The number one rule that MSPs and CSPs need to follow is, “Practice what you preach”. You may have done a great job by ensuring your clients’ security but what if you failed to ensure that your team follows the same guidelines? You are the bridge in-between.

Written by guest contributor Edward van Biljon,

As an MSP/CSP, you know all too well what data is kept on systems that you; manage or who has access to credentials, or who are the global admins on tenants.

Never send sensitive information or passwords over email.

If an email account is compromised, an attacker will monitor the account and will have access to those systems that you send the username/password details for.

An example of this might be that your CFO asks you to save the banking information in a text file on the File server and to send him the details so that he can access it without having to remember the details.

Lastpass is one of the applications that allow you to securely save usernames and passwords to websites and also share it securely with certain individuals. This way if anyone with elevated privileges logged onto the file server mentioned, they will not see the text file. If an email account has been compromised, the hackers are generally watching and seeing what is going over email to get a better understanding of the environment.

Put monitoring tools in place to keep an eye on traffic and access.

There are tools out there, like CyberHawk, that can log tickets detailing who is accessing the systems or who changed something. IT admins feel that you are watching them with tools like this but this is not the case, this is to monitor activity in the environment. CyberHawk is a server that you deploy in your environment from RapidFireTools and with this tool once it has been set up according to their guidelines, gives you the ability to run scans on the networks and report on things like Credit Card information that is freely available to access or accounts that are logging onto servers and this will provide you with more visibility as to what users/admins are logging onto servers.

You also have the ability to monitor for accounts that are added to groups that are elevated like Domain or Enterprise Admins. Accounts with high privileges like this can do anything in the environment like delete objects in the Active directory or change the domain or delete DNS as an example.

Remove email attachment-based threats with FileWall.

FileWall is an excellent, user-friendly, and cost-effective way to boost the effectiveness of EOP and Defender (formerly ATP).

Attacks happen on appliances like firewalls or switches as attackers look for vulnerabilities like well-known ports that are open. An example of this is Port 80. Change the Port number to something like 8080 or to something else. Closing down known ports that pose a threat to yourself will have a knock-on effect because you will apply the same change to your clients’ environment and they will be safe.

Limit access to admin accounts and to who has access to the master password in the financial application that you use, such as QuickBooks or Pastel.

The secretary does not need to know the Master Password to these applications and should have their own account with limited rights to what they can access.  If you are dealing with customers that process financial information, rather appoint 2 or 3 seniors and only allow them access, not only to your own systems but to customers as well. Lastpass, mentioned here also has the ability to hide passwords so you cannot see what it is. You can also copy the password and paste it in the password field for an application or website but you cannot see what you pasted anywhere else.

The policies that you have defined in your own environment that has been tested and is in use should be rolled out to your customers as well. An example of this is hiding the last logged on user on a machine, this ensures that an attacker does not know what account they can target in an attack on the machine.

Patching should be one of the top priorities for an Admin in a company. This is not only Windows that needs patching but software that end-users make use of like Financial applications but also hardware patching.

The hardware we are referring to are your routers, switches, cores and any other equipment you have in your environment. For example, Cisco releases patches to their equipment because a vulnerability has been identified. Cisco has made it easier for an admin in a sense they can test the CISCO ISO software and this is called the Cisco Software Checker which can be found here.

Vulnerabilities do not stop at software; this includes the passwords on all these devices. As a standard, you should upgrade any equipment to the most stable version and change the passwords and store these passwords in a vault. Attackers will dictionary attacks of well-known passwords to try and get into this hardware.


For more by Edward van Biljon click here.