With managed services providers (MSPs) finding themselves increasingly targeted by cyber crime, it's never been more important for them to rigorously scrutinise their internal security posture and practices.
MSPs hoping to forge their reputation as a reliable partner, and a preferred source for security services and technology, must practise what they preach. This means incorporating security into your daily routine; not just for your customers but also internally, within your organisation.
MSPs are increasingly slipping into the crosshairs of organised cyber criminals, with the National Cyber Security Centre (NCSC), for instance, warning in 2018 that hackers are targeting them due to an interest in leveraging networks to breach multiple organisations simultaneously.
Our own research suggests just over a third of MSPs have been impersonated by cyber criminals attempting to target their customers, and almost half of these customers had fallen for it. Such a tactic, if successful, could lead to a massive breakdown in trust between MSPs and their customers, while threatening to jeopardise any future capacity to build new relationships.
To protect themselves and their clients, MSPs must implement and follow the same best practices they advise their customers. Specifically, they must monitor their network activity to ensure their systems aren't inadvertently being used as a launching pad for malware, ransomware or other kinds of attacks.
Security best practices that MSPs must follow
Examine the security tools and practices you recommend to your clients. Do you also use them internally?
This not only will this make your sales pitch stronger for potential clients, but it also gives staff intimate knowledge of exactly where protection begins and ends within those products. Here are a few best practices to follow as an MSP:
- Develop security policies that match up with the current threat landscape, and make sure they are clear and easy to follow. As part of that process, evaluate your current access management and administrative procedures. You'll want to limit permissions and access as much as is possible or practical to reduce the scope of any potential breach, and make sure everyone understands why this is important in your organisation.
- Make third-party patch automation and software update management a staple in your daily security. Automation is speeding up in many industries, and nowhere is this more the case than in the cyber security sector. Why should your team be doing something as mundane as implementing patches when you have the tools to do this automatically?
- Use multifactor authentication for your customers and your internal staff. Also, ensure that the vendors you work with have implemented proper security measures; otherwise, your hard work can be undone by the poor password practices of a third-party vendor or a poorly trained helpdesk employee.
- Restrict access to public file share sites and use a VPN for your MSP connections.
- Implement a security awareness and training program internally that includes regular updates, alerts and phishing simulations. This will help shore up any potential gaps and enable you to work with customers to correct risky employee behaviours. If you're not feeling ready to offer this type of service to customers, get started by deploying such a program for your staff. It can be a great way to develop their own security awareness. This will position you to have more effective educational discussions with your customers and their employees.
- Establish a robust incident response protocol that includes clear direction on who gets notified when there's a problem and who's responsible for taking action. This will eliminate costly delays and help reduce the damage when there's an attack.
- Put protocols in place to revoke privileges, remove password access and shut down accounts when an employee is terminated. Idle accounts are a disaster waiting to happen, even when an employee parts on good terms. In some cases, the email accounts of deceased employees have been used to access a network.
Communication and remaining vigilant are key
Have regular security conversations with your clients and be sure to include an overview of what you're doing internally to keep your network safe in addition to protecting their data. This not only helps customers increase their awareness of current threats, but it also improves your status as a trusted advisor and can open up conversations about additional services that they may not have thought of before.
MSPs are an attractive target for cyber attacks because once a breach has occurred, the hacker suddenly has access to a vast range of victims. The cost of a user account at an MSP is exponentially higher than a breach at an individual client because the MSP account can provide access to so many networks. In adding advanced software management into your daily routine, MSPs can use policy-based monitoring to provide multi-layered protection for end-users, making security easier to manage.
It's more important than ever for MSPs to be vigilant about their internal security practices, in addition to monitoring their clients' networks and applications for unusual activity. By incorporating security into your own day-to-day business practices and activities, you can better protect your company and your customers' systems.
Jason Howells is director international at Barracuda MSP
