Hackers target MSPs to infiltrate SMBs. Are you prepared?

Did you know that MSPs are being targeted by hackers more frequently? Breaching one of your administrator accounts will give attackers the perfect launching pad into your customer networks. Once they're in, they can orchestrate a ransomware attack across your clientele with ease.

It's bad enough to get a ransom note for your own laptop. Imagine receiving a ransom note for the hundreds or thousands of endpoints you are managing!

In this post we'll look at some best practices to protect your Microsoft 365 delegated admin account. After creating a new Microsoft 365 account or requesting a reseller relationship, you are now responsible for your customer tenant. Your employees with admin rights have access as well.

One of the things to look at in order to curtail this problem is reconsidering your company permissions management strategy. Are you still handing out administrator access like candy? Granting admin rights to each employee is not a smart decision, but it's still a very common scenario.

There are a lot of issues with this approach. Employees can accidentally change or delete critical configuration or data. Another common problem is leaking private or confidential data publicly. The biggest danger is that one of their devices gets hacked, handing over the keys to the kingdom.

As a CSP, your employees need access to your tenants and managed software all the time. This means your hands are tied, right?

There is always some risk involved but here are a couple of things you can do to improve this situation.

Create separate admin accounts

Instead of assigning global admin rights to the O365 account of each team member, create a separate admin account for only those that need it. You can easily create new admin accounts in the Admin Center.

This gives you a lot more flexibility over who gets access to what. It will prevent lockout if one team member might have lost access. And if the team member leaves the company, you only have one admin account to remove. No need to change passwords on the shared admin account.

Be sure to only assign the least permissive role required for that employee, choosing between Full Administration and Limited Administration roles.

Enable MFA

We are surprised to see that even today organisations are not enforcing multi-factor authentication. Microsoft confirms that MFA is the most effective and easiest solution to protect yourself against 99.9% of attacks. This is a no-brainer: enable MFA now!

Set up alert policies

You always want to keep tabs on what's happening inside your organisation. You can set up alert policies in the security and compliance center to notify you of any destructive or suspicious activity.

Four eyes principle

Good security starts with people. That's why it's equally important to educate your team. Make sure everybody is aware of the potential security pitfalls and the steps required to protect your customers. Most importantly, discuss and establish clear rules on how everything is handled in your organisation.

One of our favorite little rules is the Four Eyes Principle: determine a set of actions and activities that require at least two people to approve it. For example, if someone needs to delete a user mailbox, they should call in a colleague to verify that they are indeed deleting the right data.

Stay focused on what matters

Looking out for your customers and protecting your business is not an easy task. Operations and security requires your full attention.

Let us take some work off your plate and automate your license billing. That way we can help you stay focused on what matters most: taking care of your customers.

Focus on security & automate your billing 

You may also like: