You may not have read the Technical A18-276B Cybersecurity Alert issued by the National Cybersecurity and Communications Integration Center (NCCIC), but we did. That Alert identified MSPs (network support companies) as a key target of advance attackers, referred to as Advanced Persistent Threat (APT) Groups.
Gaining access to an MSP is a gold mine for APT Groups as they then can potentially infiltrate the networks of the MSP's clients. VISTECH has always ranked security as the highest concern, and we encourage our clients to do the same.
It's important to:
- Periodically review your security measures
- Update your business continuity plan to include steps to recover from a hack
- Provide training and direction to your employees to help them identify and report malware and phishing situations
- Communicate with your MSP to assure your network is secure.
Credential Management is likely your biggest concern.
Reduce the risk by:
- Using two-factor authentication
- Disable unnecessary or defunct accounts,
- Enforce strong passwords,
- Require changing passwords periodically,
- Avoid storing passwords in 'weak' locations (e.g., built-in browser password managers, on your computer in text files, etc.),
- Restrict access to confidential information (e.g., employee personal data), and contact VISTECH to make sure the bases are covered.