For the past several years, we have heard nothing but the perils of cybersecurity attacks, and the mounting difficulty in preparing for and defending against such attacks. That type of sustained pressure can lead to desensitization, apathy, and burnout.  

But, in all seriousness, cybersecurity has never been more critical, and the stakes have never been higher. So, what is an MSP (Managed Service Provider) to do?  

The following recommendations may help you strike a balanced approach to your managed services practice by incorporating cybersecurity into your business model, without letting it dominate and turn you into something you are not. Let us get started.  

Cybersecurity in Reality 

Things are not great in the cybersecurity world. Attacks continue, threats persist, and the bad actors continue to evolve and refine their techniques to bypass all the excellent work we do. We all need to continue doing our part in helping cybersecurity defense, within our own homes and businesses.  

Cybersecurity was never meant to be a completely different business model for MSPs. It was meant to be an evolutionary step as MSPs continued their march towards professionalism. In the last several years, we have made considerable progress within the MSP community to advance awareness and knowledge concerning security issues (both internal MSP security and customer facing security). But let us all be aware that we can go too far, particularly when it comes to cybersecurity marketing, branding, and messaging.  

We may be reaching that point where everything an MSP does or says is related to security has a decreasing impact on the customer. What does this mean? The push towards security solutions within the MSP sector does not mean the previous functions of the MSP no longer matter. To the contrary, since the pandemic the role of the MSP has demonstrably been proven to be vital to countless businesses all over the world. Security just so happens to be one of those critical elements being offered. We cannot lose sight of the fact that MSPs have always been the trusted advisor to customers. Do not lose that which made you the trusted advisor in the first place.  

Beware of Security Messaging Overkill 

I have begun to see MSP websites which completely focus on the security elements of their practice, to the exclusion of and detriment to their practice. Now, this does not mean if you are truly a security focused MSP (MSSPs (Managed Security Services Providers) for those of you who really need that extra S) that you should not emphasize that fact. What I am talking about is most of the practicing MSPs who also have a managed security (different from security consulting) offering.  

The general practitioner MSP must offer security. This is an unprovocative statement. Many general practitioner customers desperately need security, and specifically managed security. But this need does not mean that all the other elements of their IT (Information Technology) management somehow ceased to exist. Nor does it mean that the customer no longer looks to the MSP for these “non-security” IT management services.  

Cyber Confusion 

Last, and something which we will be discussing at great length here, avoid cyber confusion brought about by your messaging. We are living in the middle of a great cyber age, where much of the world is slowly becoming more accustomed to security issues and prevention techniques. We have the MSP profession to thank for a lot of this work.  

But we also have a significant push from cybersecurity consultants, who may be intending well, are creating a lot of confusion in the market. What MSPs must acknowledge is the impact their messaging has on customers and how to differentiate themselves from cyber consulting firms who do not offer managed services, and yet, are doing an effective job in creating large market confusion and uncertainty.