iVenture : 20 Years of Business Friendly IT

Can Your MSP Protect You if It Can’t Protect Itself?

Earlier this month an attack happened that every managed service…

Earlier this month an attack happened that every managed service provider (MSP) dreads. One that was serious enough the Department of Homeland Security put out a notice. Hackers attacked an MSP’s business management tool, Connectwise, and locked all systems managed by the MSP, including connected client systems. This resulted in all clients being blocked from their own systems and servers.

Through this ransomware attack, more than 1,000 client systems were locked and inaccessible until a ransom was paid. In this case, the ransom required was $2.6 million.


How Did This Happen?

A simple case of broken process. The MSP didn’t apply a security patch that would have prevented this entire event.

In 2017, Connectwise found that its plugin for Kaseya, a remote management tool, had a security flaw. This vulnerability allowed Kaseya servers to be manipulated without first proving identification. With this discovery, Connectwise released a patch to fix the vulnerability and protect against hacking attempts.

It appears the affected MSP did not update the patch when it first became available in 2017, leaving itself and all its clients vulnerable to attack for years.

What Should Have Happened

Following time-tested security protocols would have prevented this attack. At iVenture, we adhere to a culture of security. This means a company-wide duty to treating our client information as the most valuable asset we have. It means baseline security is not an option for our clients, it’s a requirement.

This intentional mindset influences how we recruit, how we train and how we audit our team and company. And it starts with dedication to a highly-defined process and adherence to best practices.

Is Your MSP Doing the Right Thing?

If they undergo a regular external security audit like we do, they’re on the right track. Every year, we complete the SSAE 18/SOC 1 Type II audit to ensure we meet the strictest security standards. SSAE 18 compliance means we’ve met these benchmarks and have the necessary processes in place to protect your information. We don’t undergo this six-month audit because it’s easy, we do it because it’s necessary.

To us, prevention is just as important as detection. On average, MSPs face over 1,000 hacking attempts every day. That, alone, is cause to do the right thing. And it’s why we work proactively to defend against cyber attacks and resolve them if they do occur. Here’s some of what we do to combat hackers:Compliance Concept. Word on Folder Register of Card Index. Selective Focus.

  • Patching
  • Monitoring
  • Data Securing
  • Regular Compliance Auditing
  • Anti-virus Protection
  • Anti-spam Protection
  • Web Filtering
What To Learn From This

What happened to that MSP is a lesson to all businesses and the IT providers that serve them. Never take your MSP’s word at face value. It’s important to ask:

bind-blank-business-3024231. What does their security culture and strategy look like?

2. Do they engage in a regular third-party security audit?

3. Can they show (not just tell) how they intend to keep your data safe?

If your IT provider is unable to clearly demonstrate how they protect your business, it’s safe to assume they can’t. We will. Let us show you a better way with business-friendly IT.

iVenture Solutions, Inc. is an award-winning managed service provider delivering superior IT solutions to clients across Florida. As a leading-edge IT firm for small and medium-sized businesses, we provide a diverse range of services covering the entire scope of IT including maintenance, support, hosting and more. Through rapid response time, reduction of chaos and the right people, our expert team of IT professionals will fulfill your technology needs. At iVenture, we give you more time to do what matters most.

New call-to-action

Back to Blog

Recommended For You

Latest Article

PRESS RELEASE: iVenture Solutions Forms Strategic Partnership With Gwanda

Gwanda clients will get more in-depth services and iVenture will add 22 experienced IT professionals as the two Florida IT service and solution firms form strategic partnership.

ransomware attack on broward county schools

A $40 Million Eye-Opener: Ransomware Attack on Broward County Schools

Broward County School District was hit with a $40 million ransomware attack. This is an eye-opener for all schools on how to prevent the same situation.

Mobile Banking Malware: What to Know & What to Do

Mobile banking malware is on the rise. According to international…

Expert Takes: Cybersecurity Tips for Your Business

Although October is the nationally designated month for…