COVID-19 Roundup: Datto on MSP Issues, Axcient and AT&T

MSPs already have been dealing with a high number of ransomware attacks, and now COVID-19 is presenting even more challenges for them.

While millions of people globally are working from home for the first time, the ability for MPSs to remotely manage employees’ technology is nothing new. That being said, with employees taking their computers and their company’s sensitive data home with them on such a large scale, MSPs need to consider what security implications they need to be prepared for as a result of COVID-19.

To find out more, we spoke with Chris Henderson, Datto‘s director of information security, about the challenges facing MSPs and their customers as the pandemic progresses.

Channel Futures: What new issues are MSPs dealing with during this pandemic, and do those issues involve both their own businesses and and their customers’ businesses?

Datto’s Chris Henderson

Chris Henderson: MSP’s are uniquely positioned where they are not only having to modify their business in order for them to do their jobs in servicing their customers, but they’re also having to modify the offerings that they are providing to their customers as those customers’ environments change. But a lot of the change revolves around supporting remote work and doing that securely, and making sure that you’re not opening up additional vulnerability simply by trying to service your customers.

CF: Could this leave them even more vulnerable, and therefore they need to take even more precautions?

CH: I’ve heard that people are rapidly trying to support work from home by doing things like enabling remote desktop protocol (RDP) sessions into their environments rather than standing up a secure VPN. And those are the types of scenarios where we’ve seen huge increases of attacks on honeypots to open RDP endpoints, and so an increase in attacks is coming, especially as we are on the tail end of this and other state-sponsored attack countries are just finishing up with their quarantines.

CF: Has this speed of this massive switch to working from home created additional challenges?

CH: I think so. In the rush to do it, and get people up and working, I hope that people are taking the time to make sure that they are supporting these people securely and not opening them up to further attack by enabling insecure remote working protocols.

CF: What technical and security challenges should MSPs be thinking about to ensure business continuity during COVID-19?

CH: Most companies with an MSP likely have a business-continuity plan with them, and that business-continuity plan needs to be revisited at the current time. The systems that were critical likely are still critical, but perhaps the data access patterns have changed. Additionally, you have everybody’s home computers potentiallynow becoming critical backup targets if you’re not using something like Office 365 or Google Apps, or an enterprise file sync and share. If people are just working local on their desktops, you really need to consider how do you abate the risk that comes from working out of the house that is not necessarily present when working at the office.

CF: How can employers keep track of what devices workers are using from home? That could create additional difficulties, right?

CH: I think that there’s an interesting decision to be made around, do you ask remote employees who opt to use personal devices to put managed remote monitoring and management (RMM) solutions on those personal devices, and how are they going to deal with those privacy challenges?

CF: Does the fact that nobody knows how long this pandemic is going to last create additional issues?

CH: The longer this whole situation lasts, for MSPs and their customers, it presents an interesting challenge if additional …