Managed Service Providers Failing with Weak Password Requests
A managed service provider is the best of both worlds for many small-to-medium businesses. You’re still getting use of amazing software and programming that would normally cost your company a small fortune, but can be scaled up or down to fit your needs. And you are not having to run the show yourself, rather there is a third-party vendor assisting you with all phases of the game including security, which also costs a significant amount of money, often well beyond what a startup can afford on the typical shoestring budget they operate on.
It’s no wonder that so many startups and small businesses subscribe to these managed service providers. When you are not spending so much time fixing your website’s glitches, making sure you can access all of your software and apps, and ensuing uptime from your website, you can turn your attention to the real nuts and bolts for your business to really get off its feet and hum along at a great pace.
Unfortunately, things can go wrong with your security, even when a powerful managed service provider is in play. While they typically have great security systems to repel attacks like phishing and DDoS (denied distribution of service), even if they are only as strong as the passwords holding the line, and those passwords are provided by you and your employees.
In a report called the UK Cyber Survey, that country’s National Cyber Security Centre found that the most-used password in instances of cyber breaches was “123456”. Yes, some 23.3 million users are estimated to use the first six numbers on your keyword as their go-to.
And that’s not even the half of it, a different survey put on by the US’s Virginia Tech University said that out 28 million users and 61 million passwords, more than one-half, 52%, were using the same password on multiple websites. That notion is a bit like using the same lock for every important thing in your life, with the knowledge that one key opens your house, your safe, your garage, your car, your storage facility, and your office. Once a thief has it in hand, it’s game over.
If you’re using an MSP, you need to see what its policy is on password control. MSPs that let clients use the same passwords over and over again or that do not demand that passwords be changed at least every few months are begging for trouble which will lead to a serious hit on their own brand and reputation. Using password management software like Dashlane can ease your life. If you’re looking to invest in an MSP for your business, make sure and ask lots of questions on how their security functions. You might consider using an independent password management system so that your employees don’t have to be responsible for multiple passwords, just one master keyphrase that opens all the locks for them, with the knowledge that the password manager will change said passwords routinely to avoid giving hackers a leg up into your business. A few simple steps can go a long way in keeping your company safe.