Did you know that 81 percent of data breaches are due to weak or stolen passwords? Managing passwords is a struggle for all IT admins and managed service providers (MSPs). Phishing, social engineering and unsecured networks have made password based authentication insecure for some time. Yet many businesses have not attempted to close this security gap.
Some organizations, especially government agencies, are often slow at updating their technology and processes due to budget constraints and other factors. They may be stuck with their legacy processes and systems. But, no one can afford to delay implementing basic security measures to protect the business.
Another reason why enterprises may have weak access management processes is due to the poor alignment of cybersecurity and identity practices within the organization. According to a recent analysis by SecureAuth, about 59 percent of IT decision-makers were said to have kept cybersecurity and identity decisions separate in their company. This kind of siloed environment can veil security threats, risking the company’s systems and data.
In today’s age where security breaches have become an everyday occurrence, password-only authentication is not sufficient. Organizations should be looking for more than a username and a password to protect their networks.
Increase Security with Two-Factor Authentication
Two-Factor Authentication (2FA), a form of multi-factor authentication, provides a second layer of authentication to access your systems by requiring users to provide a password (something they know) and a mobile app or token (something they have).
An effective way of implementing a 2FA is to generate an ever-changing code, usually sent to your mobile device (via text or call), after you have entered your username and password.
2FA is one of the easiest methods to prevent cybercriminals from hacking into your systems by taking advantage of weak or stolen credentials (passwords). The fact that you need two authentication elements to login increases the level of security significantly. It also allows employees to work remotely without the fear of being breached.
Another important advantage of implementing 2FA is related to compliance with industry regulations. Regulatory standards such as Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) require secure and authorized logins of users into company networks to help prevent data breaches. In fact, PCI DSS Requirement 8.1 clearly states the requirement to incorporate 2FA for remote access to the network by employees, administrators, and third parties.
The Opportunity for MSPs
Adding 2FA to their managed security services is an excellent growth opportunity for MSPs. It enables them to secure their clients’ networks from unauthorized logins and hackers. Small and midsize businesses (SMBs) usually have a small IT team with a limited IT budget, which makes it difficult for them to manage complex networks. In such cases, they may decide to outsource some or all of the IT function to an MSP rather than staff up to manage it themselves. In the case of IT security, an SMB may want the MSP to handle this and provide not only the technology but also the training of employees in the proper use of 2FA and other security best practices. In cases thike these, MSPs can step in and deploy a 2FA solution that enhances the security posture of the client company and keeps their data secure.
Selling security solutions can be a tricky business for MSPs. Even with breaches hogging the news headlines every other day, many SMBs choose to ignore it as they don’t realize the risks they could face.
If you want to learn to build a security practice that increases your recurring revenue sales and profitability, register for our webinar How To Avoid MSP Security Pitfalls.