The Last Thing You Need is Your MSP Partner Getting Hacked

Is your MSP implementing the best IT industry practices they ask you (their customers) to follow?

August 7, 2019Manhattan Tech Support

IT Consulting & StrategySecurityTech Support & Managed IT ServicesConstructionEducationFinanceHealthcareLegalReal Estate

What happens when the managed IT services provider you trust to keep your IT infrastructure safe and secure gets hacked? What do you do when your network and servers are compromised in a secondary attack? Unfortunately, attacks on MSPs by local and foreign bad actors are becoming quite common, but there are certain steps only the most experienced and elite MSPs take that separate them from the rest.

MTS_Hackers_problem_MFA

What’s wrong?

Last week, Continuum, a renowned professional services automation (PSA) firm used by many MSPs nationwide, reported via email that one of its clients – an MSP – was breached by cybercriminals who stole its credentials, which were then used to disable antivirus on their clients’ machines and “run scripts to deploy ransomware at several end clients.” Continuum added that they believe this incident occurred most likely because of phishing, whereas an employee of the MSP unknowingly gave out their Continuum credentials to hackers.

What can you do as a company?

You can either say “should have, could have, would have” when it’s already too late OR take your MSP to account NOW. As a company, you must inquire about what your technology partner is doing to keep their business – and in turn, your business – safe. Never shy away from asking the tough questions.

  • Does your MSP have an internal security expert and/or team to make sure industry best practices are being followed and that their infrastructure – as well as yours – is well protected against cyber-attack?
  • Has your IT partner ever discussed multi-factor authentication with you? If not, do you know if they are using it themselves to help prevent disasters like the one above?
  • Does your MSP have a disaster and incident response plan and procedure in place for themselves and your business? What happens during outages or emergencies – or cyberattacks?

If your technology partner can’t answer these questions with authority – contact us and we will. Having a plan to mitigate, and, if needed, address issues like the Continuum MSP partner hack is a necessity. If you can’t trust their responses – can you have a peace of mind knowing your most critical technology assets are managed and maintained by them?

Managed IT service providers need to persistently cultivate a culture of caution and vigilance amongst their employees. This itself massively reduces the risk of credential compromise. In addition to that, technology partners MUST enable multifactor authentication (MFA), which is now considered an industry-standard in all the latest IT domains. An MSP also needs to know the ins and outs of every platform, software, and service they support so they can ensure that their clients are covered from risks and exposures.

Here at Manhattan Tech Support, we practice what we preach. Our team follows best practices internally just as we recommend for our clients. We have a security department with experts on-site who meticulously scrutinize every single detail of our operations to make sure the entire organization is in line with the National Institute of Standards and Technology’s (NIST) cybersecurity and risk management framework. This experience and work culture – along with all the controls and safeguards we have put in place – have allowed us to fortify our own IT infrastructure, as well as our clients’ IT foundation – thereby mitigating risks and exposures to today’s most complex cyber threats.

What in the world is Multi-Factor Authentication (MFA), and why do I need it?

multi-factor-authentication_MFA_MTS

Don’t be intimidated by the sounds of this. In laymen’s terms, MFA is an additional layer of security to access critical IT resources. Historically, users would get logged into their IT resources by using a username (or email) and password. Access by this method alone is becoming obsolete in today’s dangerous and threatening cyber landscape weak passwords are one of the main reasons by which a data breach takes place. Multi-factor authentication is a powerful way to combat this threat by having end-users enter a password AND a pin code generated via text message OR authenticator app from Google or Microsoft – a code tethered to their own personal device. It’s virtually impossible for hackers to break into your network and servers via stolen credentials if you have MFA enabled because it is highly unlikely that they will have access to your phone and credentials at the same time.

Most MSPs desist from implementing MFAs for their clients because of the complexity and overhead involved. The daunting task to enable MFA into their critical IT infrastructure and then to train the clients to take advantage of it is an unsettling task for many technicians in the industry. From an inexperienced MSP’s point of view, training equates to time invested, which in turn seems like money “lost.” These MSPs also want to avoid the subsequent support tickets associated with any new implementations. They will cut corners to save on these costs, which dangerously expose your business to cybercriminals. Hence, they’re not a big fan of this arduous process, but this is where a healthy forward-thinking company culture kicks in and separates elite MSPs like Manhattan Tech Support from the rest.

What’s next for you?

Manhattan Tech Support has always deployed industry-leading solutions to ensure our clients’ safety in the cyberworld. We follow best-practices, and our stellar record speaks for itself – zero client hacks from day one till today. We encourage you to have a chat with your existing IT support partner today – and if for any reason, you’re not happy with their capabilities; we are here for you. Contact us today at 212-299-7673 or info@manhattantechsupport.com for more information.

Act now before it’s too late.

SEE MORE

Kaytuso – the cybersecurity & regulatory compliance division of ManhattanTechSupport.com LLC.

Exceed Digital – the custom software development and business intelligence solutions division of ManhattanTechSupport.com LLC

Related Articles

ManhattanTechSupport.com LLC Ranks No. 2619 on the 2019 Inc. 5000 With Three-Year Revenue Growth of 149 Percent

calendar September 11, 2019

author Manhattan Tech Support

Business Intelligence Cloud Services IT Consulting & Strategy Security Software Development Tech Support & Managed IT Services Telecommunications Construction Education Finance Healthcare Legal Real Estate

ManhattanTechSupport.com LLC Ranks No. 2619 on the 2019 Inc. 5000 With Three-Year Revenue Growth of 149 Percent

NEW YORK, September 3, 2019 – Inc. magazine today revealed that ManhattanTechSupport.com LLC is No. 2619 on its annual Inc. 5000 list, the most prestigious ranking of the nation’s fastest-growing private companies. The list represents a unique look at the

Read More
Paradigm Shift: Reasons You Should Consider IT & Tech Support as an Investment and Not an Expense for Your Business

calendar September 11, 2019

author Manhattan Tech Support

Cloud Services IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Real Estate

Paradigm Shift: Reasons You Should Consider IT & Tech Support as an Investment and Not an Expense for Your Business

Today, some businesses persist in seeing IT as a cost center. This attitude is rooted in the past, when the high price of hiring in-house IT staff paying for hourly support, combined with the expense of network infrastructure, put reliable

Read More
Ransomware Attack Rocks Rockville School District in Long Island. Who’s Next?

calendar September 4, 2019

author Manhattan Tech Support

IT Consulting & Strategy Security Tech Support & Managed IT Services Construction Education Finance Healthcare Real Estate

Ransomware Attack Rocks Rockville School District in Long Island. Who’s Next?

Headlines such as the ones above are sadly commonplace as we see them in the news all too often these days. Unfortunately, 2019 has seen an unprecedented level of ransomware attacks on state and local governments, public institutions and small

Read More