As cyber criminals pivot towards targeting a small and medium-sized business’ vulnerable credentials and privileged accounts to access their sensitive data, SMB end users are not equipped to tackle these sophisticated threats, relying on their Managed Service Provider (MSP) to secure their key accounts and data.
However, as MSPs adopt and deploy solutions to protect their clients’ Active Directory, Azure AD, local admin, domain admin, or service accounts, they often have to work with their clients to close major security gaps that threat actors can exploit. Here are the top five mistakes that CyberQP Partners often encounter and how you can avoid them:
Failing to properly monitor privileged accounts.
Due to a massive talent gap in the cybersecurity landscape, SMB employees may not know what a privileged account is, much less how to monitor them. However, when an MSP refers to a privileged account, they’re generally referring to an admin account, or an account with elevated privileges and access to other elements of an organization’s technology ecosystem.
To make matters more difficult, even if an SMB has complete visibility into all of their privileged admin accounts, it’s often difficult to manage all of these accounts at once. These account passwords need regular rotations to stay one step ahead of cyber criminals, which may take advantage of compromised or reused credentials to access an SMB’s systems.
In order to address this issue, MSPs need a scalable solution that can automate the process of regularly managing these privileged accounts, from password rotations to discovering new or unmanaged privileged accounts across all of their clients.
Relying on weak passwords.
Weak passwords are the Achilles heel of too many SMBs around the world (In fact, the weakest password of 2022 is still just “123456”). And credentials reused across multiple accounts can pose an equal risk to end users. To make matters worse, it can be difficult to convince end users who aren’t security-aware to buy into implementing more complex passwords.
However, implementing strong and unique passwords across an SMB’s security estate remains a key line of defense against threat actors, and MSPs can set the standard by employing stronger password across an SMB’s most important attack surface – the privileged accounts they need to manage their day-to-day.
A robust Privileged Access Management tool will enable an MSP to quickly and easily implement strong credentials across their client base. It won’t just allow MSPs to rotate passwords with ease – it’ll also generate strong passwords for these accounts. For example, CyberQP is capable of generating 99-character credentials and passphrases to secure an MSP client’s privileged accounts.
Storing credentials in insecure locations
All too often, when an MSP onboards a new client, they find that their new client is not securely storing their credentials. Often, they rely on their MSP to implement password vaults or store key passwords within their documentation tool.
Unfortunately, enterprise password managers and PAM solutions are often either too expensive or offer management capabilities that aren’t suited for MSP or SMB needs. So to solve this problem, an MSP’s Privileged Access Management tool should either integrate with the password vault within the MSP’s documentation tool, or write back to the tool’s own secure password manager.
Not enforcing a strict access control policy
The day-to-day operations of MSPs and SMBs alike require strict access control in order to ensure that a company’s sensitive accounts and data are accounted for. At SMBs, their employees will come and go, and if an MSP has enough clients, it may be difficult to determine if a caller or a person requesting a password reset is who they claim to be. And for MSPs and SMBs that employ contractors for one-off projects, it’s difficult to find the time to manage access to key resources for limited times.
That’s why MSPs need a tool that enables them to maintain strict access control policies. This might include a solution that provides greater visibility into privileged account activity with actionable alerts, visualizations of stale (or now-inactive) admin accounts, and audit logs for privileged account events to detect and deter insider threats. They can also use solutions like Just-in-Time (JIT) accounts to provide limited access to outside workers or temporary users.
Not enabling Multi-Factor Authentication (MFA)
However, according to today’s common knowledge, strong passwords alone aren’t enough to prevent threat actors from accessing accounts. In fact, CISA now recommends that businesses implement multi-factor authentication for another layer of protection around their key accounts. By requiring another proof point to confirm that an end user is who they claim to be, SMBs and MSPs that require MFA can deter cyber criminals holding compromised credentials or tools to brute force their way in.
Establishing a robust PAM strategy
By implementing solutions that address these issues and bring their clients in line with best practices, MSPs can secure their clients and also access more key methods of protection, including cyber insurance.
CyberQP is dedicated to becoming a turnkey security partner for MSPs by developing Privileged Access Management and security automation solutions, purpose-built for their needs. As cyber insurance eligibility requirements begin calling for tools that address today’s threats, our team is dedicated to help MSPs attain coverage and keep their end users safe by creating and implementing a strong PAM strategy. If you’re interested in learning more – click here to set up a quick demo with our product specialists.
This guest blog is courtesy of CyberQP. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.