Securing your MSP Business

I tried to start a conversation on a couple of the FB groups but nobody seemed interested. Then I saw Tom’s last video about MSP security so I thought I’d try here.

With MSP attacks growing exponentially I wonder if it wouldn’t be helpful to start a conversation on how you’re protecting yourself and your company from MSP hacks. I’m not just talking about good firewalls and passwords. I’m talking more about your security practices when using your RMM and other management portals both at your place of work and even while on the road? Session timeouts? Restricted IPs? 2FA? Etc.

Like Tom, I’m an SW shop so we have 2FA turned on as well as email verification if the RMM is used from an unknown IP address. We also have a session timeout set. I used to just leave my RMM up and running on my primary PC back at my shop but now that is subject to session timeout too.

Is there anything else you guys are doing to help prevent these MSP hacks? For example, do you exlusively use your laptop to access your portals while onsite? Or have you occasionally used a client PC to access your systems? Are there any tools you use to help with securing your own systems?

I realize that use cases can vary greatly but I think it would be a good exercise for all of us MSPs to have a dialog about what we’re doing to keep ourselves secure.

I’m trying to get a script working that triggers an urgent alert if an account logs in but that member of staff isn’t clocked into the time machine.

Just an extra check.

I signed up to this forum specifically to get further help on this. I watched his video regarding the targeting of MSP’s specifically them using Connectwise (Screen Connect). I am a one man IT consultant, very small, only like 10-15 regular clients, but I bought Screen Connect way back when it was cheaper, so I am grandfathered in and still get support. I have an on-premise setup. I am grateful for the videos already available, I am just freaking out cause I do have quite a few unattended access set up. Is there more I can do to lock it down?

-Server is a VM with RDP disabled, can only access via Host Server
-Behind Unifi Pro w/ IPS turned on and geo-IP filtering blocking countries that repeatedly attack
-I have 2 other users, all of us use either Google or Microsoft authenticator to log in

  • Server has Webroot Enterprise antivirus, (Server 2012 R2)
  • only open ports are 2 needed for Application to work
    -Besides default Windows Apps, Webroot, and Connectwise no other applications installed , and not used for anything else
  • passwords lockout after 3 failed attempts (is there a way to get an alert for this?)