The Last Thing You Need is Your MSP Partner Getting Hacked

Is your MSP implementing the best IT industry practices they ask you (their customers) to follow?

August 7, 2019Manhattan Tech Support

IT Consulting & StrategySecurityTech Support & Managed IT ServicesConstructionEducationFinanceHealthcareLegalReal Estate

What happens when the managed IT services provider you trust to keep your IT infrastructure safe and secure gets hacked? What do you do when your network and servers are compromised in a secondary attack? Unfortunately, attacks on MSPs by local and foreign bad actors are becoming quite common, but there are certain steps only the most experienced and elite MSPs take that separate them from the rest.


What’s wrong?

Last week, Continuum, a renowned professional services automation (PSA) firm used by many MSPs nationwide, reported via email that one of its clients – an MSP – was breached by cybercriminals who stole its credentials, which were then used to disable antivirus on their clients’ machines and “run scripts to deploy ransomware at several end clients.” Continuum added that they believe this incident occurred most likely because of phishing, whereas an employee of the MSP unknowingly gave out their Continuum credentials to hackers.

What can you do as a company?

You can either say “should have, could have, would have” when it’s already too late OR take your MSP to account NOW. As a company, you must inquire about what your technology partner is doing to keep their business – and in turn, your business – safe. Never shy away from asking the tough questions.

  • Does your MSP have an internal security expert and/or team to make sure industry best practices are being followed and that their infrastructure – as well as yours – is well protected against cyber-attack?
  • Has your IT partner ever discussed multi-factor authentication with you? If not, do you know if they are using it themselves to help prevent disasters like the one above?
  • Does your MSP have a disaster and incident response plan and procedure in place for themselves and your business? What happens during outages or emergencies – or cyberattacks?

If your technology partner can’t answer these questions with authority – contact us and we will. Having a plan to mitigate, and, if needed, address issues like the Continuum MSP partner hack is a necessity. If you can’t trust their responses – can you have a peace of mind knowing your most critical technology assets are managed and maintained by them?

Managed IT service providers need to persistently cultivate a culture of caution and vigilance amongst their employees. This itself massively reduces the risk of credential compromise. In addition to that, technology partners MUST enable multifactor authentication (MFA), which is now considered an industry-standard in all the latest IT domains. An MSP also needs to know the ins and outs of every platform, software, and service they support so they can ensure that their clients are covered from risks and exposures.

Here at Manhattan Tech Support, we practice what we preach. Our team follows best practices internally just as we recommend for our clients. We have a security department with experts on-site who meticulously scrutinize every single detail of our operations to make sure the entire organization is in line with the National Institute of Standards and Technology’s (NIST) cybersecurity and risk management framework. This experience and work culture – along with all the controls and safeguards we have put in place – have allowed us to fortify our own IT infrastructure, as well as our clients’ IT foundation – thereby mitigating risks and exposures to today’s most complex cyber threats.

What in the world is Multi-Factor Authentication (MFA), and why do I need it?


Don’t be intimidated by the sounds of this. In laymen’s terms, MFA is an additional layer of security to access critical IT resources. Historically, users would get logged into their IT resources by using a username (or email) and password. Access by this method alone is becoming obsolete in today’s dangerous and threatening cyber landscape weak passwords are one of the main reasons by which a data breach takes place. Multi-factor authentication is a powerful way to combat this threat by having end-users enter a password AND a pin code generated via text message OR authenticator app from Google or Microsoft – a code tethered to their own personal device. It’s virtually impossible for hackers to break into your network and servers via stolen credentials if you have MFA enabled because it is highly unlikely that they will have access to your phone and credentials at the same time.

Most MSPs desist from implementing MFAs for their clients because of the complexity and overhead involved. The daunting task to enable MFA into their critical IT infrastructure and then to train the clients to take advantage of it is an unsettling task for many technicians in the industry. From an inexperienced MSP’s point of view, training equates to time invested, which in turn seems like money “lost.” These MSPs also want to avoid the subsequent support tickets associated with any new implementations. They will cut corners to save on these costs, which dangerously expose your business to cybercriminals. Hence, they’re not a big fan of this arduous process, but this is where a healthy forward-thinking company culture kicks in and separates elite MSPs like Manhattan Tech Support from the rest.

What’s next for you?

Manhattan Tech Support has always deployed industry-leading solutions to ensure our clients’ safety in the cyberworld. We follow best-practices, and our stellar record speaks for itself – zero client hacks from day one till today. We encourage you to have a chat with your existing IT support partner today – and if for any reason, you’re not happy with their capabilities; we are here for you. Contact us today at 212-299-7673 or for more information.

Act now before it’s too late.


Kaytuso – the cybersecurity & regulatory compliance division of LLC.

Exceed Digital – the custom software development and business intelligence solutions division of LLC

Related Articles LLC Ranks 87 on the 2019 CRN Fast Growth 150 List

calendar August 13, 2019

author Manhattan Tech Support

Business Intelligence Cloud Services IT Consulting & Strategy Software Development Tech Support & Managed IT Services Telecommunications Construction Education Finance Healthcare Legal Real Estate LLC Ranks 87 on the 2019 CRN Fast Growth 150 List

NEW YORK (PRWEB) AUGUST 13, 2019 LLC, the leading IT support and services company in New York City, announced that CRN®, a brand of The Channel Company®, has named LLC to its 2019 Fast Growth 150 list. The

Read More
The Manhattan Tech Support Guide to Microsoft Office 365 – Part 2

calendar July 23, 2019

author Manhattan Tech Support

Cloud Services IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Real Estate

The Manhattan Tech Support Guide to Microsoft Office 365 – Part 2

While there are now over 155 million individuals using the latest version of Microsoft Office 365, there are many others that are unsure about the true benefits that the software provides, or even exactly how cloud computing can help their

Read More
How to Create an Optimal Data Storage Infrastructure

calendar July 22, 2019

author Manhattan Tech Support

Cloud Services IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Real Estate

How to Create an Optimal Data Storage Infrastructure

Technologies like the Internet of Things (IoT), mobile technology, data analytics, and others are creating a radical increase in business data volumes. Some studies, like this one from IDG, show the volume of recorded data increasing as much as 30%

Read More