COVID-19: 3 Cybersecurity Essentials for MSPs and IT Providers in a Time of Remote Working
The novel coronavirus upturned many of the ways in which we live and work. And it’s important to acknowledge the hard, incredible work MSPs and IT providers have done to help their clients shift to fully remote nearly overnight. Despite this effort, businesses can’t take their eyes off the ball when it comes to security. There are at least three things every provider should put in place to fortify the security and productivity of their customers:
- Remote control and support
- Password management
The current threat landscape
Before the current crisis, we had already seen an increase in the number of reported data breaches, as well as their efficacy. High-profile breaches often represented incredible numbers of consumers who had their information compromised. For example, the Marriott attack compromised records for an estimated 500 million customers. Credit card information for more than 30 million was stolen and resold during the Wawa breach. However, this wasn’t the only problem—MSPs increasingly became the focal point of cyberattacks. For example, KrebsonSecurity reported that more than 100 dentist offices were attacked by ransomware that funneled through their IT service provider. Attacks were common enough that the US Department of Homeland Security DHS issued warnings of attacks against MSPs, along with guidelines for staying safe.
All of this occurred before large portions of the globe had to change the way their businesses operated nearly overnight. In the midst of simply getting things set up, organizations likely scrambled enough that corners were cut, and errors were made in the interest of expediency. It’s natural—you have to get people up and running, so taking the time to implement proper security precautions can sometimes fall by the wayside. Even if you’ve taken all the right steps, odds are good some vulnerabilities were introduced somewhere in the process—whether it’s a problem in the software supply chain or users setting up their own accounts using weak credentials. All this is to say IT providers need to stay vigilant against security threats perhaps now more than ever. As mentioned before, they will likely need at least three technologies to help keep their networks safe:
Backup will be extremely important during this uncertain transition time. Backup tools offer an important insurance policy against data loss. Access to data and systems is paramount today for businesses to stay open and successful.
During times of crisis, cybercriminals can often use the ensuing confusion as an opening for an attack. We’ve already seen reports of attempts to scam people seeking information on COVID-19. This makes it even more important to have strong backups to protect against either data loss or ransomware attacks. So make sure to have strong, cloud-based backup in place and to schedule backups to run on a regular basis. Additionally, consider testing backups regularly so you know they’re ready to go in the event of an emergency.
This probably seems like an obvious recommendation—when your customer base moves its workers completely to a remote setup, you’ll need strong remote support tools to help them. Odds are good you already have a remote support option in place. However, it’s important to make sure your remote support solution is fast and encrypted. Remote access attacks, particularly via remote desktop protocol, have become increasingly popular and effective forms of attack. Check to make sure any remote support solution you use includes safeguards and features to help encrypt data and traffic, prevent session hijacking, ensure remote support sessions come only from trusted actors, and close remote support connections automatically when done.
(For a limited time, try Take Control Plus free for 90 days in response to COVID-19.)
As mentioned before, MSPs were already targets for cybercriminals. IT service providers typically have access to a lot of sensitive and valuable data since they touch multiple businesses on a given day. Even extremely security conscious IT professionals can make a mistake, like reusing passwords across accounts (either personal or professional) or setting up an account with a simple password and forgetting to reset it. Unfortunately, account takeovers can be devastating both to IT providers and their customers.
This is why a strong password management solution can be incredibly helpful. Password management solutions can help you enforce best practices by automatically generating strong passwords for accounts and forcing password refreshes and resets on a periodic basis, while also enabling productivity by giving technicians one-click access to services without having to remember separate passwords. With a solid chunk of cyberattacks occurring due to poor password practices, it’s imperative to keep your team’s passwords strong. And during a time of heightened stress like the one we’re currently in, it’s common to make mistakes, so automating as much of the password management process as possible can help reduce your potential exposure.
SolarWinds® Passportal can play an essential part in helping you keep your customers safe from cybercriminals as both your team and your customers continue working from home. Some of its key features include:
- Company and Personal Vault
Protect customers by storing privileged client data in a cloud-based, centralized company vault. You can also optionally allow users to have their own vaults for personal users.
- Discovery and Automation
Discover client data, passwords, and network information wherever you are. Password change automation lets you rotate expired passwords on a regular basis.
- High Availability
Access data almost anytime, anywhere, on nearly any device—desktop, tablet, or mobile phone. With significant uptime, you’ll be able to keep remote workers productive and safe with ease.
- User Management
Assign, revoke, and manage user permissions, and monitor user access for suspicious behavior with audit trails. Give access to those who need it when they are working from home without worrying about someone else attempting take advantage of the remote workforce.
- Analytical Dashboard Interface
Monitor password strength, rotation, expiry, and accounts on an easy-to-read dashboard.
- Apps and Integrations
Make it easy to access accounts via a one-click login through the personalized mobile app and cross-browser extensions. SolarWinds Passportal currently integrates with PSA, RMM, and network tools your MSP is likely already using.
Learn more about SolarWinds Passportal today.
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.