Managed service providers (MSPs) play a critical role in protecting clients from the latest cybersecurity threats. While this can involve some complex software implementations and service offerings, it can also mean helping clients to master the cybersecurity basics, such as eliminating weak passwords.
It only takes a single bad password to cause a cybersecurity incident, the impacts of which can range anywhere from stolen data to completely halted operations due to ransomware. Over the past year, we’ve seen a number of high-profile examples of how a single weak password caused immense damage, including the Colonial Pipeline attack, in which a bad password ultimately led to an attack that halted the flow of nearly half of the fuel to the East Coast.
In fact, the 2021 Verizon Data Breach Report found that more than half — upwards of 61 percent — of data breaches were caused by passwords that were weak, for example, because they were easily guessable, not sufficiently complex, or set by default. Weak passwords are more common than you might think, to the extent that the most common passwords in 2021 included “12345”, “password”, “qwerty”, and “11111”. While some may laugh at these silly passwords, the fact that they are still some of the most common passwords out there presents a huge risk to organizations big and small around the world.
The best way to limit this risk vector to an organization is to implement best practices for strong passwords across the entire company. These best practices can include enforcing unique passwords for every account and ensuring that these passwords are long and unpredictable, and contain different types of characters.
An MSP can play a critical role not only in implementing these best practices, but also in providing organizations with the tools they need to optimize them. Each of these actions is an opportunity for an MSP to drive more revenue generation with their clients through new services and tools, as well as further establish themselves as a trusted advisor by helping their clients mitigate risk.
The poster pack includes:
- Best practices for creating strong passwords
- Reminders on how secure passwords should look like
- A chart to check if your password is secure enough
One common tool that an MSP can offer a customer is a password manager. A password manager is either a piece of software or a browser-based application that stores passwords in an encrypted vault that users can quickly access or set to auto-populate when it’s time to log in. The result is that users only have to remember a single complex, secure password, versus potentially hundreds.
When choosing a password manager to recommend to customers, MSPs should make sure that it is fully encrypted and thoroughly protects users’ data. MSPs should also look to ensure that the user interface is very user-friendly, otherwise a user might choose to avoid the hassle of using the tool and therefore eliminate any potential benefits it might provide. There are many password management options to choose from, including a number that are purpose-built for MSPs to offer to their customers.
The password manager can be offered as part of the MSP’s overall cybersecurity package, or as an optional add-on for a monthly subscription cost. In addition, the MSP can consider offering cybersecurity training services to a customer, including how to use the tool, and teaching password best practices and overall cybersecurity awareness. These services can be offered to customers as a single training event or an ongoing package.
As the number of cyberattacks continues to rise, MSPs often stand on the front lines of their clients’ protection, helping them limit risk. Password management is one simple way to make a big difference when it comes to lowering overall cybersecurity risk — something that benefits both the MSP and its customers for the long term.
- Phishing response checklist
- Phishing awareness training slides
- Anti-phishing posters
About the author
Kurt Abrahams is the Vice President of Marketing at MSP360 with expertise in technology marketing, cybersecurity and AI based technology.