Written by: Charles Weaver, CEO of MSPAlliance
As MSPs deal with millions of work from home users to support, it is about time we have a candid discussion about implementing positive cybersecurity and cyber hygiene amongst managed services customers. MSPs are expected to behave safely, and so should their clients. Neither can be safe if one is unsafe.
Service Agreements as Compliance Tools
There are many reasons MSPs should use service agreements in their practice. By now, it should be commonplace to see service agreements offered to clients wanting to engage the services of an MSP.
Beyond the obvious utility of defining price, the scope of the work, choice of law, and other helpful business decisions, a service agreement can be particularly useful in encouraging positive cyber hygiene on the part of the client. How would it do such a thing? Let's examine how.
Cyber Hygiene Encouragement from MSPs
In the end, MSPs are trusted advisors to their clients, able only to make recommendations, but not able to enforce policy. As a matter of managed services professional best practices, we must rethink how MSPs and clients interact on the issue of cybersecurity.
The number of data breaches and cyberattacks is increasing; we all know this. We also know that the method of attacks is following a pattern. Cybercriminals like to use email phishing campaigns, exploit commonly used applications (specifically administrator accounts), and probe user accounts without multi-factor authentication turned on. MSPs understand these tactics all too well.
However, the issue is that many organizations do not fully appreciate the level of persistence and sophistication of these cyber attacks possess. When the MSP advises the client to take certain precautions, the MSP can only suggest, but really cannot force the issue. This is where the service agreement can come in handy, protecting the MSP and the client.

