Written by: Charles Weaver, CEO of MSPAlliance

As MSPs deal with millions of work from home users to support, it is about time we have a candid discussion about implementing positive cybersecurity and cyber hygiene amongst managed services customers. MSPs are expected to behave safely, and so should their clients. Neither can be safe if one is unsafe.

Service Agreements as Compliance Tools

There are many reasons MSPs should use service agreements in their practice. By now, it should be commonplace to see service agreements offered to clients wanting to engage the services of an MSP.

Beyond the obvious utility of defining price, the scope of the work, choice of law, and other helpful business decisions, a service agreement can be particularly useful in encouraging positive cyber hygiene on the part of the client. How would it do such a thing? Let’s examine how.

Cyber Hygiene Encouragement from MSPs

In the end, MSPs are trusted advisors to their clients, able only to make recommendations, but not able to enforce policy. As a matter of managed services professional best practices, we must rethink how MSPs and clients interact on the issue of cybersecurity.

The number of data breaches and cyberattacks is increasing; we all know this. We also know that the method of attacks is following a pattern. Cybercriminals like to use email phishing campaigns, exploit commonly used applications (specifically administrator accounts), and probe user accounts without multi-factor authentication turned on. MSPs understand these tactics all too well.

However, the issue is that many organizations do not fully appreciate the level of persistence and sophistication of these cyber attacks possess. When the MSP advises the client to take certain precautions, the MSP can only suggest, but really cannot force the issue. This is where the service agreement can come in handy, protecting the MSP and the client.

Managed Services Minimum Standard of Care

It is time MSPs begin enforcing a managed services minimum standard of care. Aside from providers who fall below this minimum level, the vast majority of MSPs understand how to deliver this type of service, but are unable to due to clients refusing to comply.

The refusal is not born out of obstinance or malicious intent, but rather a product of budget constraints, or general ignorance of the true nature of cyber threats facing the organization. MSPs have long begrudgingly modified their agreements to comply with client decisions, knowing full well that it leaves them vulnerable.

Today, we live in a time where MSPs must communicate to clients when a decision will leave the client unprotected and at risk. Even one client can put an entire MSP’s client base at risk if they are not employing safe cyber hygiene. Until we get to a point where most organizations implement these best practices, MSPs need to begin enforcing change through their service agreements by limiting services and disclaiming liability in situations where the client is unprotected. Taking such action will take time, but it will eventually lead to improvements across a vast number of organizations globally. All it takes is enough MSPs taking this approach, and there can be tremendous benefits.

Customers need to understand that MSPs are not indemnifying their data or their networks. If the clients realize that there could be real costs (not included in their managed services agreement), they might think twice before refusing that backup as a service, MFA, or other security offerings.

Tags : cybersecurity hygiene,MSPs,service agreements

Post A Comment
YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.






Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.