Password security services distinguish successful MSPs from the generalists
(Last updated on January 18, 2019)
As digitalization puts greater demands on Managed Service Providers (MSPs), IT security offerings can help them standout. While it is not realistic to deliver every possible IT service, security is a focus point that can keep you up-to-date, and delivering true value.
Traditionally, proactive security measures belong to the realm of Managed Security Service Providers. However, as more and more MSPs detach from price-based competition, they must also find a way to improve their service offering. A specialization concerned with improving the weakest link, users and their passwords, separates successful MSPs from the generalists. MSPs see the value in improving IT security, but do their customers?
No one would hack us – think again
Because of their size, SMBs assume that they are of little value to cybercriminals. After all, when news of a cyberattack breaks, it is enterprises at the front and center. The catastrophic financial and reputation losses of larger organizations should not trivialize the threat against SMBs. Small security teams are actually more attractive to attackers as they are easier to penetrate. In a 2017 study analyzing the state of cybersecurity in SMBs, 61% of participants said their companies had experienced a cyberattack in the past 12 months. The aftermath of the incidents, damage and theft of IT assets, cost the companies an average of $1,027,053, not to mention the losses incurred because of disruptions to normal operations or reputation damages.
Just like any enterprise organization, mid-size companies hold critical data ranging from customer contacts, health data, credit card information, and so much more. For many, passwords are the thin layer protecting this data from the unknown. The study found that 59% of respondents do not have visibility into the password practices of their employees. Even worse, 22% of SMB leaders, and 19% of employees share their password with a coworker or assistant. When coupled with the fact that up to 81% of hacking-related breaches leverage stolen, default, or weak passwords, it is a recipe for disaster.
There can be many reasons as to why mid-size companies are not prioritizing password security. Some simply do not have the skills and resources to do this in house. These same organizations will struggle the most in the aftermath of a data breach. Managing a breach incident entails the help of costly consultants, and even forensic experts. That is just the tip of the iceberg. SMBs offering goods and services to data subjects in the European Union (EU) will also be subject to large fines mandated by the EU General Data Protection Regulation (GDPR). Given the enormous headache associated with a breach incident, the low-hanging security fruit, otherwise known as password security, is too critical to ignore.
Password security is the quick win
There is an opportunity for MSPs to offer security services with quantitative value to their clients. A password security offering can protect data, and devices, while strengthening customer relationships. A partnership with a password security specialist enables MSPs to offer these additional services without taking on additional costs. With solutions targeting security from its weakest link, the end-users, Specops Software is the leading provider of password management and authentication solutions. Our preventative blacklist solution, for use of leaked passwords, allows organizations of all sizes to align with industry standards. When used in combination with our self-service multi-factor authentication engine during the password reset process, Specops improves the end-to-end security of user verification – all without exhausting helpdesk. For more information about our password security solutions, and how a strategic partnership can add-value to your current offering, click here to get-in touch.
News headlines of data breaches serve as constant reminders of the risks associated with passwords. While more and more industry standards and best practice guidelines are recommending multi-factor authentication, the majority of organizations still solely rely on password based authentication. Even those who bear the responsibility of protecting the network, 86% of system administrators in…Read More
With less than a year until the EU General Data Protection Regulation (GDPR) takes effect, all organizations collecting or processing data for individuals within the EU are in the midst of developing their compliance strategy. The new regulation will carry an impact well beyond Europe. A recent PwC pulse survey found that over half of…Read More
Following a data breach incident, organizations following compliance standards, such as HIPAA, need to follow certain data breach notification requirements. This post will summarize some of these requirements, as well as regional-specific disclosure responsibilities. For the purposes of this post, a data breach, is an incident “where personal data has been subject to unauthorised access,…Read More