The Last Thing You Need is Your MSP Partner Getting Hacked

Is your MSP implementing the best IT industry practices they ask you (their customers) to follow?

August 7, 2019Manhattan Tech Support

IT Consulting & StrategySecurityTech Support & Managed IT ServicesConstructionEducationFinanceHealthcareLegalReal Estate

What happens when the managed IT services provider you trust to keep your IT infrastructure safe and secure gets hacked? What do you do when your network and servers are compromised in a secondary attack? Unfortunately, attacks on MSPs by local and foreign bad actors are becoming quite common, but there are certain steps only the most experienced and elite MSPs take that separate them from the rest.

MTS_Hackers_problem_MFA

What’s wrong?

Last week, Continuum, a renowned professional services automation (PSA) firm used by many MSPs nationwide, reported via email that one of its clients – an MSP – was breached by cybercriminals who stole its credentials, which were then used to disable antivirus on their clients’ machines and “run scripts to deploy ransomware at several end clients.” Continuum added that they believe this incident occurred most likely because of phishing, whereas an employee of the MSP unknowingly gave out their Continuum credentials to hackers.

What can you do as a company?

You can either say “should have, could have, would have” when it’s already too late OR take your MSP to account NOW. As a company, you must inquire about what your technology partner is doing to keep their business – and in turn, your business – safe. Never shy away from asking the tough questions.

  • Does your MSP have an internal security expert and/or team to make sure industry best practices are being followed and that their infrastructure – as well as yours – is well protected against cyber-attack?
  • Has your IT partner ever discussed multi-factor authentication with you? If not, do you know if they are using it themselves to help prevent disasters like the one above?
  • Does your MSP have a disaster and incident response plan and procedure in place for themselves and your business? What happens during outages or emergencies – or cyberattacks?

If your technology partner can’t answer these questions with authority – contact us and we will. Having a plan to mitigate, and, if needed, address issues like the Continuum MSP partner hack is a necessity. If you can’t trust their responses – can you have a peace of mind knowing your most critical technology assets are managed and maintained by them?

Managed IT service providers need to persistently cultivate a culture of caution and vigilance amongst their employees. This itself massively reduces the risk of credential compromise. In addition to that, technology partners MUST enable multifactor authentication (MFA), which is now considered an industry-standard in all the latest IT domains. An MSP also needs to know the ins and outs of every platform, software, and service they support so they can ensure that their clients are covered from risks and exposures.

Here at Manhattan Tech Support, we practice what we preach. Our team follows best practices internally just as we recommend for our clients. We have a security department with experts on-site who meticulously scrutinize every single detail of our operations to make sure the entire organization is in line with the National Institute of Standards and Technology’s (NIST) cybersecurity and risk management framework. This experience and work culture – along with all the controls and safeguards we have put in place – have allowed us to fortify our own IT infrastructure, as well as our clients’ IT foundation – thereby mitigating risks and exposures to today’s most complex cyber threats.

What in the world is Multi-Factor Authentication (MFA), and why do I need it?

multi-factor-authentication_MFA_MTS

Don’t be intimidated by the sounds of this. In laymen’s terms, MFA is an additional layer of security to access critical IT resources. Historically, users would get logged into their IT resources by using a username (or email) and password. Access by this method alone is becoming obsolete in today’s dangerous and threatening cyber landscape weak passwords are one of the main reasons by which a data breach takes place. Multi-factor authentication is a powerful way to combat this threat by having end-users enter a password AND a pin code generated via text message OR authenticator app from Google or Microsoft – a code tethered to their own personal device. It’s virtually impossible for hackers to break into your network and servers via stolen credentials if you have MFA enabled because it is highly unlikely that they will have access to your phone and credentials at the same time.

Most MSPs desist from implementing MFAs for their clients because of the complexity and overhead involved. The daunting task to enable MFA into their critical IT infrastructure and then to train the clients to take advantage of it is an unsettling task for many technicians in the industry. From an inexperienced MSP’s point of view, training equates to time invested, which in turn seems like money “lost.” These MSPs also want to avoid the subsequent support tickets associated with any new implementations. They will cut corners to save on these costs, which dangerously expose your business to cybercriminals. Hence, they’re not a big fan of this arduous process, but this is where a healthy forward-thinking company culture kicks in and separates elite MSPs like Manhattan Tech Support from the rest.

What’s next for you?

Manhattan Tech Support has always deployed industry-leading solutions to ensure our clients’ safety in the cyberworld. We follow best-practices, and our stellar record speaks for itself – zero client hacks from day one till today. We encourage you to have a chat with your existing IT support partner today – and if for any reason, you’re not happy with their capabilities; we are here for you. Contact us today at 212-299-7673 or for more information.

Act now before it’s too late.

SEE MORE

Kaytuso – the cybersecurity & regulatory compliance division of ManhattanTechSupport.com LLC.

Exceed Digital – the custom software development and business intelligence solutions division of ManhattanTechSupport.com LLC

Related Articles

Why Outsourced IT Help Desk is NOT a Risky Strategy

calendar October 31, 2019

author Manhattan Tech Support

Cloud Services IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Real Estate

Why Outsourced IT Help Desk is NOT a Risky Strategy

An IT help desk can boost productivity and ensure that your technology infrastructure stays functioning optimally. But, building an internal IT help desk team is an expensive, resource-intensive project that involves finding and hiring qualified desktop support technicians, training them

Read More
How Elite Managed IT Service Providers Price Their Offerings

calendar October 15, 2019

author Manhattan Tech Support

IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Real Estate

How Elite Managed IT Service Providers Price Their Offerings

There are several factors that separate elite IT managed service providers (MSPs) from average ones, like technical ability and a deep dedication to customer service. With its team of NYC-based engineers certified by leading technology vendors — as well as

Read More
5 Common Cybersecurity Myths That Endanger Small Businesses

calendar October 4, 2019

author Manhattan Tech Support

IT Consulting & Strategy Security Construction Education Finance Healthcare Legal Real Estate

5 Common Cybersecurity Myths That Endanger Small Businesses

Because it’s so complicated, cybersecurity is a difficult topic for small and midsized businesses to engage in. There are many things that go into good cybersecurity, like malware protection, network, and server security, application security, and the management of mobile

Read More