6 password safety facts to remember in your managed IT business
Now more than ever, businesses need a thriving digital presence if they’re going to succeed. Across a wide array of competitive market verticals, meeting customers online has become paramount. Building the digital infrastructure necessary to successfully manage those online interactions is emerging as a major pain point for modern businesses—and a major opportunity for MSPs looking to build lasting partnerships.
For businesses investing more of their resources online—and moving sensitive information there in the process—keeping IT assets and proprietary data safe is crucial. If not, they put themselves at risk for a potentially debilitating breach. According to IBM’s annual Data Breach Report, the average global cost of one such attack has reached $3.92 million—with the average figure in the U.S. reaching a shocking $8.19 million.
Most MSP customers simply cannot afford the consequences of a data breach. However, while they may understand the general need to ramp up their cybersecurity efforts, that doesn’t always mean that those intentions translate into safe IT workflows and related best practices. For example, when it comes to passwords and employee credentials, 71% of accounts are protected by passwords used on multiple websites.
While cutting corners with passwords may seem innocent on a case-by-case basis, it can actually have dire consequences for your customers. To better understand the risks these shortcuts pose to business continuity and cybersecurity, consider the following six security facts as you work to invest in password best practices:
1. Longer passwords are tougher to crack
Today’s bad actors have increasingly sophisticated tools at their disposal to break into company accounts. While dictionary attacks use a list of common passwords in order to guess simple options, experts predict that quantum computing will make it possible for cybercriminals to crack even more complex credentials using sheer brute force. By making credentials longer and more complex, however, you and your customers can improve security exponentially and frustrate bad actors along the way. To complicate matters even further for cybercriminals, opt for a passphrase over a password.
2. Password reuse amplifies risks
With so many users relying on memory to keep their credentials in order, it follows that many employees will reuse passwords across accounts—both personal and professional. In fact, Microsoft’s threat research team found that 44 million users were using the same usernames and passwords that had already leaked online elsewhere. Reusing passwords—even ones that cybersecurity professionals consider strong—can make it much easier for bad actors to breach accounts.
3. Passphrases should subvert common speech patterns
In the ongoing struggle to craft stronger and more complex passwords, some users have turned to passphrases to boost cybersecurity. While passphrases—that is, passwords that utilize phrases rather than just specific words—can be an important strategy in password generation, they shouldn’t mimic common speech patterns too closely. In fact, one study out of Cambridge University found that it was surprisingly easy to breach credentials that mirrored regular conversation. Instead, users should employ numbers and special characters to make passphrases harder to breach.
4. Many cloud-based apps don’t require strong passwords
Cloud-computing and cloud-based apps have emerged as an essential tool for businesses over the last decade. In fact, most enterprises depend on dozens—or even hundreds—of cloud-based apps in order to maintain critical workflows. However, research shows that only 6.5% of cloud services require strong passwords. While some users may feel comfortable satisfying whatever an app’s password specifications happen to be, MSPs should consider requiring their customers to employ more complex credentials, especially with an increasing reliance on cloud services.
5. Too many organizations don’t store credentials properly
Usernames and passwords are the most basic kind of defense that enterprises have at their disposal. By securing accounts and controlling access to certain information, businesses can help ensure that only authorized individuals can gain access. Unfortunately, many organizations don’t take the necessary precautions to store organizational passwords effectively. According to a global survey of 750 IT security decision makers, 40% of businesses store passwords in a Microsoft Word document or fully readable spreadsheet. By doing so, enterprises expose themselves to cybercriminals and greatly increase their risk of suffering a debilitating breach. In fact, this is the very mistake that led to a massive hack of Sony Pictures in 2014.
6. Invest in a secure password manager
As MSPs help their customers grasp the gravity of security, they’ll also need to standardize and enforce greater credential security standards. To help manage the continuous process of utilizing safe credentials, MSPs should consider investing in a password manager to streamline the updating requirements across customer organizations.
With the N-able™ Passportal™ tool, MSPs can make password management easier and more effective—both for themselves and for their customers. As a cloud-based and automated solution, Passportal delivers intuitive protection for teams that need to invest in their overall cybersecurity posture. From strong password generation and change automation to enabling self-service resets with the Passportal Blink add-on , N-able Passportal helps MSPs centralize and enforce password best practices. This solution helps to eliminate reuse, automate routine maintenance, and enforce complexity to boost cybersecurity hygiene. Passportal also comes with a robust documentation manager designed to streamline documentation processes.
© 2021 N-able Solutions ULC and N-able Technologies Ltd. All rights reserved.