As an MSP, your work with clients and their sensitive data makes you a prime target for cyberattacks. Not only do you need to secure their environments to keep them protected, but you must also defend your own just as tightly.
At Todyl, we’ve helped MSPs secure their businesses for years, and have developed practical steps you can take today to defend your business from cybercriminals. Here are our top ten.
It’s critical to have organized documentation when your organization is under attack. Construct IR procedures to align your efforts in many potential security scenarios. This involves assigning roles and responsibilities, such as designating an incident commander, setting timelines for communication and responses, and establishing reporting schedules.
Conduct tabletop exercises with your team to stress-test your procedures, using the actual tactics, techniques, and procedures (TTPs) of known threat actors to ensure their effectiveness during a real incident. Specify which external parties, such as clients, stakeholders, incident response firms, and insurance carriers, need to be notified during an event.
Remote monitoring and management (RMM) tools are an MSP’s bread and butter which makes them targets for attacks. Recent hacks on SolarWinds and AnyDesk serve as prime examples. RMM tools affect other systems as they operate, so vulnerabilities like zero days have an increased impact and can lead to major exploitation.
It’s crucial to protect RMMs and other similar platforms as much as possible. Keep your RMM up to date on patches and follow all posted guidelines on remediation if your RMM is found to be vulnerable. Given their impact as tools to manage many devices, tight access control using techniques such as conditional access and multi-factor authentication (MFA) is critical. This will prevent bad actors from being able to use your RMM against you.
Your network is your domain, and the gateway to all your clients’ networks. If a bad actor can gain network access, the results could be dire. Using techniques like micro-segmentation, you can limit lateral movement within your network so only authorized users can gain access to sensitive data and environments that have downstream effects on your clients.
Solutions like SASE give you the ability to lock down your network even further, enforcing identity-based access controls on network resources and enabling secure remote access. With SASE, you can also create allow lists and use Secure DNS to further control which sites are accessible, cutting down on malicious and non-work activity.
Email is one of the biggest attack vectors today, with business email compromise (BEC) and associated phishing continuing to plague organizations. Given the multitude of relationships you must support as an MSP—clients, vendors, stakeholders, etc.—you receive emails from dozens of people daily. Just one phony email amongst the noise could lead to a security incident.
Seek email security solutions that help you vet the emails you, your organization, and your clients receive. That way, you can prevent users from clicking bad links in the first place and keep systems and accounts from becoming compromised.
Be prepared when disaster strikes, whether a natural catastrophe or ransomware. Having DBR processes in place helps align your organization around your procedures and backup cadences. With backups, it’s best to follow the 3-2-1 rule: three copies of your data (including the original), saved across two different storage media with one version saved offsite or otherwise air-gapped. This allows you to recover your data, even with multiple outages or an ongoing infection.
Build redundancy and repeatability into your DBR processes to keep consistency across your and your clients’ data management practices. This includes regularly reviewing your processes so they can adapt to changes in your operations and expand to suit growth and new clients.
Everyone plays a key role in cybersecurity. As the recipients of phishing emails and other attacks, your clients and users are the first line when defending your MSP.
Take the time to train everyone to spot phishing emails and understand how they fit in the larger security picture. Follow these best practices when rolling out your cybersecurity awareness training program.
Although many factors go into good security posture, you can never forget the basics. Practices such as routine patch management help keep your systems and applications up-to-date and prevent potential vulnerabilities arising from zero-day exploits.
Password policies also play into this ongoing process. Create complexity requirements and have regular rotation requirements to prevent password reuse and invalidate potentially compromised credentials. A password manager helps users make complex passwords without having to remember them all or leave sticky notes under their keyboards.
Zero trust security, predicated on the concept of “trust nothing, verify everything,” is one of the most prominent security approaches today. With zero trust, user access is limited by the principle of least privilege. With least privilege, users are only authorized to access the bare minimum of resources they need to perform their duties.
This way, in the case of a compromised identity or insider threat, a single user's blast radius within the network is reduced only to what they have access to—no more, no less. Other core tenets of zero trust security include tight identity management and using MFA wherever possible to verify users are who they claim to be.
Security is never a point-in-time event but an ongoing process of adaptation and improvement. Your security procedures and practices must always evolve as you and your clients’ businesses change and scale. And, given the novel way bad actors target organizations and the variety of tools in the IT ecosystem, your security posture must always be able to keep pace.
Create routine cadences on which to review your processes, identify vulnerabilities/flaws, and address them. You should also track user behaviors and other logged information to spot unusual activities that may indicate potential compromise.
As you build out your cybersecurity program, consider how to optimize your security stack along with it. Using a comprehensive cybersecurity platform provides you with robust technologies to help you defend and monitor your endpoints, networks, applications, infrastructure, and more across multiple tenants.
Combining solution sets like Endpoint Security, SASE, SIEM, SOAR and more, a comprehensive cybersecurity platform gives you all the tools you need to effectively defend yourself and your clients against the threat of cyberattacks. And, through MXDR, you get all these benefits with 24/7/365 security expertise and coverage.
Contact us to learn more about how to roll out these best practices and a cybersecurity platform in your MSP today.