Understanding Cyber Risks as an MSP
The stakes are high.
Compromised credentials are a primary attack vector, with APT groups increasingly targeting MSPs and their clients. In the face of such attacks, businesses look to you for solutions.
According to a recent Sharp ESG survey, SMBs fear they have a significant security gap but believe MSPs can fill that gap (64%). Not surprisingly, 90% plan to engage an MSP for their security needs soon or in the near future.
And they have high expectations.
The ConnectWise 2024 State of SMB Cybersecurity report states that over two in five (42%) organizations believe MSPs should be held accountable for breaches, while 95% are likely to take legal action if an attack occurs (up from 61% in 2020).
How a Password Manager Is Key to Identifying (and Solving) Risks
A password manager, like LastPass, simplifies credential management from one central admin console, so you have insight and control over every access point.
Better password hygiene
Personalized password vaults with secure access
With a password manager, each user has access to a built-in password generator to easily and quickly create strong passwords.
In addition, each URL associated with login credentials is stored in an encrypted state.
To add another layer of security, you can enforce FIDO2 authentication, ensuring that every vault access request is verified through the strongest authentication method.
Security Dashboard
A Security Dashboard measures password hygiene and tracks how user passwords measure up to current security best practices. As users add passwords to their vaults, the passwords are automatically evaluated and given a Security Score.
A score of 80+ means the password is secure. To improve scores, at-risk passwords can be viewed centrally and changed.
Users are alerted when logging into sites with at-risk passwords. This proactive measure helps increase password hygiene and protects accounts from unauthorized access.
Security reports
As an MSP, you can get an overview of security statistics in the admin console. The Security Dashboard shows the average security and password strength scores for the companies you’re managing – and their progress over time.
Most importantly, you can get an overview of at-risk accounts with Security Reports.
You can then generate detailed reports of these accounts and see which users:
- are reusing their master passwords
- have security scores lower than 33%
- have more than five weak passwords
- have low iteration counts and are accessing shared folders, and more
These reports are essential in security audits of all password-related activities. They can help you highlight the risks your clients face, the security improvements they must make, and the corrective actions they must take after a breach.
Increased app visibility
Eradicating Shadow IT
Every instance of shadow IT increases the attack surface, especially if employees reuse corporate credentials. And just ONE compromised account can grant attackers access to others, putting your clients’ most sensitive data and trade secrets at risk.
With a password manager, you can set granular access controls based on job roles and Zero Trust least privilege principles. This means you can control the level of access given to your administrators to perform key tasks like adding users, setting policies, and managing groups.
With a centralized identity management platform, you get granular visibility into ALL applications and services used by your clients’ employees.
You can easily enforce acceptable use policies (AUP) and enhance your reputation as a trusted vendor in secure credential management.
Insight into compromised accounts
Breach monitoring
Protecting remote desk protocol (RDP) connections is critical to the security of the companies you manage.
Here’s why: RDP servers are a favorite target of attackers because they contain data that can be used for identity theft, financial fraud, and extortion schemes. This data includes login credentials to servers and workstations, trade secrets, intellectual property, customer details, and payment information.
With a password manager, employees of your clients can easily generate strong passwords for each RDP connection, reducing the risk of all credential-based attacks.
You can centralize oversight over the storage and management of all RDP credentials in each vault. Plus, breach monitoring system tracks for weak or compromised passwords 24/7, so you can fulfill client expectations for securing their most critical accounts.
Customizable user access
Security policies
You can make your managed company more secure with specific policies.
For example, you can configure a policy for the number of password iterations. As an MSP, you can increase the hash iteration value to be higher than our default value of 600,000 if desired.
You can enforce over 100 security policies, with the option of automating their enforcement – making credential management for multiple clients an easy, seamless experience.
Provisioning/deprovisioning users
What happens when employees leave an organization and take their login credentials with them?
You can combine password management with federated logins to the most popular directories to trigger deprovisioning actions when an employee leaves your client’s organization.
This allows you to revoke access to apps and services promptly, preventing continued unauthorized access and the possible exposure of sensitive corporate data.
Why MSPs Partner With LastPass
Secure, effortless, and efficient password management with LastPass
Encrypted vault, zero knowledge architecture
With LastPass, you get military grade AES-256 encryption for each vault. This is the same type of encryption used by federal agencies and the military.
Our Zero Knowledge security model also means that, while admins and super admins can initiate master password resets, they have ZERO ability to see original master passwords.
This ensures that no master password is ever exposed, allowing you to ensure the integrity of each vault associated with client accounts.
Centralized, multi-tenant admin console
With LastPass, you get a unified admin dashboard where you can configure granular, action-oriented controls across multiple clients.
From the dashboard, you can get actionable reports to see how users are performing and where improvements can be made. You can also track how individuals share corporate resources.
Most importantly, you get complete visibility into failed login attempts and the actions taken by users in response.
Customizable policies
LastPass was designed with your convenience and security in mind. In the admin dashboard, you can set policies (among others) to:
- Block TOR (Dark Web) access
- Restrict access by country or IP address
- Enable passwordless logins
- Allow super admins to access shared folders
- Prohibit logins from mobile devices, “denied” devices, or jailbroken phones
Because data exfiltration is a security risk, you can set a policy to prohibit users from exporting account data or sending Shared Folders to recipients outside your client’s organization.
The above isn’t by any means an exhaustive list: With LastPass, you have access to a powerful credential management solution that’s designed to elevate customer satisfaction while setting you apart as a trusted technology provider.
Dark Web Monitoring
Did you know that LastPass Dark Web Monitoring automatically detects new accounts added to vaults and monitors them 24/7 on the Dark Web?
If matches are found, users are alerted to logins with compromised passwords so they can act quickly to change their passwords.
As an MSP, you can set a policy that stops users from disabling Dark Web Monitoring altogether. This proactive approach helps you track potential security threats and protect client accounts.
LastPass Partner Program
LastPass is built for MSPs, with features like:
- Prorated billing to ensure you’re charged only for the seats you’re using
- Flexibility to add or remove clients in your Admin Console
- Central dashboard to view client accounts and security ratings
- Five free licenses under the Not for Resale Program
- Integrations with Professional Services Automation (PSA) providers
- World-class pre- and post-sale support, marketing resources, promotional campaigns, and in-depth product training to drive revenue
Make sure to register here so you don’t miss exciting updates coming your way that will transform how you Partner with LastPass. Stay tuned!
