The Department of Homeland Security (DHS) issued a warning that hackers were targeting MSPs and cloud services providers in an attempt to gain access to customers’ networks. The DHS warning was sufficiently vague that it could raise concern among MSP clients, who might not be aware of the work that you do in terms of security.
Document your controls and processes
It can be a challenge to explain cybersecurity to your clients, but warnings like this are precisely why it is important to have this conversation with them. Going into such a conversation, we have two key recommendations. The first is to bring documentation regarding your security processes and controls. At worst, your clients could use any doubt about your ability to secure their environments as a reason to defect to another MSP that is willing to provide such assurances.
By documenting your security practices, and your controls, you’ll be in a position to explain in detail how you are defending your clients against the possibility of cyberattacks. Remember, hackers are going to hack. It’s what they do. Your clients just want to know that a hacker trying to get at their data is going to get absolutely nowhere. Take this opportunity to show them the controls you have in place, both in terms of stack and internal processes. If you don’t already have this documentation, the current warning is an invitation to build it out.
The DHS specifically recommended that password policies be applied to managed services accounts. Passwords are of course one of the weakest links in cybersecurity, and hackers love to exploit people’s poor password hygiene. If you’re unsure of how your clients are managing their passwords, or unhappy with their current state of password management, our second recommendation (shameless plug) is to offer them the best password vault available – MyGlue. Team passwords are secure, never shared, and as the managed service provider, you can control the access. We are presently running a MyGlue promo that will allow you to deploy this password vault across your entire client base.
Certainly, nobody wants to hear that MSPs are being targeted specifically. But such warnings do highlight an opportunity for MSPs that have strong security practices to assure clients, and maybe even win new ones, by demonstrating strong security controls and a suite of security products that helps your clients cover all of their cybersecurity weak points. Hacking remains a crime of opportunity – remove that opportunity and both you and your clients can feel much more secure.
To learn more about IT Glue can enhance your security offering, sign up for a short demo.
IT Glue is the leading documentation application for MSPs, designed to eliminate waste, improve productivity and hit your SLAs better. We are SOC 2 compliant, meaning that you can count on the security of your information in IT Glue.