CYBERSECURITY

Recommendations for Enterprise Organizations

Posted 12.19.20 by
Carrie Kennedy
Blog

In a recent Secret Service Information Alert a warning is delivered that “The United States Secret Service is continuing to see an increase in the number of cyber related attacks involving compromised Managed Service Providers (MSP).”

The report continues “Cyber criminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks.” The Secret Service alert adds substance to the reality of 2020 cybercrime reports like 540M data breaches in the first half of 2020 and HHS reporting that, by August 2020, there were 298 healthcare data breaches totaling over 8.5M records. The Secret Service alert and the high levels of opportunistic cybercrime in this pandemic year suggest a need for MSPs to reexamine the security and compliance of services they provide and their customers to assure the services they purchase are backed by industry best security practices and, if required, a certified compliant Cloud environment.

Recommendations for the MSP

The Secret Service Global Investigative Operations Center (GIOC) provides excellent guidance for a review of best practices to help avert potential MSP based Cybercrime including:

  • Have a well-defined service level agreement
  • Ensure remote administration tools are patched and up to date
  • Enforce least privilege for access to resources
  • Have well defined security controls that comply with end user’s regulatory compliance
  • Perform annual data audits
  • Take into consideration local, state, and federal data compliance standards
  • Proactively conduct cyber training and education programs for employees

Adding to this list provided by the Secret Service, it is important for the MSP to reassure their security and data protection capabilities are well aligned to prevent attacks and recover systems, processes and data should an attack still occur.

Recommendations for the MSP Customer

The GIOC also provides MSP customer recommendations:

  • Audit Service Level Agreements
  • Audit remote administration tools being utilized in your environment
  • Enforce two-factor authentication for all remote logins
  • Restrict administrative access during remote logins
  • Enforce least privilege for access to resources
  • Utilize a secure network and system infrastructure, capable of meeting current security requirements
  • Proactively conduct cyber training and education programs for employees

Many of these recommendations are explained in-depth in an earlier Otava article related to Tackling the Rising Costs of Cybercrime. There is also a pertinent discussion of security and technical considerations provided in the recent Otava blog: Best Practices for the Remote Worker.

 A Final Word For the MSP

 Assure that all of your Cloud Solutions are backed by services from a certified compliant CSP that also offers “industry best” design, security, service, business continuity/backup and operational assurance. As Brad Cheedle, CEO of Otava is quoted in a recent interview about partnering to provide new compliant cloud services with an important MSP partner “By joining forces, we are making it easier and faster for companies to obtain fully managed digital applications that are secure and compliant end to end — starting at the application layer and all the way through our hosted infrastructure.

 Additional Information

Tools to Assist Security, Compliance and Improved Cloud Economics

The speed of change and adaptation in today’s IT arena is highly exacerbated by the buildout of hybrid and multi-cloud networks. The adoption of SaaS as a supplemental or even primary source of application and information management adds even more layers of complexity and security concerns.

Ransomware attacks up in 2020: How to protect yourself

What is ransomware and how do you protect against it?

Video:  Ransomware preparedness with Otava, Veeam and MSPs: Our panel covered many topics in a roundtable-style discussion, starting first by reviewing the main strains of ransomware prevalent in the industry today, and what they’re seeing in terms of risk mitigation.

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.