Image Above: MSP Technicians working in the Help Desk and Network Operations Center (NOC) at Collabrance in Cedar Rapids, Iowa.
I recently purchased a home. I was excited to have a nice sized space for my family. We crossed the T’s and dotted our I’s and the place was ours! When we received the keys, I asked the realtor for the garage code. She looked at her file and said the code was “1234.” “Gee I hope that isn’t someone’s first guess,” I said sarcastically, the realtor and mortgage banker chuckled a bit. This interaction got me thinking of all the times, as a Managed Security Service Provider (MSSP) technician, customers have asked me if we can reset their password to “password” or “123456” or just nothing at all. I thought about my comment in the bank office and how it was painfully true.
Cybercriminals, disgruntled employees, and even angry spouses always try those common passwords first.
Why? Because many people still have their passwords set to those low security, easy to remember options. Today, I read somewhere that the average person has 20+ online accounts. With this many accounts to keep track of, it’s easy to be tempted to set your passwords to something easy to remember or easy to type. However, this practice can cause big security problems! Not only do cybercriminals try those passwords, but their programs will try them too. Cybercriminals often use password cracking tools that can run through thousands of different combinations within minutes. If a user's credentials are easy to guess, it wont take long for it to be cracked.
In my experience working on an IT help desk, many users tend to have the same (or very similar) credentials for multiple applications. What if a user is using the same password for social media and their active directory account? What if that user is one of the hundreds of millions who had their Facebook password breached? If a cybercriminal now has your user’s Facebook credentials, they may now have the keys to confidential files, VPN, maybe even the server.The whole business can be compromised because one person decided to take the easy route and use the same password.
These days, most services require a strong password. Even simple things like fast food mobile applications have password policies. Shouldn’t your MSP at least require similar password standards? How important is the safety of your user’s organization to your MSP.
Small to medium sized businesses are a top target for cybercriminals.
One reason for this is they often do not have the stronger cybersecurity policies that large corporations tend to have. However, even the large organizations still have vulnerabilities. Ransomware runs rampant. Cybercriminals are attacking personal accounts, non-profits, small business, corporations and even cities.
As a MSP/Help Desk team, there are some simple precautions you can take to ensure users have a strong passwords. One of the first things you should do is require users to have complexity in their passwords and update them often. This would mean if a user is allowed to change their own domain password, it will not accept the new password if it doesn’t meet the complexity requirements.
These password policies may appear to be extra work or be perceived as an inconvenience. However, strong password policies are a small inconvenience worth enduring since it can help save a user and their company from major cybersecurity issues in the future. Providing security awareness trainings and having conversations with your customers explaining to them the “why” behind these password policies will go a long way in enforcing the use of stronger passwords, as well as empowering your customers to know they are doing their part to help protect their company and themselves.
Customers are relying on their MSP to help manage cybersecurity risks for them. If your MSP is looking to expand your managed security offering, take a look at how our MSSP Offering can help you and your customers.
Trevor is a Service Desk Triage Specialist at Collabrance. Trevor has his Associate of Applied Science degree in Computer Support.