Datto’s focus has always been to help our partners, managed service providers (MSPs), thrive. To that end, we’ve been proponents of a largely open ecosystem in which vendors work together to make the day to day operations of the MSPs they serve more efficient and successful. In the fall of 2019, we brought together four main vendors in the MSP space to compile a list of security best practices that every MSP should implement to mitigate the risk of ransomware attacks and other cyber threats.
Team members from Huntress, ID Agent, Connectwise, and Datto put their heads together to develop the tips I’m sharing in this article, and so I’d like to thank each and every one of them for their contributions. Below are only highlights that include high-priority items, but please download the full list on our website to ensure your company is doing everything it can to prevent ransomware attacks.
What Should You Do Right Now?
The below items are high-priority security action items that MSPs can execute now to better protect your business, your data, and your clients.
Identity and Access Management
- Conduct an audit of all technology solutions, user accounts, and roles. Repeat this process on a quarterly basis (at least).
- Disable accounts upon employee technology offboarding, or update permissions and access upon role change.
- Disable inactive or underutilized employee accounts if they are unused or inactive for long periods of time.
- Use a password manager to create strong, unique passwords per technology solution and enable multifactor authentication (MFA) on the password manager. Do not allow storage of credentials in a web browser.
- Protect any API keys in use.
- Use different keys for different integrations, rotating them periodically.
- Use IP restrictions where possible.
- Store keys securely.
- Enable MFA on all accounts that are allowed to via API keys anywhere they are configured for use.
- Restrict RDP access to LAN only - do not configure internet access to RDP.
- Use a VPN to restrict access to admin tools (RMM, Remote Access, etc.). Use MFA on the VPN.
Patching Your Channel Technology
- Update all endpoints and technology software to versions that are free of known material vulnerabilities.
- Review vendor practices for discovery, patching, and notification of vulnerabilities.
Protection of Local and Cloud Backups
- Act on your vendors’ recommended guidance or best practices for the protection of your backup technology.
- Move away from shared login accounts on appliances and technology portals.
- Enable MFA on access to technology portals and appliances.
- Store copies of backups offsite, or in an isolated network or file share location that is inaccessible from servers or workstations, thus making backups harder to access, encrypt, or destroy.
- Monitor and alert for backup deletion. Some vendors offer “soft” delete so backups are not immediately removed. Understand your vendors’ capabilities.
- Test your backups. Determine how long it takes to do a restore, and set accurate expectations should the need arise.
To learn more, download the complete checklist of best practices to better prepare for cyber threats, like ransomware.