Cybersecurity: MSP Best Practices To Mitigate Ransomware Attacks

MSP Best Practices to Mitigate Ransomware Attacks


Just like the transmission of the novel coronavirus itself, one compromised MSP network can spread vulnerability like a firestorm, deploying ransomware to numerous businesses and infecting hundreds of thousands of endpoints instantly.

In the blink of an eye, an MSP’s reputation and financial health can be damaged irreparably. What can be done?

The Target on MSPs’ Backs

In 2018, the Department of Homeland Security issued an alert stating that Advanced Persistent Threat actors have been targeting MSPs since May 2016.

Managed service providers seem to be a naturally low-hanging fruit for ransomware attackers because:

  • More companies are using MSPs than ever before;
  • MSPs have direct and unrestricted access to customer networks;
  • A compromise in one part of an MSP’s network can spread globally to all of its customers;
  • With its reputation on the line and entire customer base possibly affected, an MSP may be more willing and likely to pay the ransom; and
  • Many MSPs have only a handful of employees serving a growing list of customers, leaving no time to maintain the cybersecurity practices needed to thwart attacks.

For all these reasons, MSPs often prove an easier target than more secure, larger corporations, with the potential for just as handsome of a reward.

Mitigate Ransomware Risk with 12 Security Best Practices

Despite this perfect storm of vulnerabilities, your MSP doesn’t have to be the next ransomware victim in the headlines. Following cybersecurity best practices will help safeguard your customers’ data and keep your MSP protected. Here are just a few of the many security steps MSPs should consider taking:

1. Activate and Enforce Multi-Factor Authentication (MFA). With cybercriminals becoming more skilled at accessing credentials, it’s imperative to have MFA enabled for all users. Additionally, a privilege access management (PAM) process can help minimize lateral movement and damage done if a bad actor does permeate your system.

  • Tip: Effortlessly monitor MFA settings across customer environments and get alerted when settings change with Liongard Roar.

2.     Restrict Network Access. Limit employee access rights to only what they need to perform their jobs, and regularly audit those permissions. In addition to enabling MFA, passwords should meet strong requirements, be updated regularly and never be recycled.

  • Tip: With automated documentation providing up-to-date data, Liongard enables continuous visibility of privileged accounts by system for customers and MSP staff with ease. By limiting access to least privileges for MSP staff, you greatly reduce the potential impact and risk to your customers in the event of an incident.

3.     Prioritize Patching. When a vendor releases an update to fix a vulnerability in their software, install that patch immediately—before it’s too late.

  • Tip: You can monitor systems with Liongard and send alerts if software patch versions do not match what is intended.

4.     Secure Endpoints. Malicious emails still account for many ransomware attacks, so make sure to employ email authentication and web filtering tools as well as antivirus software. More importantly, ensure that every endpoint is protected, and virus definition libraries are up to date.

5.     Set Alerts. When you properly configure your systems so that you receive alerts when settings are changed, you’re able to operate proactively and stay ahead of threats.

  • Tip: Liongard’s Custom Actionable Alerts can notify you about almost anything. Simply create a rules template, apply it to environments, and get tickets sent directly to your PSA. No more manually digging for answers, instead you can start digging in.

6.     Use Off-site Backup. If an attacker has compromised an MSP’s RMM software, it probably also has access to the MSP’s backups. That’s why, in addition to two separate backups on-site, you should also have a third, off-site (and, preferably, offline) backup that only a few key people have access to for enhanced security.

7.     Document, Revisit, Repeat. Make sure you have a system where you store your data protection and cybersecurity processes, disaster recovery plans and other emergency guidelines, and review them with your team on a regular basis.

8.     Stay Informed. Sign up for security alerts issued by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

9.     Protect Yourself. Following the NIST Cybersecurity Framework and implementing CIS Controls help minimize risk in your MSP, so you can help your customers do the same.

  • Tip: Liongard adheres to the NIST framework to better protect you and your customers, and many of our alerts support the implementation of CIS Controls.

10.  Educate Your Team and End-users. Training your team and your customers to avoid and detect cyber threats can go a long way in mitigating ransomware attacks. Further, encourage users to share information of detected social engineering and electronic cyber threats with colleagues to increase awareness. Avoid shunning victims as it may lead them to obscure details that can help mitigate future ones.

11.  Fill in Gaps with an MSP. You may not be able to handle all the security services necessary for your customers, and that’s ok. Partner with an experienced MSSP to provide a unified security front that you, and your customers, can trust.

  • Tip: Liongard’s unified visibility helps both MSPs and MSSPs build a strong security foundation.

12.  Choose Software Carefully. From potential harmless browser plugins to full-blown business systems, ensure your vendors take cybersecurity and data protection as seriously as you do. Before signing on the dotted line, learn about each company’s commitment to data security and privacy.


High Stakes for MSPs

With cyber threats coming at MSPs from all directions, security best practices must be prioritized on a daily basis. On the upside, the MSPs that can successfully thwart attacks will gain a competitive edge in this growing industry. You might even consider expanding and building an MSSP to complement your MSP services. Better yet, ensure that every offering you provide comes standard with a strong security foundation that includes continuous monitoring and alerting. With Liongard running in the background and proactively alerting you to security risks and critical changes, you’ll be able to remain vigilant in guarding against ransomware.

For more ways Liongard helps keep your data and privacy secure, visit our Trust Center.

Get a Personalized Demo of Liongard.

MSPs, Cybersecurity

Get The Latest Insights Delivered To Your Inbox

Liongard needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. To review our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.