[SECURITY | 3 MIN READ] As the scope of data breaches widens, MSPs need to ensure their customers’ infrastructure—and their own—is secured with sophisticated password protections.
Today’s businesses know they need to take cybersecurity seriously, but that doesn’t mean everyone is safe. In fact, the first six months of this year saw more than 3,800 publicly disclosed data breaches. In all, these breaches compromised 4.1 billion digital records—and those are just the cyberattacks that were openly acknowledged and recorded.
Clearly, the digital landscape is still a dangerous place for organizations in both the public and private sectors, especially those with sensitive information to protect. While the pressing nature of cybersecurity means businesses have more tools at their disposal than ever to defend their IT infrastructure, too few organizations do enough to protect one of the most critical aspects of modern cybersecurity—passwords.
From reusing weak passwords across multiple accounts to ignoring the benefits of two-factor authentication (2FA), there’s a whole bevy of password security mistakes that managed services provider (MSP) customers can make that may leave them vulnerable to cybercriminals. Understanding what it looks like when cybercriminals compromise these credentials or hack your accounts can help you get a better idea of how to properly secure digital profiles with effective tools.
How Do I Know If I’ve Been Hacked?
Depending on the type of cyberattack you or your clients experience, you may not immediately notice your accounts have been compromised. For example, cybercriminals looking to commit credit card fraud often make several small, easily missed purchases on a card to test how far they can go. After that, they’ll move on to larger purchases you’ll likely notice.
However, hacked accounts give telltale signs. Your contacts may report getting emails or direct messages that you don’t remember sending, many of which might solicit them for money to help you out of an emergency. Similarly, profiles may have posts that you didn’t make yourself and your “Sent” email folder may be empty. Finally, if you’re having difficulty logging into your email or work-related accounts, it’s likely a cybercriminal compromised them.
Oftentimes cybercriminals simply resell your passwords to other bad actors, which means you shouldn’t reuse them for other accounts later down the line. Simple web tools like “Have I been pwned?” can help you determine for certain if a data breach compromised your accounts.
Is My Password Secure?
Once you’ve determined a cybercriminal hacked your accounts, you should take steps to secure them and regain control. First, run cybersecurity programs such as antivirus software to detect malware and remove it. This will ensure your efforts to correct the damage done by cybercriminals will be effective and won’t be further compromised.
You should also change passwords elsewhere to minimize the possible damage a bad actor can cause. This will involve checking on other sites and applications that use the same login credentials as the compromised account. To manage these changes and secure a range of accounts, password managers that help you create strong passwords and set stringent password requirements will be critical tools.
Finally, it’s a good idea to alert contacts that your accounts have been exposed to cybercriminals. By updating them on what’s happened, you can contain collateral damage and ensure that attacks don’t spread through phishing and social engineering attempts.
What Are Credential Security Best Practices?
While taking the necessary steps to contain a breach once it’s occurred is imperative, it’s also crucial to adhere to credential security best practices before you or your clients have been hacked. Taking the proper password security precautions can help organizations avoid the bulk of cyberattacks and better defend their digital infrastructure.
For example, you should train employees to identify phishing and social engineering attacks to reduce the chances of them clicking on harmful links or downloading unknown attachments. Organizations should also opt for 2FA—a service that sends a push or passcode to your smartphone—to make it that much more difficult for cybercriminals to bypass your defenses.
Finally, MSPs should invest in a password management solution like SolarWinds Passportal. With built-in password changes and password rotations, Passportal helps keep accounts safe by automatically executing industry best practices. Plus, an encrypted password vault with multi-factor authentication (MFA) makes documentation, reporting, and auditing effective and more secure.
- Cybersecurity Tip #2: Get Up to Speed on Social Engineering
- Cybersecurity Tip #6: Be Proactive with Threat Protection
- Cybersecurity Tip #3: Safeguard Client Data
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.