Important Security Best Practices for Spring and Beyond

Written by Jeffrey Crystal and Ben Nowacky
March 2, 2020

Here are some key security practices to add to your company's SOP.

… complete recovery of all compromised systems, from a backup prior to the intrusion, can truly guarantee your systems are no longer under control of the hackers.

Increasingly, attackers are going the extra mile to destroy your data. There’s even the possibility they retain a copy off-site to hold in ransom, which leaves you with nothing left to recover from. Backup and disaster recovery (BDR) systems are a high-priority target of such attackers, destroying backups and even hard-wiping disk storage underneath backup systems to deny you any chance of recovery.

First, ensure all critical systems are backed up both locally and in the cloud. Use RMM tools to periodically audit any servers without backup, and in each case, add backups or document the exception.
Second, create a strict SOP for securing backup systems and monitoring their ongoing health, frequency and cloud replication status.

Avoiding exploits of RMM and other tools: Several high-profile attacks are accomplished by improperly gaining access to popular remote monitoring and management (RMM) tools, then exposing hundreds of servers and thousands of workstations across multiple customers, to simultaneously attack with the click of a mouse. Partners must secure such tools to keep malicious attackers from potentially destroying your customer data. Be mindful that the client systems you’re controlling remotely may not be compromised, and attackers may be watching your every keystroke and mouse click.

Protecting Client IT Security: While it is always possible to be the victim of a zero-day attack, most security intrusions are the result of weak passwords, phishing attacks (human engineering of any kind) and well-known security vulnerabilities and malware that might have been prevented. Keep the following points in mind to protect your clients.

Ensure all systems with access to your MSP’s own network are company-approved devices that meet company security requirements:
Multiple layers of defense are better.
Educate users, both employees and customers. Well-educated users are less likely to be compromised, and when attacked, are more likely to detect and minimize the threat.
Require a virtual private network (VPN) on untrusted and public Wi-Fi networks. Users accessing these networks should always use a secure VPN connection to force forward all traffic over the VPN.

Recommendations for Cybersecurity Framework

The National Institute of Standards and Technology released a framework for improving your Critical Infrastructure Cybersecurity. The framework uses business drivers to guide cybersecurity activities and consider cybersecurity risks as part of your organization’s risk management processes. The framework offers a flexible way to address cybersecurity, including the effect cybersecurity has on physical, cyber and people dimensions. It’s applicable to organizations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyberphysical systems (CPS), or connected devices more generally, including the Internet of Things (IoT).

It’s clear that in this escalating threat environment, backup should be your last line of defense against such attacks. Your ability to recover is dependent on the vendor you choose, their security framework and their ability to recover your client’s data.

Find a vendor that takes a multilayer approach to mitigating these risks, while also applying best practices in its operations, including authentication, patching, secure software development, penetration testing and overall corporate and network security.

Jeffrey Crystal is product manager at Axcient, where he is working toward convergence with the X360 portfolio. He joined Axcient when it acquired his former company Replibit, and previously was a senior engineer with a small IT services company providing managed services and helping to develop and pilot managed backup for about 200 SMB customers. You can follow him at LinkedIn or @Axcient on Twitter.

Ben Nowacky is senior vice president of product at Axcient, where he guides organizations in creating high-performance, scalable teams that cross-cut both product and development. You can follow him on LinkedIn or @Axcient on Twitter.