[SECURITY |6 MIN READ] We are delighted to announce that a new workflow automation feature based on triggers, filters, and actions is now available for SolarWinds Passportal partners.
As a managed services provider (MSP), you likely spend a good amount of time thinking about your customers’ password security. As you are often responsible for helping manage passwords for a wide range of other businesses, it could become easy to let your own company’s password security fall to the wayside—but that would be a mistake. Protecting your own passwords is critical not only for protecting your own assets, but also for preventing bad actors from gaining access to your customers’ assets.
How do companies store passwords?
The unfortunate reality is that many people today still use incredibly insecure methods to safeguard their passwords. Many people simply store passwords in the places most easily accessible to them, such as on documents or notes applications on their phones or laptops. Some people even write their passwords on sticky notes and leave them near their desktop. These methods are practically asking for your accounts and business to be exposed to data theft and cyberattacks. While MSP technicians tend to know better, even the most technically savvy users might be known to resort to the most convenient rather than the most secure methods from time to time.
Other companies may use a master document or spreadsheet where they keep all passwords, mistakenly believing this is more secure than sticky notes. The issue with using spreadsheets or other document types is they are simply unsecure. If bad actors gain access, it’s all too easy for them to download and copy spreadsheet files. A lack of audit capabilities also means it will be hard for you to trace a breach or prove compliance.
Additionally, spreadsheets are highly subject to human error. It is all too easy for a password to be changed but not updated in the file. This can lock you out of critical programs or platforms, reducing productivity and wasting time.
MSPs that value password security are advised to make use of password management tools, which can dramatically improve employee productivity while keeping passwords safe and secure. Many of these tools feature granular access control, which allows you to define who in your team has access to which settings and system components.
How important is it to store passwords securely?
Secure password storage is important for a number of reasons, the most notable of which is it allows your MSP to employ strong passwords without the pressure to remember them. The best passwords are long, complex, and generated arbitrarily. This makes them very difficult to remember, which means hackers are less likely to succeed in guessing them.
If you leave it up to your team members to memorize them, however, you may end up resorting to frequent password resets—which eventually tends to result in weaker passwords over the course of multiple resets. If your password storage is secure, it offers you the ability to generate complex and random passwords for all your platforms and accounts without fear of forgetting or exposing yourself to cyberthreats.
In order to maximize the effectiveness of any password management tool you implement, here are five best practices for storing company passwords.
1. Establish a single point of contact
To optimize your MSP’s responsiveness to password protection and data security issues, it is best practice to establish an official point of contact within your organization. This individual will be responsible for answering any questions other employees might have, disseminating password protection policies throughout the company, and escalating any password breaches appropriately. Having a designated contact for password security can save precious time during a breach and streamline your response.
2. Keep employees informed and aware
One of the most important best practices for improving password security is making certain your team is aware of how much of a threat poor password practices can pose to your MSP’s data. Companies should consider disseminating information during initial training with regular reminders in meetings, or in the form of a guide distributed to all employees. This should include making staff aware of the risks associated with using a poor password, like data theft and other cyberattacks.
3. Define and enforce password policies
What does a strong password look like? First, a password should be complex and at least eight characters in length. Special characters, like apostrophes and brackets, can help add complexity and make it harder for hackers to guess passwords. Second, passwords are strongest when generated randomly. This means you should avoid using names, locations, or dates that might be easily guessed.
Remember there is a lot of personal and company information circulating online, whether you realize it or not—which is why passwords with dates and names can be so easily guessed by hackers. Last, ensure different passwords are used for each platform or account in use, and that passwords are changed immediately if you suspect your details may have been exposed or you’ve been alerted of suspicious activity on an account.
Defining password policies is a good start, but properly enforcing them is what will really take your security to the next level. Unfortunately, many people know the implications of poor password security but do not implement the recommended password policies. MSPs can enforce their password policies by adjusting their password settings via a password manager to monitor certain requirements. For example, MSPs should use their tool to ensure that, at minimum, passwords are over eight characters in length and include numbers, uppercase letters, and special characters.
4. Define policies for changing passwords
Even the most robust passwords must be changed from time to time. However, with the release of the new NIST guidelines at the end of last year, it’s become more clear that mandating regular password changes can actually have an adverse effect on password security.
It is much more important for passwords to be changed when employees leave the company, to prevent them from accessing data from outside the organization. As soon as an employee leaves, their passwords should be changed immediately across all platforms and accounts they had access to. To ensure things like this don’t slip through the cracks, employees should be made aware of the company policy on changing passwords—and a password manager can help execute on these changes.
6. Boost productivity with a password management tool
One of the main reasons companies fail to implement appropriate password protection and storage policies is because doing so can decrease productivity. The additional meetings, trainings, updates, and even the need to remember multiple complex passwords can use up a significant amount of time. Ensuring productivity is not affected will go a long way in encouraging employees to follow password best practices. To prevent productivity from being impacted by your password management strategy, consider using a secure password manager that can store all your passwords in one place.
Documentation management tools and password managers can streamline your processes by storing company passwords in a centralized location, with just one master password required in order to obtain access. This will also save time otherwise spent retrieving forgotten passwords.
The best tool for storing company passwords
Choosing between the many password and IT document management tools on the market can seem like an overwhelming task. If you’re looking for a solution specifically designed for MSPs, however, SolarWinds® Passportal is the clear choice. This tool was designed specifically for MSPs and can help technicians get rapid access to the privileged data needed to support their customers.
Passportal is a highly advanced password management tool that uses military grade password data security to keep your MSP secure. All Passportal security features are tested and audited by some of the leading security assessment firms in the world, ensuring you receive uncompromised security. Passportal also includes granular access control, which lets you choose which functions can be accessed by each user. Granular data access assignments can be applied at numerous levels, such as subfolders, clients, and individual passwords.
For busy MSPs, a tool like Passportal can help ensure you’re providing top-notch password security—both for your customers and within your own organization. With a tool built with MSPs in mind, applying these five best practices has never been easier.
To learn more, access a demo of Passportal today.
- Cybersecurity Tip #8: Observe Password Best Practices
- Passphrases Over Passwords
- NIST Cybersecurity Framework Overview
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.