Time to Review Your Internal MSP Security
Written by Charles Weaver, Co-Founder of MSPAlliance
It is 2020. That means it’s time you review your internal MSP security preparedness. What does this mean? Let’s take a closer look at what you should be doing in this new year and decade.
First. If you think your MSP practice has zero risks and is not being targeted by cybercriminals, then you should probably find another profession. The last 24 months should be a sobering reminder of the prominent position all MSPs have within today’s global cybersecurity defense.
Second, and perhaps most important, all the hacks we know of from press accounts seem to involve attack vectors, which may be easily guarded. Here are a few simple steps you should probably take sooner rather than later.
Exploiting shared administrator accounts has been the path where hackers have seen success in the past. Once successful, hackers will continue their attacks until they are blocked. Compromising administrator accounts gives the hacker a broad level of access to do what they wish. Guarding your administrator user accounts and distributing them with discretion is a good first step.
Lock Down Your Vendors
It’s no surprise that hackers love exploiting MSP vendor tools. While they may not like it, vendor access into your network should be an area of focus for your internal security review. I would suggest providing limited administrator access for only those occasions when the vendor needs it. Persistent, administrator access is now a thing of the past and no longer a best practice.
Backup Your Data
Most MSPs are familiar with delivering backup as a service to customers. But what about protecting your internal data? Restoring your company’s data from a ransomware attack is a far better alternative than not having a current backup point. MSPs should first and foremost protect their networks before selling a byte of backup as a service to a customer.
Scan The Perimeter
Vulnerability Scanning is an excellent service to deliver to customers. It’s an even better idea for your internal MSP network. Performing regular vulnerability scans is part of keeping a healthy and secure network perimeter. If you want to be extra vigilant, outsource this service to an external provider.
Stop wasting time with spreadsheets. It is 2020. Time to store your MSP passwords with a password management tool. Not only will this encourage better password behavior, it can also offer benefits such as better user and identity management as well.
Doing all of these things to protect your MSP practice? Great. Now prove it. Just practicing security is no longer enough. Today, you need to demonstrate your security best practices. Getting MSP Verified by an independent auditor can help you communicate all the great things you’re doing to protect your MSP practice and all your customers. Otherwise, it’s just bragging.
Before you say it, there are a lot of additional steps you should be taking to protect your MSP practice. The above mentioned highlights are exactly that; highlights. Being secure in 2020 means practicing constant vigilance and always striving to improve. Hackers are aware of MSPs and will continue attempting to circumvent your defenses in order to get to your customers. Don’t let them in!