End customers are being targeted and infected with ransomware via their relationships and connections to MSPs, with increasing frequency. Some attackers even go as far as accessing customer credentials from the remote management consoles of the MSP to successfully distribute the threat.
With MSPs holding the keys to their customers’ environment, they have an important responsibility to be vigilant about securing their credentials to ensure attackers cannot exploit their customers through their access.
Best practices to follow
To help you strengthen your credential security, we encourage you to take the following precautions:
- Review access to MSP tools. It is often an afterthought, but as users leave or changes take place in your organization, you may need to adjust permissions accordingly. It is best practice to grant access to tools that an individual currently needs access to. Any employees who have left, or no longer need that access, should not still have access. Diligently revoking unnecessary access helps mitigate the risk of attackers using these inactive accounts to enter your customers’ environments.
- Enforce strong password policy. This goes beyond having strong passwords themselves. It also means instituting a frequent change policy and requiring different passwords for different customer sites. The password change policy needs to be enforced throughout your organization and for your entire portfolio of tools. Use a password generator to generate credentials such as GRC Passwords, which generates long, high-quality random passwords.
- Two-factor Authentication. Two-factor Authentication in software has become a must-do in today’s cyberthreat landscape. If there is a two-factor authentication feature within software you use, ensure that both you and your users are taking advantage of it and do not have it turned off. If the software you are using does not have two-factor authentication capabilities, you can consider leveraging single sign-on tools to strengthen your password security efforts.
- Store passwords securely. Using complicated passwords has its disadvantages because they are hard to remember. Many users may start storing these passwords in commonly used applications that are unfortunately unsecure, such as Notes or Notepad. This makes the information easy for cybercriminals to steal. Employ the use of a password manager for your users to use to securely store their passwords.
- Review user roles. Like the first best practice mentioned above, MSPs should work with their clients to review the roles assigned to employees at their businesses as well. Part of reviewing roles means looking at permissions associated with different roles. This should be done regularly, to ensure each user is not given more permissions than they need to do their job.
Security is of utmost importance at every business, including here at Barracuda MSP. Please review your security settings for your Barracuda products, as well as the rest of the solutions you manage, to ensure you are complying with security best practices. For more information about how to configure your security settings with Barracuda MSP products, please visit the Barracuda MSP Knowledge Base.
Photo: SFIO CRACHO / Shutterstock