The reality is that most small businesses are not adequately secured against cybercrime. Among those are 65% of small businesses that don’t enforce a complete password policy at all. In light of this, it’s a reminder that with large amounts of critical business and employee information at risk, businesses should be looking for secure ways to protect and manage their information. Most MSPs do not know how their clients are securing their passwords, which creates a fairly significant point of vulnerability. So let’s take a look at how to set this right: think of it as the 4 Rs of password security: Reflect, recognize, recreate and rethink.
1. Reflect on your client’s current state of password security
Let’s start with simple reflection. How do your clients handle passwords? Do you know? How often is your client changing passwords, sending the new ones in an email to another employee, or leaving them written on a sticky-note beside their desk? If your clients are mismanaging their password security, you will still be the one blamed when they fall victim to an attack.
A quick Google search will give plenty of ideas on best practices for password strength and security. But 14 characters made up of mismatched numbers, symbols, and letters doesn’t ensure complete security. You have to make sure your clients' are going beyond that.
2. Recognize the risks
It can be challenging to get full visibility into the amount of sensitive data that is moved around online, and what security risk such movements might pose. An attack on a small business can ultimately cost more than the company is able to manage. Being a small business doesn’t reduce the security risk either. Despite the belief that hackers would rather focus their energy on a larger business, this is not often the case. Instead, hackers target small businesses as a means to eventually breach the larger companies they work with. Your clients' security risks are directly linked to any other company they are in business with.
3. Recreate the way your client’s business manages password security
Build awareness surrounding password security. You may wish to include security training as part of your value-added service. After all, security is not in the job description for only a few specific roles. All employees should be trained and educated on the importance of good security processes, like practicing good password hygiene. How do you ensure that your client isn’t recycling old passwords or only changing the last three characters every once in a while? Do they use multi-factor authentication to ensure that the identity of the person accessing confidential documents is who they are supposed to be?
4. Rethink password management
Here’s an idea: why not invest in one system that can manage all of your client’s password and security necessities for them? A system that stores and secures all of their information thereby reducing the risk of any internally or externally caused cyber breaches. IT Glue recently launched MyGlue, which can easily and securely manage all of your clients’ small business needs. It’s trusted airtight security is designed to hold all of the company’s passwords and processes in an easy-to-use platform. This way, the time it takes to search and remember passwords is greatly reduced along with the security risk associated with it.