10. FBI, CISA Urge MSPs To Use MFA, Whitelisting

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) urged MSPs affected by the Kaseya attack to enforce multi-factor authentication on every account that’s under their control as well as for customer-facing services. Federal authorities said MSPs should use whitelisting to limit communication with remote monitoring and management (RMM) capabilities to known IP address pairs.

Alternatively, the FBI and CISA said Sunday that MSPs can place RMM administrative interfaces behind a virtual private network or behind a firewall on a dedicated administrative network. MSPs – particularly those without an RMM service running due to the Kaseya attack – should ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network, feds said.

MSPs should additionally adopt a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available, the FBI and CISA said. All told, CISA and FBI said MSPs should implement multi-factor authentication as well as the principle of least privilege on key network resources admin accounts.