It wasn’t that long ago that medical doctors learned about the virtues of washing their hands before performing surgery. Over time, this new practice became common, and the idea of not washing your hands was inconceivable.

The same analogy is valid for MSPs. There are many habits and practices employed by MSPs 15 years ago that we would never conceive of doing today (like storing your passwords in a spreadsheet). Even if you are not practicing managed security, there are many best practices all MSPs should be using in their everyday service delivery. Here are just a few of those good cyber hygiene practices.

Risk Assessments

Many MSPs generate a lot of project business doing risk assessment work for customers. All MSPs should be performing those same risk assessment services internally. Risk assessments are essential for a) understanding where threats are likely to attack, and b) identifying any breaches before they get too bad.

Remember, data breach notification is now the law of the land in the United States, Canada, and Europe.

Tighten your Service Contracts and Insurance

Just having that service agreement template you got ten years ago from a conference and the same old errors and omissions policy from the broker who sold you your car insurance is not enough. MSPs need updated agreements that reflect the unique risk of your business model. MSPs also need the right insurance, including policies which cover cyber breaches.

In a perfect world, your services agreements should work collaboratively with your cyber insurance to provide your MSP practice and your customers with the right type of risk mitigation and assurance.

End Sloppy Service Delivery

I remember at one MSPWorld many years ago an MSP saying they did not use contracts, and instead relied on a handshake. While that sentiment is admirable, it is not advisable.

Similarly, MSPs who go beyond the terms of a service agreement and perform services for customers who are not authorized by the MSP can end up being costly mistakes. Going beyond what is articulated in your service agreement could result in your MSP business, taking on a lot of unnecessary and unplanned risk.

MSPs with highly articulated service catalogs are less likely to engage in services which fall outside the service agreement.


There are many ways you can improve and secure your MSP practice. Investigate all of those methods and begin today. Good cyber hygiene is not a wish list; it is imperative that all MSPs should follow. And, if you don’t practice it, your customers will find an MSP who does.

Tags : cyber hygiene,managed services,MSPs

Post A Comment

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

    Contact us


    100 Europa Drive, Suite 569 | Chapel Hill, NC 27517




    Sign Up For Our Newsletter

    By submitting this form, you are consenting to receive marketing emails from: MSPAlliance, 100 Europa Drive, Chapel Hill, NC, 27517, You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact