It wasn’t that long ago that medical doctors learned about the virtues of washing their hands before performing surgery. Over time, this new practice became common, and the idea of not washing your hands was inconceivable.
The same analogy is valid for MSPs. There are many habits and practices employed by MSPs 15 years ago that we would never conceive of doing today (like storing your passwords in a spreadsheet). Even if you are not practicing managed security, there are many best practices all MSPs should be using in their everyday service delivery. Here are just a few of those good cyber hygiene practices.
Many MSPs generate a lot of project business doing risk assessment work for customers. All MSPs should be performing those same risk assessment services internally. Risk assessments are essential for a) understanding where threats are likely to attack, and b) identifying any breaches before they get too bad.
Remember, data breach notification is now the law of the land in the United States, Canada, and Europe.
Tighten your Service Contracts and Insurance
Just having that service agreement template you got ten years ago from a conference and the same old errors and omissions policy from the broker who sold you your car insurance is not enough. MSPs need updated agreements that reflect the unique risk of your business model. MSPs also need the right insurance, including policies which cover cyber breaches.
In a perfect world, your services agreements should work collaboratively with your cyber insurance to provide your MSP practice and your customers with the right type of risk mitigation and assurance.
End Sloppy Service Delivery
I remember at one MSPWorld many years ago an MSP saying they did not use contracts, and instead relied on a handshake. While that sentiment is admirable, it is not advisable.
Similarly, MSPs who go beyond the terms of a service agreement and perform services for customers who are not authorized by the MSP can end up being costly mistakes. Going beyond what is articulated in your service agreement could result in your MSP business, taking on a lot of unnecessary and unplanned risk.
MSPs with highly articulated service catalogs are less likely to engage in services which fall outside the service agreement.
There are many ways you can improve and secure your MSP practice. Investigate all of those methods and begin today. Good cyber hygiene is not a wish list; it is imperative that all MSPs should follow. And, if you don’t practice it, your customers will find an MSP who does.