It feels like every time you check the news, a new cyberattack has hit another business or city across the world. But a scary trend that’s starting to appear is the uptick in attacks against managed service providers (MSPs). The general public might see these as just another business dealing with an attack. You know better. MSPs hold the keys to multiple businesses’ networks, endpoints, backup data, and more. A cybercriminal attacks an MSP, and they hit the jackpot.
As cybercriminals set their sights on MSPs, it’s time for you to start looking within. What are you doing to keep YOUR infrastructure and systems secure? Are you prepared to handle a data breach or attack that could compromise your entire customer base? Unfortunately, not many MSPs are—but that doesn’t mean it’s too late. October is National Cybersecurity Awareness Month, and there’s no better time to face the monsters that creep around online. It’s time to protect your house.
What Does ‘Protect Your House’ Mean?
When we say, ‘Protect Your House,’ we’re saying that you need to ensure you have proper internal security controls in place in your business. This can be continual training to keep your staff up to date on the latest security procedures or using advanced security tools and solutions to fight attacks. This is all about stopping a cybercriminal from getting access to your information or your customers.
It’s the same way you would protect your home. You may install a doorbell camera to keep an eye on whoever approaches your door, or you get an alarm system to alert you and the police in case of a break-in.
Why Should MSPs Care?
If your MSP suffers an attack, it could mean the end of your business. Protecting your house is self-preservation. You’re responsible for more than just your networks and your information. The tools you use, like your remote monitoring and management (RMM) tool, are the keys to your customers’ infrastructures. If a criminal can hack your systems and get control of your RMM, they control your customers too.
Your reputation as a trusted MSP is at stake. Your customers leave and spread the word that you’re unable to provide proper security to their peers. When the dust settles, you could then face legal action for compromising your customers’ information. You have so much to lose that ignoring security is irresponsible as attacks on MSPs continue to grow in both size and severity.
What Can You Do to Be Prepared?
With all the news around MSP attacks and breaches, it’s easy to worry. Being aware of the threat and knowing that you need to protect yourself better is a great first step. It’s also important to be proactive about security because the worst time to write an incident response plan in during a security incident.
We’ve discovered that most MSPs are unprepared to handle a security event. How do you prepare yourself? By performing a security risk assessment. A risk assessment will help you pinpoint vulnerabilities across your business and networks. Using this information is instrumental in building a security strategy. Putting this strategy in practice will reinforce your defenses and get you better prepared for when, not if, an attack comes your way.
How Does This Impact Your Customers?
Protecting yourself demonstrates to your customers that you can tackle cybersecurity threats. To put it simply; you practice what you preach. As the old business expression goes, ‘Eat your own dog food.’ This means that you use the same solutions or services you sell to your customers inside your own company. If you expect a customer to pay for your security solutions, you should trust them enough to use them for yourself. Imagine you sit down with a small business owner to discuss a security strategy only for them to discover you don’t follow the same practice. That’s hard to explain.
What Does It Take to Grow Your Security Practice?
The good news is adding security is an evolution of what you have today. Your team is staffed with experts in endpoint management, network infrastructure, databases, and more IT solutions. The best way to grow your security team is having your experts learn the security needs of those areas. This helps you internally because they will be dealing with your systems as part of their daily routine and can start making security improvements from day one.
Security also needs to be a part of your company culture. We see a lot of MSPs that invest in security tools and processes, but don’t have a top-down approach to encouraging a culture of security. If the people at the top don't support the security efforts, it will put the brakes on any significant security progress. A company-wide understanding of security will keep your staff aware and alert of threats, keep your systems secure, and show the impact security has on your revenue growth.
Conclusion
As an MSP, you hold the keys to multiple businesses. Your best security solutions start from within by protecting YOUR systems and infrastructure. To help our partners protect their house, we’ve developed an exclusive course to educate them on the cybersecurity threat landscape for SMBs, the building blocks of a security program, the NIST Cybersecurity Framework, and more. Also, be sure to follow ConnectWise across social media (Facebook, LinkedIn, and Twitter) and stay tuned for more tips and advice throughout National Cybersecurity Awareness Month.
Our webinar, Cybersecurity: The Risk, Opportunity, and Challenge, details exciting opportunities, and many challenges, MSPs face as they begin building their cybersecurity offerings. If you only have a few minutes, hear what we have to say about protecting your house at the 16:20 mark of the webinar.
John Ford is CISO of ConnectWise. Read more ConnectWise guest blogs here.