Are You Talking to Customers About Password Security? You Should Be
It seems a week doesn’t pass without news of some sort of security breach related to bad password practices. This problem is exacerbated now because common authentication technologies like Active Directory and LDAP don’t apply when it comes to cloud apps being introduced into the workplace by users.
From iCloud to Dropbox, the ever-increasing use of “bring your own apps” in the workplace only increases the danger that a business’s most important systems and documents can be compromised by the sloppy password hygiene of a single employee. In an age of cloud-based business apps, the “one-password-used-everywhere” mentality just won’t cut it.
This represents an opportunity for MSPs to provide valuable counsel to their clients while potentially adding new revenue streams.
There is no denying that Dropbox, Google Apps, join.me, Salesforce and countless other cloud-based apps are fantastic services that genuinely make our personal and our work lives easier, more fun and more productive. But while the vendors of all these services can build a moat filled with hot oil around their cloud services, if the end users of any account leave the drawbridge down and the front door unlocked, well, then the moat is moot.
And while a breach of personal accounts is at best inconvenient and at worst a major nightmare, when a business account is breached, we are at a whole new level of potential trouble: financial, legal, regulatory, trade secrets–the very survival of a business can be at stake.
MSPs can approach the cloud security conundrum with their customers in any number of ways:
- Education: Bring it to your client’s attention. Don’t assume that customers are fully aware of the password-related security breaches. We may live in the world of tech every day and know all about it, but our customers are busy running their businesses and might be only peripherally aware or completely oblivious.
- Offer a solution: There are any number of tools available to make it nearly impossible for cyber-crooks to take what’s not theirs. While no system is 100 percent foolproof, a typical thief (who, by his very nature, is prone to taking the easy route) will move on from targeting a secure system to one that is easy prey. The simplest way to shut down the re-use of passwords is to use a password manager. Let your clients know that this tool is available and advise them to start using one immediately. In addition, tell them about other security measures such as two-factor authentication and file encryption products.
- Service: If they don’t have the time or the inclination to do it themselves, offer to set up a security regimen that works for how their employees use cloud-based apps, as part of your current service offering or as a value add-on.
The almost daily headlines of password-related breaches are a reminder that it’s not a matter of if but when this will happen to a business without the proper security protocols in place.
Ted Roller is vice president of Channel Development at LogMeIn. This guest blog is part of MSPmentor’s Platinum Sponsorship Program.
Great article, I wish more
Great article, I wish more companies stresses the importance for a secure password. This is exactly why I use a password manager to generate unique and complex passwords for each of my individual accounts. I recommend checking out RoboForm if anyone needs a good password management solution.
I started using a password
I started using a password manager called Roboform about two years ago at work, then I downloaded the personal version at home. Password security should be on the top of ever company’s security priorities list- just look at all of the data breaches that have occurred in the last year!
I’ve actually been helping my
I’ve actually been helping my customers find solutions for password management in the recent past. Most of them ending up using RoboForm Enterprise.