Did you remember to enable MFA by default?
Do you know if a former staff member still has access to AWS cloud environments?
This isn’t a pop quiz, but rather a guide that highlights the common security mistakes MSPs must be aware of to protect client environments and sensitive data.
Failure to enforce password hygiene, conduct routine cyber risk assessments, or properly deprovision cloud access for former employees and inactive third parties can leave clients’ systems and inboxes vulnerable to attacks. In this article, we’ll explore the top 5 rookie cybersecurity mistakes and how MSPs can avoid them.
Neglecting to invest in employee phishing awareness
How confident are you in your employees’ phishing awareness training levels? Corporate inboxes are prime threat vectors for attackers. Untrained employees might not be able to recognize a spoofed domain masking a malicious reply-to address, a fake MFA reset link pointing to an attacker-controlled SSO landing page, or a PDF with malicious JavaScript embedded when opened.
Employees may also fall for seemingly legitimate OAuth consent requests that grant attackers persistent access to critical infrastructure. One click is all it takes to expose sensitive data at scale or deploy ransomware across critical systems. A recent phishing campaign exploited a flaw in the Microsoft 365 Direct Send feature to bypass traditional email security filters.
Attack methods have become so sophisticated through the use of AI that even the most experienced security professionals struggle to distinguish genuine requests from advanced social engineering attempts. Here are 33 phishing statistics you should take note of as well.
Guardz tip: Conduct routine phishing simulations using a variety of campaign templates to ensure employees are familiar with company policies and security protocols. Test and measure their performance on a monthly or quarterly basis to identify areas for improvement or document where additional training may be needed. Phishing awareness and employee cybersecurity training is essential for every organization, regardless of sector or size.
Misconfigured cloud services
“Small” misconfigurations in cloud storage buckets and compute environments can expose your entire infrastructure to compromise. Whether it’s an unpatched Azure VM, an overly permissive AWS S3 bucket policy, or a misconfigured Kubernetes cluster running with elevated service account permissions, attackers can exploit these gaps with minimal effort using automation tools that can be purchased on the dark web.
Cloud risks become even more difficult to detect when clients engage third-party service providers who may inadvertently introduce new vulnerabilities. The attack surface expands across multiple identities, workloads, and shared responsibility boundaries, making it harder to maintain visibility into configuration drift, unauthorized access, and risky privilege escalation paths.
Guardz tip: Set and enforce cloud policies and ensure that everything is documented in your SLAs, including configuration baselines, access controls, network segmentation rules, monitoring requirements, and remediation timelines. This creates accountability and alignment between your clients and any third-party vendors working within the environment.
Ignoring multi-factor authentication (MFA)
Multi-factor authentication (MFA) is the most foundational security building block for protecting accounts and sensitive systems.
Microsoft found that more than 99.9% of compromised accounts don’t have MFA. Not only do you risk unauthorized access to client environments, but you also expose critical assets such as admin portals and backup servers to direct compromise. Attackers can also steal session tokens from unsecured networks or exploit exposed endpoints to run privileged commands. The list goes on. You get the picture.
Guardz tip: Configuring multi-factor authentication (MFA) is one of the simplest and most effective ways to prevent unauthorized access and phishing attacks. Enforcing MFA by default, integrating it with SSO solutions, and using phishing-resistant methods like FIDO2 tokens can significantly reduce the risk of credential-based compromises. Require employees to create strong passwords, ideally 15 characters or more, and ensure they do not reuse the same credentials across company accounts. This is a fundamental control and a rookie cybersecurity mistake that should never be overlooked.
Granting excessive permissions without review
A study found that 23% of cloud identities have critical or high-severity excessive permissions.
How about those inactive users who still have access to cloud environments? Are they former employees who haven’t been properly offboarded? Can you recall the last time you conducted a full audit of user access and permissions across all client accounts?
A publicly exposed API key can provide attackers with unauthorized access to your clients’ cloud infrastructure, where they can remain undetected, silently exfiltrating data through infostealers, creating backdoors, or deploying malicious scripts to compromise workloads, alter configurations, and move laterally across environments.
A single admin user can have over a thousand permissions tied to their identity. If that cloud account is compromised, the blast radius can grow exponentially, and a massive breach may follow. Don’t put yourself or your clients at that risk.
Guardz tip: Start by enforcing the principle of least privilege access across the organization. The same goes for third parties, vendors, contractors, and partners, who should only have the minimum level of access. Stale accounts are often overlooked, especially if those admins change roles or leave the company. Conduct regular access and permission audits of all cloud environments and ensure that credentials are rotated or revoked as necessary.
Prevent Cybersecurity Mistakes with Guardz
Don’t fall for that suspicious “no-reply” email or malicious PDF file attachment.
The Guardz unified platform connects the security dots across endpoints, cloud, data, identities, and more.
Guardz scans and analyzes current authentication and access control settings. It then recommends areas for immediate improvement, such as suspending user accounts, modifying sharing permissions, and checking user compliance.
Whether you’re securing 500 or 5,000 endpoints, you simply cannot afford to make any mistakes with your clients’ sensitive data and assets. Avoid those rookie cybersecurity mistakes. Join thousands of MSPs protecting their clients with Guardz. Get started today.
- Share On:
