5 Ways for MSPs to Communicate with their Clients about Cyber Risks

Posted by Trevagh Stankard on Tue, Sep 21st, 2021

There are a number of reasons why an SMB would choose to partner with an MSP.  Many can’t justify paying for a fulltime internal IT professional with the needed skill sets.  Some recognize the value in leveraging the security and monitoring tools that an MSP can provide.  Another is guidance.  MSP clients welcome advice and direction when it comes to the management and operation of their networks.  When it comes to cybersecurity practices however, they need more than just advice.  They need a reality check. 

Many small businesses feel they are impervious to the attention of hackers due to their small size.  According to a 2017 study by The Ponemon Institute however, 43 percent of cyberattacks target small businesses.  According to a survey by AT&T, only 53% of companies with less than 50 employees place a high priority on cybersecurity, compared to two-thirds of larger ones.  This number is probably augmented for small businesses who lack a fulltime IT professional to provide constant reminders about proper cyber hygiene. 

As hackers turn increasingly to smaller, softer targets, SMBs need to focus hard on cyber-risk. Its important that MSPs fill this communicative void.  Not only will your expertise become appreciated over time, your clients will recognize the value of operating in a secure environment, void of costly disruptions from cyber incidents.  In addition, it helps your own bottom line since you won’t have to devote time to remediation and data restoration efforts.  Below we have outlined 5 steps that MSPs can take to communicate the importance of implementing cybersecurity best practices. 

Perform a Cybersecurity Audit

As any successful attorney knows, it is always best to show, don’t tell the story.  The best way to make clients aware of their vulnerable work practices is to put them in front of a mirror.  In this case, the mirror is a cybersecurity audit.  Some of the items to focus on for the audit include the following:

• Unsecure password practices
• Allocating local admin rights to standard users
• Outdated, non-compliant or unpatched software
• A lack of file auditing
• Over permissive access control lists and firewall policies
• Insufficient data security policies
• Insufficient remote work policies if applicable
• Insufficient disaster recovery and business continuity plans

While most MSPs implement some type of security audit for newly acquired customers, these audits should be implemented on some type of regular basis.  While performing an extensive audit every couple of years is fine for many businesses, organizations such as financial or legal institutions as well as healthcare organizations will require more frequent audits. 

Phishing Simulations

While phishing simulations can be a part of a cybersecurity audit, they serve as a great way to train your users to identify suspicious emails.  This is important as phishing attacks are still the most prominent delivery method for hackers to distribute ransomware and other malware as well as credential based attacks.   While it is true that a small percentage of users will click on anything, training and education will go a long way.

There are many excellent phishing test SaaS packages available today that allow you to craft simulated phishing attacks that leverage recent news and attack techniques.  Users that click on the designated link or attachment are then notified in addition to those monitoring the test.  Those users can then be directed to a short online tutorial to teach them how to avoid their mistake in the future.  Remember that the purpose of the simulation isn’t to create a gotcha moment, but to educate.

Newsletters

Every MSP already has access to their clients’ inboxes so why not take advantage of it?  Emailing a monthly newsletter is a great way to promote attention to cybersecurity as well as build a rapport with the employees of your clients.  You can alert them about the latest cybersecurity news and outline security tips that they can use every day.  The main objective is to provide value rather than blatant self-promotion as that is a surest way for users to simply ignore and delete them.  If you don’t have time to create a monthly newsletter, there are plenty of e-newsletter services that cater to MSPs and their clients.

Blogging and Social Media

There may be no better way to establish yourself as an authority on a given topic than writing and maintaining a blog.  Blogging is also a great way to get your name out in the community and serve as a constant resource to your customers.  If you don’t want to spend the time learning about WordPress, you can start out by establishing a presence on social media sharing weekly updates on LinkedIn or Facebook.

Live Seminars or Webinars

If you want to take your blog to the next level, you can become an active cybersecurity leader within your local area.  With all the attention cyberattacks get today, people are receptive to learn more about how to protect themselves while in a relaxed environment.  Many people can digest new information from a live presentation better than they can from reading an article online.  Besides serving as a way to promote your business, it also serves as a way to give back to your community by offering your expertise to those who don’t normally have access to a proven professional.  Some of the largest corporations in the country can vouch about the value of generating good will throughout their communities.

Read small business & TitanHQ case study

Conclusion

Communication has always been a cornerstone of business.  Those who can stay in front of their customers and create value for them will have a competitive advantage of their competitors.  These types of steps will also help solidify your business relationships which will improve your customer retention rate as well.

TitanHQ provides high-effective cybersecurity solutions for SMB’s, MSP's and Schools/Colleges. Talk to a TitanHQ security expert on your security issues and learn how we can protect your business. Contact us today.