[12 DAYS OF PASSWORDS | 3 MIN READ] MSPs, are you now ready to take a second look at your security service offering? After today’s coverage of the US Justice Department preparing charges against hackers targeting MSPs and RMMs, it begs the question, "why wait?". Threats exist for the MSP from external and internal sources and it's time learn about them. Whether it is an external hacker or rogue employee, exfiltration can happen through a number of angles. Access management is vital for prevention. Do you currently manage a multitude of sensitive credentials for a growing client base ? If yes, then these MSP quick tips are for you.
It was not long ago when an ethical hacker penetrated a $40M MSP...
And they were successfully exploited, leaving the MSP and their clients credentials and data vulnerable. Passportal's President, Dan Wensley, himself delves deep with the ethical hackers themselves in a recent webinar into how exactly this happened and how easily it could have been prevented.
The market today has proven that MSPs are becoming increasingly attractive to external forces. The group most commonly targeting managed service providers is the actor group, Advanced Persistent Threat (APT) 10 geolocated internationally, yet hitting so close to home. This was the hacking group that emerged yet again for the reported MSP and RMM exfiltrations. According to threat intelligence agency FireEye, APT10 targets North American, European and Japanese governments, and MSPs in the industries of construction and engineering, aerospace, and telecom firms.
Hacking can happen within the MSP
Not only do you need to be aware of external threats and phishing scams, you need to be aware of which technicians have access to what. Does your MSP have control? If you are unable to identify the permissions and privileges through a technician hierarchy, how comfortable would you be telling how your clients sensitive data is being handled.
What if technicians leave the company? Technicians typically know or have access to the vital information to the internal working of your MSP and your clients. Now, let's let that stew.
MSP Quick Tip Takeaways...
- Implement a Password & Documentation Management solution will relieve that worry of who knows what. Use automation and permissions to your advantage.
- Advance your service offering and security posture in the market through branded Password Management-as-a-Service (PMaaS)
Continue reading Passportal's 12 Days of Passwords:
- 12 Days of Passwords: Educate Your MSP on Cybersecurity & Password Best Practice
- 12 Days of Passwords: Use Multi-Factor Authentication (MFA)
- 12 Days of Passwords: Access Management to Privileged Credentials (You're already here!)