How to Address the Unique Risk of Privileged Accounts

  

How many privileged accounts do you administer? If you don’t know the answer, that’s not good. But you probably do know, and it’s somewhere in the 2-5 range for every client that you have. Could be more, could be less. So what’s the problem with privileged accounts? They are the accounts that hackers love to target, and they are also the most difficult to secure. That makes for a bad combo.

Privileged Accounts = Targeted Accounts

The math here is pretty straightforward – privileged accounts are just as easy to phish or hack as any other account, but they have access to way more stuff. As in, stuff you can sell on the dark web, or goodness knows what else. Nothing good. In a survey of 250 hackers, privileged accounts were identified as the #1 method of choice for accessing critical data. Let that marinate a while.

Privileged Users = Still Human

Yup, it’s true. Human beings with fancy job titles are still human beings. They still make the same stupid mistakes, fall for the same scams, get phished by the same lures. The difference for you, the MSP, is the damage that is caused. And that means you have to work that much harder to lock down privileged accounts. Yet, 40% of companies do not have higher security protocols for privileged accounts.

Securing Privileged Accounts

There are several steps that can be layered on top or built into standard security practices, to augment security for privileged accounts. Consider the following options:

2FA/MFA
A fairly simple way to increase security is with an MFA service offering. The extra step required to authenticate the user makes it much more difficult for hackers to access critical information.

SSO
Single sign-on reduces the risks associated with passwords by reducing the amount of password sprawl on privileged accounts. A lot of bad password hygiene relates directly to forcing people to remember too many complex passwords. Exceed people’s capacity for memorizing passwords, and they’ll write them down, simple as that. SSO reduces the number of passwords needed to access key platforms.

Password Coaching
A lot of people make mistakes with password handling simply because they don’t know the risks. If you provide key people with the information they need to understand how hackers work, what they look for, and the amount of risk that the organization is currently facing as a result of their password habits, you will frame the conversation towards finding solutions.

Counter Objections
Do people complain when you want to implement MFA or other security layers? We recommend training your team prior to having this conversation to counter objections about “wasting time”, “don’t you trust me”, “inefficient workflows”, and all the other stuff you’ll probably hear.

Tools

Storing passwords in IT Glue and limiting access to key techs can reduce the footprint of the passwords to apps in which critical information is stored.

For your clients, MyGlue is an excellent way to improve password security. Reducing the need to email passwords, or use sticky notes, is a good starting point. IT Glue and MyGlue can both be secured with MFA and SSO, to add that extra layer of protection for privileged accounts. With MyGlue, your clients can create strong passwords, share them with the right teammates, without ever needing to see the password at all.

Because hackers gonna hack, and mistakes can happen, an extra layer of visibility can be quite powerful. ID Agent is one of a few dark web monitoring services, which can alert you when information from your clients shows up on the dark web. A more hands-on approach is to train your customers on detecting phishing attempts. ID Agent’s Bullphish ID is a system by which the individuals most likely to be targeted can receive education and practice at scam detection, to bolster the front line of defense.

If you’re curious to know more about how MyGlue can help you manage privileged accounts at client organizations more effectively, why not take a quick tour?

0 comments
5 views

Permalink