Security Best Practices with MSP360 Managed Backup
In this guide, we will cover security best practices for the MSP360 Managed Backup Web console and the backup software.
Web Console Security
We will start from the best ways to safeguard the Web console, since it allows you to fully control backup and recovery jobs, and your backup storage.
The root administrative account that is set in the tab Settings / General has full access to all resources of your MSP360 Managed Backup. We do not recommend you to share this account.
Instead, if you need to give access to the Web console to anyone from your team, go to the Users tab and, in the Administrators section, create additional administrative accounts with limited functionality.
There you can create accounts with granular permissions for various features of the MSP360 Web console. We recommend to give the minimum appropriate set of permissions to your administrative accounts.
In MSP360 Managed Backup you can enable two-factor authentication for all administrative accounts. To do that, go to the tab Settings, section General, and click the “Enable 2FA” checkbox. You will need to install Google Authenticator in order to be able to use it. This should be done for all administrative accounts separately.
Another security feature, IP whitelisting, allows you to narrow the range of IP addresses that can get access to your Web console. To enable it, go to the Settings tab and click “IP Whitelisting”. This feature is especially useful if your team works in the same area or you have noticed suspicious activity from a given range of IP addresses.
The end-user MSP360 Backup software allows users to manage their files and backups, and needs to be secure. Here are the best tips and tricks.
Update the Software
The latest versions of the MSP360 Backup software contain new and enhanced features, stability, and security updates.
Once the new version of the software is out, you will see a message on the main screen of your Managed Backup Web console, and on the Downloads slide-in. You will then need to create a new custom build.
To do that, click “Get newer version” or “Get More” and select the needed builds in the slide-in. In a couple of minutes, your builds will be ready.
Use Unique User Accounts
User accounts serve to authenticate your customers’ computers with the Managed Backup service. It’s best to use one or more user accounts per customer. You can set up user accounts by going to the Users tab. Don’t forget to secure them with a strong and unique password.
Encrypt Your Backups
MSP360 Backup software supports several data encryption options, including:
- Backup data encryption
- Backup file names encryption
You can enable these options from the Remote Management tab of your MSP360 Web console. Select the machine in question, add a new backup plan and find the section “Compression and encryption”.
You can also modify existing backup plans and add the encryption. If encryption options are changed, the user will be asked to choose whether to re-backup all files or not.
Alternatively to remote management, you can set encryption options on the endpoint software in the step “Compression and encryption” of the backup plan wizard.
Be aware that if the encryption password is lost, it cannot be restored.
Don’t Modify Backup Storage Manually
Don’t make any changes to the backup storage directly or using any third-party solutions. Any manual changes to the lifecycle settings or the storage, file modification or deletion may lead to the corruption of your backups. If you need to create a retention policy, backup, recover, or delete any files, use either the MSP360 Web console interface or the MSP360 endpoint backup software.
That’s it. Now you know how to maximize the security of your MSP360 Managed Backup Service. If you have any questions, feel free to contact our pre sales team.