Lack of Security Awareness Leaving You Open to Liability?
Your MSP has a special risk factor that doesn’t apply to many other businesses: the number of connections you have with other organizations. Is this factor putting you at risk?
Threat actors are everywhere. Unfortunately, these bad apples have been putting IT and financial managed services providers in their crosshairs at an alarming rate, as cybercriminals decipher that they can reach multiple organizations with a single hack. Your clients are looking to you for expertise in the realm of cybersecurity, making it vital that you’re fully prepared in the event of an attack. It’s also important that you provide ongoing education both to your staff — and to your clients. See how you could be opening your organization up to greater risk if you or one of your clients is the victim of an attack.
Whose Fault Is the Breach?
It’s human nature. When there’s an issue inside an organization — especially a high-level threat such as a cyberattack that impacts customers — the initial response once the threat is under control is to point fingers and attempt to determine fault for the breach. This is particularly true when you consider a breach or significant outage could cost hundreds of thousands or even millions of dollars to fully remediate. When you’re working with clients, it’s vital for the protection of your business that you ensure you have the best possible security solutions in place and can document that you performed due diligence on any weak points. Your clients will be looking to you for guidance and recommendations during a hectic time, and your staff must be fully ready to head off an attack.
Have Action Plans in Place
Just like your clients, your MSP should have a robust and fully-featured disaster recovery/business continuity plan in place. Even if there is a breakdown in a portion of the plan, having the plan and ensuring that it’s updated regularly help you defend against any litigation that attempts to paint your organization in a poor light. It’s not unusual for an organization to panic and immediately turn to their MSP provider thinking “You should have prevented this attack!”. In reality, IT professionals know that not all attacks can be prevented — or even anticipated — but there should be significant thought put into action plans that address potential weaknesses.
No One is Immune to Cyberattacks
Perhaps one of the most important messages that you can share with your clients is that no one is truly immune or fully protected from cyberattacks. A selling point for your organization should be that you provide active monitoring — so when an attack occurs, remediation can begin immediately. Educating your clients about security best-practices, equipping them with the tools and functionality they need to protect their business assets and scheduling regular business reviews where you document security recommendations help reinforce the importance of the security message you share with your clients. Even if clients decline to follow your recommendations, it doesn’t hurt to leave security recommendations in your proposal with a note that the client “declined” to take action at this time. That shows that you’ve been proactive in sharing the latest security measures, even if they were not ultimately acted upon.
