To solidify business continuity, IT Teams, IT Steering Committees, and their MSPs should embrace two durable and future-proof access credentials best practices.
Access credentials AKA “email addresses and passwords” are the proverbial combinations for each master lock protecting every endpoint in your IT infrastructure: hardware, software, applications, and anything with an IP address that’s integrated with the corporate network.
- Do you have a comprehensive inventory of your administrative access credentials?
- Do you know where these administrative access details are stored?
- Does more than one trusted custodian have access to these critical codes?
- Do you want greater freedom to audit your systems?
If you’re familiar with the rationale for writing a will – storing it in a safe place, making backup copies in different formats, and assigning primary, secondary, and tertiary executors/beneficiaries/representatives with power of attorney – you’ll appreciate this business case for taking a strategic approach to managing administrative access credentials.
Learn More: Credential Management
#1 – Take Inventory of Access Credentials
Taking inventory of your access credentials is step one. Select members of your IT team and MSP need this information for several reasons:
- Day-to-day administration
- Activating new services
- Cybersecurity insurance application questionnaires
- Compliance initiatives
- Technical assessments from third parties
- Onboarding new IT personnel in oversight roles
The Highest Priority Access Credentials
While our default recommendation is unsurprisingly strict: store all access credentials for your entire digital estate in one place, the following four categories are your highest priority.
- Firewall Administrator (Controls the gates to the castle.)
- Domain Administrator (Holds the local master key to every device on the network.)
- Global Administrator (M365, SharePoint, OneDrive, and Google Workspace)
- Backup Solutions (The local hardware, software, and cloud services that back up your data. Local host passwords apply to physical servers and virtual machines (VMs) on the physical server.)
Learn More: Microsoft Global Administrator
The Second Highest Priority Access Credentials
The following credentials and the last exhibit are significant, but less so than the four biggies mentioned above.
- DNS and domain registrars for your website(s)
- Wi-Fi devices
- Line of Business Applications
- Printers, printer support
- Email systems
- Network diagrams (A graphical depiction of your network loved by IT enthusiasts and largely overlooked by IT users and administrators. When you switch MSPs, the new provider usually prefers to create an updated diagram versus taking the word of another MSP.)
If someone on your IT team, IT Steering Committee, or MSP needs access to anything on the list from DNS to email platforms, but doesn’t have credentials, an IT specialist can “jailbreak” their way into these systems.
However, this workaround is only recommended as a last recourse. It’s far from ideal.
#2 – Lock Down and Share Access Credentials with Your Inner Circle
That’s why we advocate compiling a comprehensive list of administrative access credentials and locking them down in a vault AKA a password manager like 1Password.
This access credential management best practice helps you avoid any single points of failure. So, you’re all set for worst-case scenarios.
The Show Must Go On
When a few people at your company and your MSP have controlled access, the show will go on, with no ands, ifs, buts, or regrets if:
- Your IT director ends up in the ICU and he’s the only one with administrative access credentials. Unfortunately, this is a recent example from real life.
- You want to get a second opinion on the cybersecurity fitness of your network but worry you may upset your current IT provider.
- Your MSP gets hit and locked down with ransomware or goes out of business.
- Your cyber insurance or cyber liability insurance policies are up for renewal, and you can’t get access to key system details to complete the policy renewal questionnaire.
- A new employee joins your company and doesn’t have visibility into critical service details to work with your MSP and partner on service updates that require dual administrative access.
- There’s a fire, flood, emergency, or another worldwide health scare.
Your Agile Business Continuity Journey
The most advanced IT environments are vulnerable if IT teams and their MSP partners don’t have a resilient and repeatable plan A, B, C, and D.
If you have a few sets of car keys, extra batteries for your garage door opener, and a short list of medical specialists on the radar (because your current roster is nearing retirement), you’re ready to take the same approach with your IT systems.
Adopt this mindset and you’ll never be held hostage.
Please schedule a discovery session to learn more about access credentials best practices, and more.