Ask an MSP Expert

Q: There have been a lot of cybersecurity attacks in the news lately, especially the Equifax breach. How can I use these scenarios as teachable moments for my SMB customers without scaring them?

In the past few years, cyber crime has increased dramatically, and it isn’t a matter of if you’ll be the victim of a cyber attack, but rather when. It’s estimated that by 2021, cybercrime damages will cost $6 trillion annually—so it’s more important than ever to educate your SMB customers about and protect them from today’s sophisticated threats.

To help you educate your SMB customers, we talked to a few of your MSP peers and Chris Crellin, the senior director of product management at Barracuda MSP and gained some unique insight.

4 things you need to teach your SMBs about cyber security

It’s no secret; cyber-attacks have become more rampant in the past year. WannaCry, NotPetya, and the Equifax breach have dominated recent headlines, showing that a large-scale attack can happen at any time. Here are four things your SMB customers need to know to shield them from the next attack.

 1. Attacks will happen no matter how big or small your company is

Unfortunately, it isn’t a matter of if an attack will happen—it’s when. Regardless of how big your business is or what systems you have in place, you can still be susceptible to a breach, shares one MSP.

One way to educate your customers about attacks is to use your quarterly update to highlight how a certain breach or cyber attack applies to them, explains Chris Crellin. In the case of WannaCry, for example, are all their systems up-to-date and patched? How can your MSP solve this problem for them moving forward? When you have the conversation, point them to the most recent breach, show them they aren’t immune, and explain what steps you can take to proactively protect them from falling victim to a similar attack.

2. Threats are evolving, so you need to evolve with them

Anti-virus software, spam filters, and basic firewalls simply aren’t enough to guard against today’s sophisticated threats. Educate your customers about what technical safeguards need to be put in place to successfully protect them against today’s threats, Crellin advises.

Eric Wakkuri from DS Tech Inc says the recent breaches have put customers on alert about their personal and business security, and this “presents an opportunity to focus on 24/7 monitoring, two-factor authentications, and dark web monitoring.” More than ever, these breaches give your MSP the opportunity to dive deeper into the different security offerings you can provide for them.


For example, one of the things users often forget is the dangers of phishing attacks and how easy it is to fall victim to them, Crellin explains. “These days, phishing attacks look so realistic that it’s often hard to tell the difference between a legitimate email and a spoof,” he says. “Just last week, I came across an Apple scam that asked me to put in my Apple credentials and rerouted me to add in my bank information. While I did not fall victim to this attack, others might not have been so lucky.” To safeguard against believable attacks, such as this, businesses need to adopt a higher level of security products and services.

3. A layered approach is key to protecting your data

Chris Cable of Techworks Consulting says that when it comes to security, you can never have enough and you should always take a layered approach. Security should not be optional anymore, and as an MSP, you should start—if you haven’t already—offering security services as part of your managed services bundle. To effectively protect and recover from an attack, Crellin says every SMB should have a disaster recovery plan in place, a solid backup plan, and solutions to help mitigate an attack.

One of the best ways to protect your SMB customers is to put a next-generation firewall in place and make sure your email security is more than just a spam filter, Crellin explains. You want to secure every threat vector you can. Think of it this way: You wouldn’t just leave your car unlocked; if you do someone can easily get right in. If you lock your car, though, the individual might move on to the next car or have a more difficult time getting into yours. Using technical safeguards can help prevent users from being exposed to a variety of attacks, so take extra precautions, such as encryption, to secure users’ data.

While you want to ensure that customers’ networks are safe, you also want to cover their physical vectors as well, such as entry key cards. While we often think of hackers stealing data in a virtual sense, be aware of how they can steal data physically as well.

4. Real-time monitoring can help prevent an attack from being successful

The sooner an attack is detected, the easier it is to protect data. For example, if someone was copying files over the network and you’re monitoring it in real-time, you can immediately stop the network connection and mitigate the attack. If you only look at it once a month, you won’t be as effective, Crellin says.

Where you can, encourage customers to pick a bundle that includes having you monitor their network in real-time, Crellin advises. If you don’t currently offer this service, partner with another company that does. Often, attackers are working on the back-end of a network for an extended length of time before they can get in. The sooner this is detected, the safer your customer’s data and your MSP’s reputation will be.

While it might be convenient to wait until a customer’s next quarterly review to talk to them about cyber security, now is the best time to start the conversation. By following Chris Crellin’s advice, you can explain the importance of adopting a multi-layered approach to security. After all, there’s no guarantee that your SMB customers will be safe from the next attack.


Photo: / Shutterstock. 

Lauren Beliveau

Posted by Lauren Beliveau

Lauren is a Senior Content Marketing Specialist at Barracuda MSP. In this position, she creates and develops content that helps managed service providers grow their business. She also regularly writes The MSP’s Bookshelf and our Ask an MSP Expert column.

Leave a reply

Your email address will not be published. Required fields are marked *