MSP Security: Does Your MSP Protect You and Themselves?
To effectively monitor and manage their client’s systems MSPs (Managed service providers) often establish remote connections to all their client’s networks. Unfortunately, those multiple connections make MSPs a prime target for ransomware and hacking.
Essentially, a hacker can gain access to not just the MSP’s network, but all their clients too, with a single attack. They perform one hack but can capture the critical data of countless businesses—and then hold that data for ransom at an extremely high price.
The Ransomware Threat For MSPs
Ransomware attacks are gaining popularity. Global cyber insurance provider Beazley reported a 37% increase in ransomware attacks in the third quarter of 2019 compared to the previous quarter. Particularly worrying is that a staggering 25% of all incidents were against MSPs.
If your MSP isn’t taking steps to secure themselves, they are not only putting their business and reputation at risk, but yours as well. Here at Spire, we understand the gravity of this threat and practice what we preach to our clients when it comes to cybersecurity. Ransomware is not something to mess around with. We have seen other MSPs fall victim to it and be used as a tool for hackers to then deploy their ransomware to all the MSPs clients as well. We take every precaution to ensure we not only keep your system secure but ours as well.
We take advantage of almost every security solution we provide our clients because a layered security approach is necessary to ensure protection. Here are the measures we currently take:
1. Firewalls & Security Software
We practice what we preach and then some. Just like how we outfit our clients with top-notch security solutions, we have fortified ourselves as well. Our Firewall services also include intrusion protection and prevention as an added layer of security, and manage updates to the firewall software.
We also utilize anti-virus and anti-malware software and review the logs from our systems and thousands of client systems daily, taking action as necessary.
2. Network Segmentation
To prevent a hacker from gaining access to all our clients’ networks by merely accessing our own, we utilize network segmentation. We divide our system into smaller sub-networks and implement policies to control traffic flow and access to them.
3. IP Rules and VPN’s
We completely block access to critical systems from outside allowed IP addresses and use VPN software with MFA required to access management systems.
4. Multifactor Authentication
Even if a password becomes compromised, we have MFA enabled on all our accounts heightening our security and reducing the possibility that a hacker could gain access to our, or our client’s, information.
5. Employee Security Training
Employee cybersecurity training is often an overlooked security strategy- but it is incredibly effective. Teaching your employees how to spot social engineering attacks and avoid falling victim to them is imperative.
6. Security Essentials Pack for M365
We don’t like to leave things to chance, so we have added our own security essentials pack to our M365 environment. This tool constantly keeps the relevant security measures enabled in your M365 environment to ensure you are constantly as secure as possible. You can learn more about it here.
If your current MSP isn’t taking the threat of ransomware attacks seriously, and aren’t even utilizing their own security services, that would be a huge red flag to us. If you are looking for a partner that practices what they preach and values your security as much as their own, schedule a consultation call with us via the link below.