Cloud and On-Premises Data Backup: Five Best Practices for MSPs -

When the Cybersecurity and Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory (CSA) for MSPs in May 2022, the detailed alert described how MSPs and MSSPs could more effectively secure and protect their software supply chains.

Dig a little deeper, and the advisory included these five backup and disaster recovery (BDR) best practices for MSPs and their end-customers:

Organizations should regularly update and test backups—including “gold images” of critical systems in the event these need to be rebuilt.

MSPs should regularly backup internal data as well as customer data (where contractually appropriate) and maintain offline backups encrypted with separate, offline encryption keys.

Providers should encourage customers to create secure, offsite backups and exercise recovery capabilities.

Customers should ensure that their contractual arrangements include backup services that meet their resilience and disaster recovery requirements.

Specifically, customers should require their MSP to implement a backup solution that automatically and continuously backs up critical data and system configurations and store backups in an easily retrievable location, e.g., a cloud-based solution or a location that is air-gapped from the organizational network.

FBI, CISA: Repeated Security Warnings to MSPs

MSPs have received multiple FBI and CISA warnings in recent years — many of which have described how hackers are targeting MSPs.

The fallout of MSP-oriented cyberattacks can be massive. Indeed, a cyberattack on a single MSP or MSSP could wreak some $80 billion in economic losses across hundreds of small businesses, according to a 2021 report issued by Foundation for Defense of Democracies’ (FDD’s) Center on Cyber and Technology Innovation (CCTI) and Intangic.