In a recent article by MSSP Alert, a Sacramento Law Firm that was hit by Black Basta in February 2023, is suing their MSP, LanTech LLC, due to negligence in securing their network and systems.
Acronis, the backup software provider used by LanTech LLC, is stated: “Our investigation revealed that access credentials may have been compromised outside of our systems and used to delete the firm’s backups and execute a ransomware attack,” the company said to the Sacramento Bee.
Many things jump out at me about this incident.
- Lawsuit claims LanTech and the law firm, Mastagni Holstedt had an oral agreement to “provide monitoring service, advice, installation, selling cloud backup and picking and selling software and hardware”.
- Have an agreement in writing
- Review the terms and what is actually covered under the agreement
- Check to see if your MSP has Errors and Omissions insurance
- Check into Cybersecurity insurance for your business
Make sure you talk to your MSP about cybersecurity risk!
Clients of MSPs, this is a SHARED responsibility!
You can’t protect against everything, but some things are easy, low hanging fruit to cover:
- Immutable backups – NO one should be able to delete your remote cloud backups
- You NEED Cloud to cloud backup for Microsoft 365!
- If you don’t take basic recommendations from your MSP – they should fire you.
