good number of (mostly) easily preventable attacks. Set up an automated patch management schedule and stick to it. If any endpoints appear out-of-date in your RMM system, try to fix them as soon as possible. 

Good fundamentals matter

Practicing sound fundamentals often makes the biggest difference in defeating cybercriminals. Highly motivated criminals may use sophisticated techniques, but more often than not most cybercriminals look for easy targets, like unpatched systems or accounts with weak, common passwords. As challenging times continue, don’t let these fundamentals fall by the wayside. 

Stay tuned for part two of this where I cover another five cyberhygiene tips to help you keep your customers safe.

 

During this article, we mentioned endpoint detection and response tools, which can offer protection against a wider range of threats than traditional malware—including fileless attacks, weaponized documents, and polymorphic malware. SolarWinds® Endpoint Detection and Response (EDR) was built to help MSPs offer strong protection for their customers. It even can automatically roll back endpoints to a safe state after a ransomware attack. Learn more today.