Staying Ahead of the Attack: How MSPs Can Keep Their Customers Safe


Thought Leadership

Staying Ahead of the Attack: How MSPs Can Keep Their Customers Safe

Teresa Zwierzchowski

Small and mid-sized business (SMBs) are frequent targets of cyberattacks, including ransomware, phishing emails, malware, viruses, denial-of-service attacks, data breaches, and other threats that disrupt operations and cost money. A 2017 report from the Ponemon Institute found that 61 percent of responding SMBs had experienced a cyberattack and 54 percent suffered a data breach—and both numbers represented increases over the year before.

Why are SMBs such frequent targets? Because often, they are easy targets. SMBs may not have the knowledge or resources to efficiently run their IT, much less protect it from cyberattacks. This is where managed service providers (MSPs) can be a big help. MSPs bring the skill sets and the IT intelligence to not only reactively solve problems as they arise, but also proactively keep customers more secure before problems even develop.

You have the experience your clients seek, including in preventing cyberattacks. Here are some ways MSPs can keep their customers safe:

Thoroughly Assess Client Needs

Typically, SMBs don’t build their tech stacks from a single company or solution—over the years, they likely accumulate a hodgepodge of technologies that seamlessly or barely (or somewhere in-between) work together. Accounting for all these applications and the hardware they run on is vital to not only managing your client’s IT, but also protecting it. Your security strategy won’t mean anything if the client is still using a program that is inherently insecure, especially if you are not even directly responsible for managing that program. The technologies an SMB uses could all be unsafe unless the appropriate security measures and accompanying software, maintenance, oversight, and governance are implemented. Most concerning are mobile devices and BYOD; the client might not even have an accurate idea what its employees are using. A complete assessment of your client’s needs and weaknesses can yield the starting point for your cybersecurity strategy.

Install Outstanding Software

More than likely, improving a customer’s cybersecurity will require third-party software to boost the existing technology stack or whatever IT you add—after all, many “modern” solutions are still severely lacking in security measures. Not all cybersecurity solutions are created equal, so choose software that provides maximum protection as well as peace of mind that most incoming threats will be stopped, that the ones that do get through will be neutralized, and that the ones already existing in your client’s systems and data can be identified and removed.

Be a Partner, Not a Vendor

SMBs are trusting you not only with their survival, but also their profitability. A data breach or ransomware attack might not kill your clients, but it could affect their bottom line, which subsequently will reflect on your abilities and determine whether they keep contracting you and recommend you to others. With this in mind, be a partner in your clients’ success and not simply a vendor hired to perform a task. For cybersecurity, go above and beyond to protect your customers, and expediently and thoroughly resolve any IT problems that might arise.

Manage, Serve, Provide … and Teach

Even with all your due diligence, cybersecurity problems and other IT emergencies will occur, sometimes because of client error. Despite literally decades of warnings, people still are replying to phishing emails, unknowingly downloading ransomware, using “password” or “12345” as their passwords, or forgetting their unprotected smartphones at Starbucks. You can’t eliminate human error, but you can teach your clients’ employees how to be better users. Offer training to help customers shore up their internal cybersecurity, focusing on tips and policies for average front-line users as well as advanced skills for IT employees.

This educational strategy delivers two benefits. First, if the client is responsible for causing fewer IT problems, you won’t be devoting as many resources to fixing those problems, thus boosting your bottom line. Second, and perhaps most importantly, offering training shows you are willing to go the extra mile for your clients. Their security is ultimately your responsibility, and their smooth IT operations are ultimately your success.