- Blog listing
- Why Securing Access to Kaseya is Critical
Why Securing Access to Kaseya is Critical
I hear a lot of the same things when I talk to MSP clients (and tech friends) who use Kaseya: It helps me run my business more efficiently and effectively. It allows me to manage the needs of my clients off-site. The platform is best on the market.
Perhaps my client Joel put it best: “Kaseya rules.”
It’s no secret that Kaseya’s advanced tools and options have made it a must-have for MSPs and tech professionals who are looking for remote monitoring and management (RMM) software. With Kaseya, MSPs can easily automate maintenance tasks, check out helpful analysis tools, and much more—all from their own home or office. The convenience factor alone has made Kaseya an incredible tool for MSPs looking to grow their business and revenue.
But while loyal Kaseya users love the convenience this robust platform offers, they also worry about what could happen if their Kaseya infrastructure got compromised. After all, Kaseya is so awesome because it allows incredible off-site access…the kind of access that a hacker or malicious cyber-criminal would love to get their hands on. Should a criminal somehow attain the system password (many hackers use advanced scripts and methods, like “brute force attacks” and “dictionary attacks” to get the passwords they want), they would be able cause some serious damage. Of course, hackers, by definition, are tech-savvy and they know that they can get deep with Kaseya. They also know that more endpoints mean more access points—and more weak links.
So how can MSPs keep their beloved Kaseya safe and secure? By stopping a security breach before it starts- with two-factor authentication (2fa).
Protecting Kaseya with Two-Factor Authentication
The vast majority of security breaches happen because of a compromised password. A hacker might use one of the advanced password attack methods I mentioned above, or maybe a terminated employee uses an older, shared, or stolen password to gain access and steal or destroy data. The possibilities are endless—unless the system is protected by 2fa.
In the world of IT security, there are three “factors” a user can present for authentication: something they know, something they have, or something they are. A system protected only by a password would be considered single-factor authentication. A user needs to enter only one security factor, the password, before gaining full access. With 2fa, a user must enter two security factors; for example a password (something they know) and a fingerprint scan (something they are) or one-time access code generated by a secure mobile app on their smartphone (something they have).
When a system is protected by 2fa, it’s virtually impenetrable to an outside attack. Because even if a hacker is able to “guess” your password, they won’t be able to present the second needed security factor, like a one-time code from your mobile app.
Because of the enhanced protection it offers, 2fa is quickly becoming the standard in IT security. Sites like Facebook, Paypal, and Gmail are already offering 2fa options to their users. Perhaps even more telling: compliance rules for industry governing authorities like HIPAA, FBI’s CJIS, and PCI now require 2fa for remote access activities.