- Prevent initial compromise. For example, by improving the security of vulnerable devices, protecting internet-facing services, defending against brute force, password spraying and phishing attacks. These are obvious but it's important to have this as a baseline.
- Enable/improve monitoring and logging processes. CSA warns that it can be months before an organisation will spot an incident. So it is worth storing logs for at least 6 months.
- Enforce multi-factor authentication. These days, MFA should be automatic.
- Isolate critical business systems and restrict unnecessary access across the network. Again, another obvious one but often overlooked.
- Use a dedicated VPN.
- Disable user accounts when personnel transition. From a customer’s perspective, it should disable MSP accounts upon termination
- Apply updates on time. But customers need to be aware of compatibility issues often caused by updates.
- Back up systems and data on an automatic and continuous basis. This is particularly true for critical data and system configurations. Also, customers should ensure backups are stored in an easily retrievable location.
- Develop and exercise incident response and recovery plans.
- Understand and proactively manage supply chain risk. Customers should even understand the access their MSP has to their network and data.
- Clear responsibilities in the contract and a process by which the MSP notifies its customer of incidents.
- Manage account authentication and authorisation. Customers should restrict MSP accounts to systems managed by the MSP.
These are all practical recommendations that customers should address in their service level agreements with MSPs who look after on-premise or hosted solutions. These are also a good starting point for agreements with cloud service providers.
If you need advice, contact me firstname.lastname@example.org or +44 (0) 20 7611 2338.