For managed services providers (MSPs) everywhere, remote monitoring and management (RMM) software is a key tool in the arsenal to run your everyday business. Through RMM, you can manage customer environments from afar, keep devices up to date, fix any issues or problems that might arise, track documentation for reporting, and more.
While RMM software can help increase efficiency and productivity, it can also be used for malicious purposes such as unauthorized access and data theft. Over the past year, we have seen several examples of where RMM tools have been used as a tool to compromise not only the MSP but also your customer environments. In October 2022, for example, legitimate RMM software was used in a campaign compromising multiple federal civilian executive branch networks.
As incidents have continued to rise leveraging RMM tools as a vehicle for a cyberattack, the Cybersecurity and Infrastructure Security Agency (CISA) — one of the foremost authorities when it comes to cybersecurity in the nation — has put out recommendations and guidance on how MSPs can better protect themselves from this type of attack, as well as protect your customers.
Here are five recommendations from CISA on steps to take today to mitigate this new risk:
While you may need high-privilege access through RMM to successfully manage and monitor customer environments, there are limitations an MSP can put in place to help limit the potential risk. MSPs should limit access to RMM software to authorized personnel and restrict access to sensitive data and systems. This can be done through authentication mechanisms such as multi-factor authentication, biometric authentication, or IP restrictions.
Keep software up to date.
MSPs always tell customers how important it is to keep software up to date, and RMM software is no exception. You should regularly update RMM software to ensure it is free from known vulnerabilities, and this will also ensure that new features and functionalities are available to enhance security.
Train employees on the proper use of RMM software and how to detect and respond to malicious activity. Regular security awareness training can help prevent accidental or intentional malicious use of RMM software.
Implement security measures.
It would help if you also covered your bases on all the basic cybersecurity protections, including encryption, firewalls, and intrusion detection systems to protect against unauthorized access and data theft. These measures will help protect sensitive information and systems even if malicious use of RMM software is attempted.
As an MSP, you are your customer’s most trusted advisor when it comes to technology — and especially when it comes to cybersecurity. While RMM is a valuable tool to help support customers across all of these essential areas and provide value, it is also important to ensure that you use the tool responsibly. By following the recommendations from CISA, organizations can ensure that their RMM software is used securely and responsibly.