Written by: Charles Weaver, co-founder of MSPAlliance
As the coronavirus madness continues to spread globally, many organizations are instituting mandatory remote work policies. While many companies may find remote work new and challenging for MSPs, remote work is a way of life.
Until this pandemic passes, we may have to weather a short term remote work environment. What we cannot do is accept security and best practices to be compromised during this difficult time. So, here are a few friendly reminders to keep your MSP practice safe and secure.
Review User Access
Assuming you know all the active users within your MSP organization, you should be performing regular access reviews of their activity. Access reviews should include whether the user is working, but also that they are authenticating and accessing into MSP and client systems in the approved manner.
Enforce Client Access Policies
If you are practicing good MSP best practices, you are not having your remote users directly access client systems. Instead, it would be best if you were having those users authenticate into your NOC (i.e., RMM system) before accessing any client devices or systems. Not only is it safer for your client, but it also allows your MSP to effectively manage all remote access into client systems for audit purposes.
User Authentication
Even if your users are working from within a physically secure network operation center, they should still be authenticating effectively before gaining access to any RMM, ticketing, or client systems.
When MSP technicians work remotely, they must be accessing these management systems using a username, password, and at least one other authentication method. Multi-factor authentication (MFA) solutions are widespread and very easy to use. MFA solutions also integrate with many MSP tools. If yours do not, consider using a different tool!
MSP workers will also need to work remotely. It is part of the territory that comes with being an MSP. But, you should always be enforcing effective remote worker policies that keep both you and your clients safe.
4 Attack Vectors MSPs Should be Covering - MSP Alliance
Posted at 10:17h, 31 March[…] are the key areas of security focus for remote workers? We will discuss 4 key attack vectors MSPs should be considering when developing a managed security […]