Hackers are attacking MSPs. Here’s what we’re doing about it.

Hacker taking data from a business person
If you’ve been reading the news lately, you know that more than 20 Texas municipalities were recently infiltrated by hackers demanding, collectively, a $2.5 million ransom causing some of these entities to temporarily cease all operations and pay the demanded ransom. Investigators have identified that the single hacker gained access to the various networks through the remote access software used by a Managed Service Provide (MSP). Most, if not all, MSPs use remote access software to remotely access their clients’ networks and computers to push out new patches and updates, install applications, and apply fixes. This is just the latest of many attacks where hackers exploited an MSP to gain access to their victims. Last October, the National Cybersecurity and Communications Integration Center (NCCIC) issued an alert recognizing that there is an “ongoing attempt to infiltrate the networks of global managed service providers.” As an MSP, RESULTS takes the cybersecurity of our clients very seriously. We want to assure our clients that we have stringent controls and procedures in place to ensure that RESULTS and our vendor partners will not be the source of any potential security breach. Some of our cybersecurity tools include:
  • Strong Security Controls and practices.  RESULTS has implemented a strong set of IT Security Policies and Practices to ensure that access to client data and systems are rigidly controlled.  RESULTS undergoes an external SSAE 18 SOC 2 Type 2 audit (last completed November, 2017) to demonstrate that “RESULTS’ service commitments and system requirements were “achieved based on the trust service criteria relevant to security and availability (applicable trust service criteria) set forth in TSP section 100A, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (2016).  A copy of this report is available to all RESULTS clients on request.
  • Credential Management. RESULTS uses strong authentication practices on all internal systems and systems used to manage or access client networks.
    1. Strong Password management. System passwords and user names follow guidelines for “strong” policies. Passwords are changed on a regular basis and user accounts of past employees are immediately disabled. RESULTS is currently completing the roll-out of a password management system that removes the use of non-expiring network management passwords on client systems.
    2. Least Permissions Principal. RESULTS follows the practice of “least permissions” in allowing access to internal and client systems. Least permissions allows access only to those systems, clients and resources necessary for performing daily duties.
    3. Two-factor authentication. RESULTS has implemented two-factor authentication (sending an authentication code to a designated device) for access to any internet managed system. Access to RESULTS management portals require private VPN access.
  • Physical Controls. RESULTS has all client management servers, and client hosted servers located in an SSAE18 audited data suite. Access to the facility requires the use of electronic keys and access to the data suite itself uses facial recognition to permit entry.
  • Vendor Management. RESULTS thoroughly vets all third party vendors (subservice organizations) used for providing our managed services (email, email security, off-site backup, mobile device management, remote access). We require that all vendors provide current SOC audit reports, security audits and evidence of financial security.
  • Cyberliability Insurance. In addition to standard business liability insurance, RESULTS carries additional Cyberliability insurance to cover a potential breach.
  • Internal Audit and review. RESULTS conducts a regular internal audit and review to ensure that all management systems are healthy, all security systems are active and any issues of concern are addressed.
    1. Monthly Proactive Health Review. RESULTS produces the same monthly Proactive Health Report internally that we provide to our managed service clients. We review the areas of Business Continuity, Patching, Antivirus/AntiMalware, Internet Security and System Health and immediately correct any issues that fall outside of specified parameters. All firewall reports, IDS and IPS incidents are reviewed and mitigated. External scans are completed quarterly to assure that there are no vulnerabilities visible from the outside world.
  • Security Incident and Event Management (SIEM). RESULTS has implemented a SIEM in our management datacenter. The SIEM gathers detailed logs from servers, firewalls and network devices, aggregates and analyzes the information to identify any potential attack or infiltration. Any cases generated by the SIEM is immediately investigated and remediated as necessary.
If you are currently using another MSP for your IT services, we encourage you to ask them what they are doing to make sure you are not the next victim of ransomware. The incident in Texas wasn’t the first, and it won’t be the last. Breaches have risen 54% this year compared to 2018, surpassing 2016 as the worst year on record. Don’t become the next headline… make sure you are prepared. If you have any questions or concerns about our cybersecurity or your company’s cybersecurity, please contact us.