MSPs: Security Best Practices for Staying out of Cybercriminals’ Crosshairs

Ransomware and other cyberattacks are increasing in frequency and cost, and MSPs are now often the target of these attacks. Because MSPs provide a gateway into the networks of dozens or hundreds of clients, attackers can use compromised credentials to move freely among MSP and customer networks. Applying security best practices is key to staying out of cybercriminals’ crosshairs.

In 2018, the U.S. Department of Homeland Security issued a warning about the threat to MSPs and cloud service providers, noting that “MSPs generally have direct and unfettered access to their customers’ networks, and may store customer data on their internal infrastructure. By servicing a large number of customers, MSPs can achieve significant economies of scale. However, a compromise in one part of an MSP’s network can spread globally, affecting other customers and introducing risk.”

A recent CRN article provided several examples of how quickly a ransomware attack can spread from client to client once an MSP is compromised. Additionally, the article noted that poor internal cyber-hygiene practices among MSPs could lead to these vulnerabilities.

While many MSPs offer cybersecurity solutions and consulting services, they need to be just as vigilant about their own devices and networks. A breach can lead to a cascading series of compromised client networks resulting in a lot of unpaid labor spent repairing the damage followed by a loss of reputation and likely a diminished client list.

However, an MSP that follows security best practices internally can protect itself and its clients and provide a way to differentiate the security-centric MSP from competitors.

Those security best practices include:

Secure remote access tools against malware. Remote access has become a bigger target thanks to increased work-from-home scenarios (for both MSPs and their clients). Keeping these solutions safe should involve updating remote monitoring and management (RMM) tools with the latest patches/fixes; enforcing multifactor authentication rules internally; implementing IP restrictions on remote admin tools (when possible) and making sure that Windows Remote Desktop Protocol (RDP)—a common target in ransomware attacks—has been secured.

Restrict network access. Stolen credentials are typically the gateway for MSP-based cyberattacks, so there should be protection in place to minimize the damage if an account is compromised. For example, rights and permissions for staff should be limited based on roles and requirements, and MSPs should employ MFA, password managers, and robust password processes. Additionally, password management, MFA, network segmentation and app whitelisting can help prevent lateral movement across the network when there is a breach.

Use strong email and endpoint security. Ransomware and most other attacks typically originate from malicious emails. Leverage robust email security tools (including new solutions that employ artificial intelligence to monitor and identify unusual activity), as well as DMARC, SPF and SKIM methods. Malware protection at the endpoint is another critical defense.

Establish internal backup and recovery protocols. Many MSPs already provide backup and data recovery services for their clients. They should make sure they are using these tools effectively for their internal operations. Effective backup is an essential part of ransomware mitigation. There should be multiple backups (for both local and cloud-based systems) on different storage media, and at least one of these should be isolated from the network. In the case of a ransomware attack that compromises the RMM, network-accessible backups are likely in danger, as well. Also, regularly test and verify those backups. While this approach to backing up data is more intensive, the increase in ransomware activity makes it worth the effort.

Provide security awareness training for staff and clients. Ensure everyone can spot phishing emails and knows the proper protocols for reporting suspicious activity and alerting managers and clients after a breach. Most end users are just trying to do their jobs as quickly and efficiently as possible, so reminding them of the importance of these security practices can help reduce the possibility of a successful attack. Simulations can also help identify employees who need additional training.

Conduct regular security assessments. Security-centric MSPs are likely already doing this for their existing clients. But they should also perform regular internal security assessments to ensure their security posture keeps up with new and emerging threats.

Create (and periodically test) a disaster recovery plan. If there is a breach, who needs to respond internally? How will you notify clients quickly to minimize the damage? Who will deal with the attackers if there is a ransom demand? What process will you use to get your applications and your clients up and running as quickly as possible?

As MSPs increasingly become cybercriminals’ prime targets, their ability to protect themselves is a top priority. By creating strong internal defenses by following security best practices, MSPs can ensure their data and applications are safe and avoid becoming the nexus of a widespread ransomware event.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

 This guest blog is part of a Channel Futures sponsorship.