Situation
There is always a possibility for situations when the backup data could be modified or deleted from the remote or local storage manually by an individual or by using malware tools.
While any MSP should always be cautious about the possibility of intentionally or non-intentionally harmful actions, it is a good practice to set up proper security measures on the MSP portal and Backup agent levels.
Solution
Securing Backup Agent Application
In order to prevent the above-mentioned situations on a Backup Agent level, make sure to protect the application with master password, so that the Backup Agent cannot be accessed unattended to meddle with backup/restore plans or overall settings of the application.
Furthermore, it is recommended to be mindful of the necessity for the end user's ability to remove the data using the Backup Storage tab of the Backup Agent software. This ability can be revoked in the Management Console > Settings > Global Agent Options > Backup > Enable Data Deletion in Backup Agent:
This way you can ensure that the Backup Storage tab cannot be abused for unsanctioned data removal:
Securing Management Console
To improve the security of the Management Console, use the two-factor authentication for your MSP account as well as for each of your sub-administrators. With that measure in place, data removal through the Management Console > Organization > Users cannot be abused:
The 3-2-1 backup storage strategy is a cornerstone of safe backup data storing. By complying with that strategy you ensure that your backup operations will be properly secured from human error as well as internal and external threats even in case of issues with one of the backup storage accounts.
You can also restrict access to the Management Console on the basis of the used IP address.
Additionally, make sure to comply with the best-recognized security practices: