Wipro, one of India’s largest and most successful MSPs, recently fell victim to a hack that was accomplished via a phishing campaign. After gaining entry to Wipro’s network “for some time,” the hackers were able to launch cyberattacks against more than 10 of Wipro’s customers.
This is only the latest in a series of hacker attacks targeting MSPs and other IT consulting firms. It’s become a trend that is unlikely to end anytime soon. Hackers are realizing that one of the paths of least resistance to an organization’s data and information is through the IT provider that services the organization. While MSPs and other IT service providers should be the most equipped and aware of these kinds of threats, hackers remain all too successful in gaining direct entry to the MSP itself.
Hackers are realizing that one of the paths of least resistance to an organization’s data and information is through the IT provider that services the organization. Click To Tweet
Too frequently, MSPs are caught unprepared by bad actors and, as the Wipro breach illustrates, their customers are also likely to pay the price. Proactive MSPs have started to react to this recent trend of becoming targets for hackers by examining and fortifying their security measures across the board. However, there is plenty of room for improvement in implementing best practices to protect an MSP’s business and its customers moving forward.
Strengthening your defenses
MSPs must employ security measures that will work not just for their clients, but also for themselves. By practicing what they preach to customers, MSPs safeguard all parties involved, and position themselves as trustworthy, knowledgeable advisers to customers. With this in mind, a few best practices that service providers should adhere to include:
- Provide security awareness training. This goes for BOTH their own employees and their customers, to help them recognize phishing attempts, BEC attacks, and other threats. Offering phishing education, multi-factor authentication, and the use of a VPN for logins on cloud devices will make all the difference in protecting privileged accounts that are prime targets for bad actors. Use a remote monitoring and management (RMM) platform to ensure that software patches are up to date
- Control and closely monitor access. Know who has access to a network and how they access it, in order to limit available avenues for hackers. The fewer routes for them to take in their attempts to compromise the network and its data, the better. Access policies should take MSP employees, customers, and vendors, into account.
- Ensure proper backups are in place. It can seem like common sense, but it’s important not to overlook that backups are not only set up, but working correctly and are able to support a successful restore in the event of a successful attack.
- Think, and act, proactively. This means implementing security services that can eliminate threats before they reach their intended target. Examples of these include providing real-time view and analysis for staff who monitor security to allow for faster response times. Another critical measure to take is to set an incident response protocol to prevent, or at least minimize, any damage in the event of a breach.
- Use unified threat protection. When dealing specifically with the networks of clients, MSPs can utilize several methods to guarantee their security. One of the first steps is protecting against threats on virtual AND physical endpoints by using a unified threat protection agent that can deploy on both locations.
- Keep compliance in mind. Reviewing legal requirements, such as HIPPA and FINRA, for each industry the MSP deals with is another must. This action ensures that both the MSP and its client remain in compliance and avoids the extra headache of being found legally liable in the event of a breach. These compliance guidelines also provide a solid baseline of security protocols and standards that MSPs can base their offerings around.