It doesn’t take a huge leap for MSPs to empathize with their clients comes to matters of cyber resilience. Cybercrooks also target you, and you face triple the exposure of most of your clients at that. Here’s why:
- You’re just like everyone else. You need to protect your business from cyber crooks, just like any other business. Sure, you have all kinds of high-demand skills and tools at your disposal and could be better equipped to fight off cyberattacks than most companies. But that doesn’t scare off the bad guys. On the one hand, many get their kicks from cracking so-called harder targets. And on the other, the nature of your business makes your MSP a particularly high-value target as well.
- You offer a one-to-many attack vector. One of the big reasons MSPs are targets is that their infrastructure can be used to attack many companies simultaneously. That’s why one of last year’s biggest cyberattacks was based on MSP compromise and why attacks on MSPs are widely recognized have long been on a meteoric rise.
- A successful attack on your MSP can cause serious reputational harm. Your MSP’s entire value proposition is based on outsourcing functions your SMB clients can’t manage directly. It’s a trust-based relationship. It nearly goes without saying, then, that suffering a successful cyberattack—especially one that leads to client compromise—is a destabilizing event on the customer reputation front.
In other words, in addition to immediate costs incurred, cyberattacks create future revenue risk for MSPs disproportionate to most other business models. And within the MSP realm, that’s even more so when it comes to MSPs that provide managed security services.
“Official” Recommended Steps for Protecting Your MSP and Your Clients
An alert from the United States Secret Service based on increases in ransomware deployments, email system compromises and point-of-sale (POS) compromises on multiple businesses via breaches of MSPs outlined the following recommended steps:
- Have well-defined service level agreements (SLAs)
- Ensure remote administration tools are patched and up to date
- Enforce least privilege for access to resources
- Have well-defined security controls that comply with end-user regulatory compliance
- Perform annual data audits
- Take into consideration local, state and federal data compliance standards
- Proactively conduct cyber training and education programs for employees
Further Steps
You can do more. One way is to partner with a cyber resilience provider with a proven track record of protecting MSPs and their customers. We often point out here at Resilience Hub that your provider needs to take care of your company as much as it takes care of your customers. The importance of that distinction is never more apparent than when it comes to the potential consequences of an MSP attack. Just like your clients, you need to minimize exposure and be able to deal promptly with one if an attack gets past your defenses.
It’s also essential to take advantage of the same tools you advise your clients to use. It’s much easier to get your clients to take the proper steps to protect themselves when you’re not just talking the talk but walking the walk.