Ruthie Toce
September 14, 2020
To help you uncover any gaps in the management and security of your IT infrastructure, we've come up with 5 questions you should ask your MSP to kickstart a discussion and find out if your IT provider has your company completely covered.
1. How are our backups segregated from the rest of the network?
Ransomware attackers are getting smarter; they have figured out if their attack target has readily available backups to restore from, in which case they would likely not get paid. Thus, the attackers will often gain access to your IT systems before executing their ransomware payload, and they will delete all of the data backups they can find. Or, they may just target the backups in their ransomware data encryption attack. If successful, the attackers will have successfully sunk your battleship, and they will have taken the lifeboats with them when they left!
2. Do we have a password policy enforced requiring a complex password?
Brute force and dictionary attacks are attacks on your computer systems which try to guess the correct password for a user and gain access to your computer systems with a legitimate username and password. This type of attack is extremely common and frighteningly successful. A simple way to thwart this kind of attack is to establish a password policy in your organization that requires a certain level of complexity. As an example, a simple password of “Password321” can be hacked in less than 2 minutes. Conversely, a complex, yet simple to remember password such as “rOMEO&jULIET*” would take nearly a century to hack.
PRO TIP: In addition to requiring complex passwords, ask your MSP to implement Multi-Factor Authentication (MFA) on all resources open to remote access (such as VPN, RDP, Office 365, Webmail, etc).
3. Do we have Remote Desktop Protocol (RDP) open to the public? This one is worth a double-check.
Time and time again, cybersecurity incidents stem from having public-facing RDP connections. These connections, when public-facing without additional security (such as RDWeb or MFA gateways) can be extremely vulnerable to attack. This is the single most common attack vector we see amongst small and mid-sized companies. Further, in the incident response community, it is a well-known fact many MSP teams suffer from a false sense of security. This part of your security posture is one that is easy to get wrong. So… maybe ask this question, then ask your MSP to check again.
4. Are we performing any kind of threat hunting or detection?
Think about this number for a minute: 206 days. This is the average number of days (according to a 2019 IBM study) in which a threat will “live” in your IT environment before launching an attack or being detected. This is a sobering thought.
How do you stop this? Active threat detection (often called Managed Detection and Response, MDR, or Threat-hunting) is an increasingly common tool used to detect threats and threat-like activity in an IT environment. MDR prevents this extreme delay in threat detection. Not too long ago, this technology was cost-prohibitive for small and mid-market companies, however, advancements in this technology have largely eliminated this cost barrier and have made this advanced technology accessible to smaller companies at an easy to manage, per-user, per-month fee.
5. Do you have cyber insurance?
This is a question you should not only ask your MSP, but you should also ask your insurance broker. It is often stated in the cybersecurity industry, “It is not if, but when,” and even the best-laid defenses can be found lacking. After all, it is the attacker’s job to stay ahead of your cyber defenses, and there is a real possibility they could succeed. To recover, you might need the expertise of the insurance provider’s incident response firm and legal counsel. Without these valuable resources, you could be left without much recourse. One of the many reasons you want your MSP to have cybersecurity is in the case that they are attacked. If your MSP is successfully attacked, this attack could come downstream and negatively impact your IT systems. It’s worth a conversation to ensure your MSP has a great security posture that includes cyber insurance.
We hope this has been a useful discussion guide and has provided some good food for thought about questions you should ask your MSP.
If you read this article and realized your IT provider might not have all your bases covered, we would be happy to set up a time to talk about how you currently manage IT to see if Velo IT Group might be a good fit for your business.