Here are some key security practices to add to your company's SOP.

March 2, 2020

6 Min Read
Best practices

By Jeffrey Crystal and Ben Nowacky


Jeffrey Crystal


Ben Nowacky

It’s reported that hackers attack every 39 seconds, which averages 2,244 times a day. Based on this, you have either already been attacked, are being attacked right now or you’re about to be attacked.

If that’s not enough to get your attention, consider these statistics:

  • Forty-three percent of breach victims are small businesses; about 30% of phishing emails are opened by users, and 12% of those users click on the infected link or attachment. (Verizon)

  • Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)

  • Every day, around 230,000 malware samples are created by hackers. (Panda Security)

  • Cyberattacks are the primary reason that around 60% of small companies to go out of business. (Small Business Trends)

  • Around 94% of targeted emails use malicious file attachments as the payload or infection source, while 91% of cyberattacks begin with a “spear phishing” email. (KnowBe4)

  • Only 5% of company folders are properly protected, on average. (Varonis)

  • Financial and manufacturing services have the highest percent of exposed sensitive files at 21%. (Varonis)

  • The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)

Clearly, the frequency and severity of cyberattacks are on the rise. Of particular concern is the increasing number of attacks directly targeted at managed service providers (MSPs) and their customers. What’s worse, the attackers often leverage MSPs’ own automation and remote-control tools to directly access and compromise their customers.

Security is a shared responsibility between vendors and partners, and it is imperative that partners also exercise best practices in securing their platforms, tools and devices to minimize risk to themselves and their customers.

Critical Security Practices

In this article, we highlight some critical security practices that should be incorporated into your standard operating procedure (SOP) checklists. This list shouldn’t be considered comprehensive, but instead suggest mitigations for the risks and threat vectors we see most often.

Ensuring password security: Increasingly bad actors are leveraging network monitoring and key-logging software to observe their intended victims for some time, capturing critical administrative passwords and familiarizing themselves with the target environment ahead of their attacks. Due to the skilled and patient nature of these attacks, it’s no longer enough to rely simply on strong passwords. Reusing a single password across multiple customers or environments is particularly dangerous, as once compromised, you’re potentially exposing multiple customers.

A common vulnerability in all too many environments is the presence of default passwords left in place on firewalls, IPMI interfaces and other areas. Default passwords allow attackers to gain dangerous access and privileges within the network. Always make sure default passwords have been replaced to deny this avenue of attack against your systems.

Mitigating ransomware and data destruction: By far the most common attacks involve the use of ransomware (e.g., CryptoLocker) software against your servers and workstations. Once encrypted, your data and systems are held hostage by a ransom demand, and paying the attackers provides no guarantee of recovery. In fact, even if payment results in the release of your systems, it’s almost certain the attackers have left root kits, back doors, and even time bombs, so they can strike again in the future. Only a …

… complete recovery of all compromised systems, from a backup prior to the intrusion, can truly guarantee your systems are no longer under control of the hackers.

Increasingly, attackers are going the extra mile to destroy your data. There’s even the possibility they retain a copy off-site to hold in ransom, which leaves you with nothing left to recover from. Backup and disaster recovery (BDR) systems are a high-priority target of such attackers, destroying backups and even hard-wiping disk storage underneath backup systems to deny you any chance of recovery.

  • First, ensure all critical systems are backed up both locally and in the cloud. Use RMM tools to periodically audit any servers without backup, and in each case, add backups or document the exception.

  • Second, create a strict SOP for securing backup systems and monitoring their ongoing health, frequency and cloud replication status.

Avoiding exploits of RMM and other tools: Several high-profile attacks are accomplished by improperly gaining access to popular remote monitoring and management (RMM) tools, then exposing hundreds of servers and thousands of workstations across multiple customers, to simultaneously attack with the click of a mouse. Partners must secure such tools to keep malicious attackers from potentially destroying your customer data. Be mindful that the client systems you’re controlling remotely may not be compromised, and attackers may be watching your every keystroke and mouse click.

Protecting Client IT Security: While it is always possible to be the victim of a zero-day attack, most security intrusions are the result of weak passwords, phishing attacks (human engineering of any kind) and well-known security vulnerabilities and malware that might have been prevented. Keep the following points in mind to protect your clients.

  • Ensure all systems with access to your MSP’s own network are company-approved devices that meet company security requirements:

  • Multiple layers of defense are better.

  • Educate users, both employees and customers. Well-educated users are less likely to be compromised, and when attacked, are more likely to detect and minimize the threat.

  • Require a virtual private network (VPN) on untrusted and public Wi-Fi networks. Users accessing these networks should always use a secure VPN connection to force forward all traffic over the VPN.

Recommendations for Cybersecurity Framework

The National Institute of Standards and Technology released a framework for improving your Critical Infrastructure Cybersecurity. The framework uses business drivers to guide cybersecurity activities and consider cybersecurity risks as part of your organization’s risk management processes. The framework offers a flexible way to address cybersecurity, including the effect cybersecurity has on physical, cyber and people dimensions. It’s applicable to organizations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyberphysical systems (CPS), or connected devices more generally, including the Internet of Things (IoT).

It’s clear that in this escalating threat environment, backup should be your last line of defense against such attacks. Your ability to recover is dependent on the vendor you choose, their security framework and their ability to recover your client’s data.

Find a vendor that takes a multilayer approach to mitigating these risks, while also applying best practices in its operations, including authentication, patching, secure software development, penetration testing and overall corporate and network security.

Jeffrey Crystal is product manager at Axcient, where he is working toward convergence with the X360 portfolio. He joined Axcient when it acquired his former company Replibit, and previously was a senior engineer with a small IT services company providing managed services and helping to develop and pilot managed backup for about 200 SMB customers. You can follow him at LinkedIn or @Axcient on Twitter. 

Ben Nowacky is senior vice president of product at Axcient, where he guides organizations in creating high-performance, scalable teams that cross-cut both product and development. You can follow him on LinkedIn or @Axcient on Twitter.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like