This joint Cybersecurity Advisory (CSA) provides actions MSPs and their customers can take to reduce their risk of falling victim to a cyber intrusion. This advisory describes cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data
Among many recommendations, the advisory recommends the following preventive measures ands provides links to resources.
- Improve security of vulnerable devices
- Protect internet-facing services
- Defend against brute force and password spraying
- Defend against phishing
- Enable/improve monitoring and logging processes.
- Enforce multifactor authentication (MFA).
- Manage internal architecture risks and segregate internal networks.
- Apply the principle of least privilege.
- Deprecate obsolete accounts and infrastructure.