Hi to everyone,
this is my first post in this forum, I'm a happy user of msp360 for my customers and I've this think in my mind: "what happen in the worst data loss scenario where a hacker gets control of my customer's computer and, other than crypting/deleting everything, he also open CloudBerry Backup and try to delete all backups from Backup Storage tab?" What type of protection I can give to my customer in this scenario? Is there something I can do at CloudBerry Backup side or do I have to do something at BackBlaze level (I use B2B for storage)?
I understand the retention policies but can these be changed in a distruptive way by the hacker?
Thank you for your kind reply.
We don't disable the agent console on the client devices as there times that we need to utilize it.
Here is what we do:
1. Protect the agent/CLI with a password (as David suggested)
2. Disable the ability to delete backups from storage from the console (it is now disabled by default in the latest version). This necessitates using Cloudberry Explorer or the BackBlaze web portal to delete unwanted backups, but it is significantly better from a security standpoint.
3. Disable the ability to change backup/restore plans (which protects retention policies) using the console. There are rare times when we need to edit plans on the device console itself, so we change the company agent settings to allow it and push/install an updated agent on the machine. 99% of the time we edit the plans from the web portal.
Prior to these features being implemented in MSP360, we had that worst case actually happen. What saved us is they forgot to delete one of our three backups.