Over the years, the MSP business has evolved, but in most cases, it was still relatively “formulaic.” For example, there was a process and a protocol for ferreting out security issues, that stayed pretty much the same from MSP to MSP. Unfortunately, this led to several recurring cybersecurity mistakes from many service providers.
Fast forward to April 2021, and today when I talk to MSP owners and marketing staff, I get a sense that the world is still scrambled in the wake of ongoing events in the last year. Because of this, many MSPs are simply trying to find their footing, are going in different directions, and are trying other things (which can lead to incredible innovation and some dead-ends).
How to avoid common cybersecurity mistakes in 2021
There are five areas where MSPs need to pay particular attention to avoid making common missteps, that are particularly relevant in 2021:
- Do your “home work”
Legions of workers are still working from remote networks with more holes than a moth-eaten sweater. Work-from-home is still causing cybersecurity mistakes, and MSPs need to take it upon themselves to ensure that home and remote environments are safe.
I recently interviewed an MSP owner, who understandably did not wish to be named, who said one of his clients in manufacturing had some patents stolen by hackers. The company and the MSP conducted a forensics analysis after the theft. It was discovered that a company vice president was using a personal laptop to conduct company business on a public Wi-Fi network in a fast food restaurant. They were able to trace the theft to that work session. That incident illustrates several potential vulnerabilities.
“If the MSP doesn’t have the resources, or it’s not reasonable to send someone to each site, they should at the very least have remote sessions with workers, and conduct assessments from afar, of their home networks,” says Trent Moore, a cybersecurity consultant in Austin.
You can’t monitor each employee’s every move outside the confines of the corporate campus. But, you can still have strict protocols and policies in place with robust behavioral management techniques (i.e., incentives like a big dangling carrot and an unpleasant stick). If an employee knows there will be real consequences for sloppy cyber-hygiene, they might think twice about using the public Wi-Fi at Taco Bell.
- Check your own “home”
A chef can prepare superb meals for others, both colorful and flavorful, and then fix themselves a bowl of cold, sloppy oatmeal. Likewise, an MSP can put the best security measures in place for its customers but then serve themselves “slop” for cybersecurity. But if the chef eats cold oatmeal, that only impacts one-person, an MSP that serves cold cybersecurity oatmeal to itself could create vulnerabilities each and every one of their clients.
“You’d be surprised how many MSPs don’t apply the same security standards to themselves as they do for their clients. This could be because they are overworked, or they just don’t think to secure themselves. Still, over the past year, we all seen what can happen when MSPs don’t secure their own systems,” adds Moore.
Moore recommends MSPs regularly police their own systems and, more importantly, hold twice a year audits to check for cybersecurity mistakes. These audits should ensure proper patching regimens are being followed and that passwords are being regularly changed.
- Talk to others
Cybersecurity is increasingly a broad view proposition. If you are only seeing a few pieces, you’ll miss the big picture.
“Talk to other MSPs regularly, join trade associations, and sign up for alerts,” advises Moore. “It’s quite eye-opening how just talking to others in the industry can you connect the dots concerning emerging security trends.”
This is especially true in 2021, Moore says, when everyone is still scattered and “connecting the dots” can be difficult.
One MSP in Rhode Island was experiencing security issues that they were stumped about. Still, when they talked to others, they were able to trace the problem to a common vendor.
“Yes, they are your competition, but ideally, we are all in this together to serve the customer,” asserts Moore, who also recommends monthly MSP virtual potlucks. “Set up a Zoom call over lunch, and start networking.”
- Vet your vendors
Speaking of vendors, make sure the cybersecurity software solutions you are selecting are available from reliable partners with proven track records. Moore says the reality is that you can only be in charge of yourself. Even then, you can make mistakes, so there’s no way to be 100 percent confident that any vendor is entirely safe.
Next, work with reputable, certified software that receives good word-of-mouth vetting. The issue of vendor security looms large in 2021 because all it takes is one link in the chain to not be practicing cybersecurity best practices, to cause significant problems.
- Soft-sell the importance of cybersecurity
The statistics bear out that every dollar spent on preventive cybersecurity can save 10 dollars in lost revenue from a breach, reputational damage, or worse. Hackers will inflict over $6 trillion in damages this year, according to projections. It is far less expensive to prevent a problem than to clean one up. MSPs need to make the case to clients that spending more on cybersecurity is a vital move.
“There is still an incredible number of business owners who have the attitude that if a cybersecurity incident hasn’t happened so far, so why spend money on it?” Moore says. MSPs need to make the case to clients that in the when it comes to cybersecurity, more is less. This means that spending more on cybersecurity will cost everyone less in the long run.
Continue guarding against cyberattacks
In 2021, I have seen a lot of SMBs that have had to reallocate resources to other more “important” areas. One SMB in Columbus, Ohio, that I recently visited had brought back workers to their campus. They had spent $200,000 on lunchroom upgrades that allowed for easier social distancing and things like touchless coffee machines and individually bagged lunches.
Yet, when pressed, the CEO told me that they had actually trimmed their cybersecurity budget back for 2021. Not that lunch or social distancing isn’t essential, but if a client is not spending on cybersecurity, the hackers will eat their lunch.
Photo: Igor Nikushin / Shutterstock
