We’ve discussed many times that the key to protecting your clients is cyber resilience, not just cybersecurity. (Here’s a breakdown of their differences.) Coming off a year colored by jaw-dropping attacks on everything from mom-and-pop shops to critical infrastructure, that need has only become more pronounced. With some of the most security-savvy firms in the world falling prey to cyberattacks, the need to both defend against attacks and prepare to recover from them is almost self-evident.
Still, many MSPs report that it remains challenging to get some clients to warm up to the layered approach to business continuity that underpins cyber resilience. One method that could be helpful is to walk them through the U.S. Department of Justice (DOJ) guidelines advising businesses on how to protect themselves from cyberattacks. Doing so offers two benefits:
- Reinforcing everything you’ve been telling them about cyber resilience from a neutral authority.
- Demonstrating in detail the need for continuity measures in addition to security features.
Let’s take a quick look at some of the critical aspects of the advisory and how cyber resilience tools are designed for just those purposes:
1. Preventative Measures
Among other things, the DOJ recommendations for business include:
- Implementing awareness and training programs
- Enabling strong filters to prevent phishing emails from reaching end users
- Scanning all incoming and outgoing emails
- Blocking access to known malicious IP addresses
- Using a centralized patch management system
- Automating antivirus and antimalware scans
All of these are core components of cybersecurity practices. In fact, advanced solutions take all of these principles much further than the DOJ spells out – cutting-edge threat intelligence, robust endpoint security, AI-powered defenses and many more.
2. Business Continuity Considerations
Here, the DOJ states the obvious: even with the best defenses, you could suffer an attack. That’s likely what you’ve been telling your customers, but it’s good for them to hear it from an external authority with no “skin in the game,” so to speak.
DOJ recommendations for weathering those attacks include:
- Backing up data regularly
- Annual penetration and vulnerability testing
- Securing backups
Leading cyber resilience providers not only embrace these principles, but they also refine them to deliver significant resilience in the face of an attack – like strategic backups of application data and rapid restoration of everything from an entire system to a single endpoint.
3. Talking Points
Here’s a simple, five-point opener to help you in discussions with your clients:
- The DOJ says that 4,000 ransomware attacks occur every day.
- Because of this reality, they recommend strong defenses – both technologically and through robust security awareness training.
- They also recommend preparing for a strong recovery in case an attack is successful.
- This is what cyber resilience is all about, and if you choose the right vendor, it can be robust and affordable.
- Let’s look at their recommendations a little closer and see what we can do to protect your company.
From here, you can walk them through the recommendations and detail all the ways you can help them face 2022 with confidence. And if you have a reliable vendor partner, you may be able to secure some on-the-ground sales engineering and closing support for those stubborn, hold-out customers that most need your help.