Global Cybersecurity Authorities Issue Guidelines for MSPs and Customers


Global Cybersecurity Authorities Issue Guidelines for MSPs and Customers

By Laura Stotler

A new advisory from the cybersecurity authorities of the US, UK, Canada, Australia and New Zealand warns of an increase in malicious attacks against MSPs and their customers. The countries worked together on a joint Cybersecurity Advisory offering actions that service providers and customers may take to reduce their chances of becoming victimized.

The new advisory provides guidelines and best practices for information and communications (ICT) services and functions to facilitate important discussions between MSPs and their customers with the goal of securing sensitive data. The joint cybersecurity authorities recommend MSPs and their customers implement the security measures and operational controls outlined in the advisory and also recommend customers ensure their contracts specify that their MSP implements the measures.

The guidelines recommend MSPs prevent initial compromise of their infrastructure by improving the security of vulnerable devices and protecting internet-facing services. They should also defend against brute force and password spraying as well as defend against phishing.

The next recommendation is that MSPs enable or improve their monitoring and logging processes by storing important logs for at least six months. Organizations should also implement endpoint detection and network defense monitoring capabilities, either on their own or through an arrangement with their MSP. Organizations should also enforce multi-factor authentication (MFA) and secure remote access applications to harden their overall infrastructure.

Other recommendations include managing internal architecture risks as well as segregating internal networks. Organizations can identify, group and isolate their critical business systems and apply the appropriate network security controls to reduce the impact should they become compromised. Companies can also apply the principle of least privilege throughout their network environments and immediately update privileges when changes in administrative roles occur.

Another recommended measure includes addressing obsolete accounts and infrastructure like disabling users accounts during periods of personnel transition. Applying updates to software, operating systems, applications and firmware can also go a long way toward protecting an organization. Of course, backing up systems and data on a regular basis and storing backups separately and isolating them from network connections can prevent the spread of ransomware.

Additional recommendations include developing and exercising incident response and recovery plans while also maintaining up-to-date hard copies of those plans. Organizations should also understand and proactively manage supply chain risk across security, legal and procurement groups as well as use risk assessments to identify and prioritize resource allocation.

Finally, organizations are encouraged to promote transparency by clearly defining contractual responsibilities for both MSPs and customers. And proper account authentication and authorization management is also critical for pinpointing and preventing malicious activity.

For the latest information about the MSP cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.

Edited by Erik Linask

MSPToday Contributing Editor

Related Articles

Zero Trust Security Adoption Rises

By: Greg Tavarez    7/5/2022

Thirty-five percent of WAN managers implemented one or more elements of zero trust security and SASE in 2021.

Read More

Tech Teams' New Priorities Engage MSPs

By: Greg Tavarez    7/1/2022

Fifty-two percent of organizations are focused on infrastructure modernization, and tech teams are engaging MSPs to help them achieve business goals.

Read More

Taking Email Signatures to the Next Level

By: Arti Loftus    7/1/2022

Pax8, a global cloud commerce marketplace, announced a global agreement with email signature management firm, Exclaimer Group

Read More

TP-Link Introduces Omada Solution for Multi-Dwelling Units

By: Greg Tavarez    6/28/2022

Private pre-shared Wi-Fi keys will offer MSPs and easy way to provide connectivity to multi-dwelling units with an easy-to-deploy authentication metho…

Read More

Will MSPs Be Successful in 2022?

By: Greg Tavarez    6/28/2022

MSPs, during this time of digital transformation, are offering businesses, especially small- and medium-sized businesses, 24/7 tech support.

Read More