Cybersecurity tips for MSPs

Cybersecurity tips for MSPs

Anyone in the business of defending computer networks knows that attackers have the advantage over the long run. To secure a network, we must secure every device, entry point, and pathway and educate every end-user.

On the other hand, attackers need to discover only one mistake, or trick one user, at one point in time, to gain entry.

We have to be nearly perfect; they simply have to succeed.

Where to start?

With that daunting premise in mind, what can we do to best protect our clients, their businesses, and ourselves? There is no single right answer, and there are a lot of moving parts. I take a three-pronged approach to this in my practice. I protect endpoints, the perimeter, and my own practice. But before we dive in, I want to revisit what happened to so many of us about nine months ago.

Overnight changes

In March, like so many, I had to suddenly shift half of our client’s staff to remote work, most of them in one week. To make this shift quickly, I cut some corners, which is not something anyone in IT security wants to say. We did not start forwarding RDS, but we did violate our “Prime Directive” and allow unmanaged endpoints to connect to our networks. With a 30% increase in exploits focused on RDS by April (according to SANS Institute), the miscreants are ahead of the game.

I decided the best option was to provide proxied RDS service to our remote users to allow them the benefits of SSLVPN connectivity without the complications of securing SSLVPN connectivity. That gave me a significant degree of insulation against threats migrating from the remote (home) machine to the target (office) machine. Of course, you have to monitor this new pathway, so working with a vendor that monitors for anomalous behavior (such as out of geo, multiple login failures, etc.) is crucial.

Defending your endpoints

Next, I decided to better protect our target endpoints, adding a threat hunting client that worked in concert with the next generation, non-signature AV client we use. I backed that up with SOC services that were tied to the client, providing us the ability to lock the endpoint down for remediation should any anomalous behavior become apparent to the SOC. This is not the endgame, and as time passes, we will move back to allowing only managed endpoints into our network. But the need to quickly provide remote access to unknown endpoints really drove this choice. And it works.

MS365 — another “endpoint”

With so much being done in M365, it makes sense to treat it as an endpoint. Of course, every mailbox needs spam filtering, but with the explosive rise of phishing attacks, dedicated phishing protection is also wise. We use a service that detonates every link in every email, quarantining any messages with malicious links. Looking out for anomalous behavior in your M365 tenants should be part of your toolset; think of it as SOC service for your M365 tenants. And do not forget about the comprehensive backup of Outlook, OneDrive, SharePoint, and Teams.

Defending the perimeter

Now that “Work from Anywhere” is our new normal, the very concept of the network perimeter is almost quaint. But most of us still have clients with traditional networks to protect, and that still means starting with a sophisticated firewall, well hardened and monitored. We should also manage, secure, and monitor WiFi access on premise. And we have to provide secure remote access for our users. This used to mean SSLVPN, whether through the firewall or a dedicated device. As discussed earlier, I have moved to proxied RDS for this, rather than SSLVPN clients.

Defending ourselves as providers

You should have a strong culture of using the same products and services you deliver, or “eating your own dog food” as we say here. That is how I make sure we develop an intimate understanding of our tools. We develop processes and procedures, execute from checklists, and then carefully check our work. As nearly daily news of attacks on MSPs and the providers of their toolsets breaks (including today’s Solarwinds revelations), it has become clear that we as MSPs are the new targets. That leads to my final thought here; every MSP should understand what their E&O and Cyber liability policies do and do not cover. A good talk with your insurance provider is probably wise.

Stay up-to-date on all things

We care about protecting your data. Here’s our Privacy Policy.



Why are managed service providers scared of the word 'operations'?

If you are here reading this article, chances are you're going through one of the most common stages in the life of an MSP (managed service provider). It's probably been a few years since you started your business, and you feel that you still need to dot the i's and cross the t's.


Introducing SuperPod Bytes — a new way of doing podcasts

We're doing to podcasts what Twitter did to blogs. We're starting a new wave of short, tightly produced podcasts called SuperPod Bytes because, seriously, who has the time?


6 marketing basics for managed service providers

Many owners of Managed Service Provider (MSP) businesses come from a technical background. They are frequently engineers that have excelled in their field and have exceptional people skills. It allows them to grow a business organically.

closeThank You

Thanks for joining our pilot program! We're super stoked!

One of us will get in touch with you in the next 24 hours to talk about the next steps.