What are your managed services clients receiving versus what they think they are getting? The difference may surprise you.
I’ve heard a few MSPs talk about “upgrading” their clients and the services they are receiving, particularly around security. I think this is a good thing, especially if your clients are behind in their cybersecurity preparedness. For MSPs who are particularly aware of those customers who have been resistant to improving their security posture, these types of conversations are beneficial and timely.
There are, however, MSPs who may have a group of clients who believe they are secure but are not. Why would a client think this? They mistakenly believe that working with an MSP means they are “covered” against any ransomware or cyberattacks that may hit them.
MSPs are Not Insurance Policies
I’ve said this before, but it is worth repeating that managed services (MSPs) are not substitutes for a cybersecurity insurance policy. What I mean, specifically, is that your MSP does not indemnify you against cyberattacks and cybercriminals. You (the customer) need to participate in your own survival.
Yes, the MSP can do a lot in protecting your organization and its IT resources, but the MSP does need your active participation in this fight and cannot do it alone. This is where the client and the MSP need to be of one mind and in close communication about strategy.
I hear many MSPs complain about clients who do not want to take even basic security protections. These decisions by clients sometimes are based on laziness; they don’t want to be burdened by implementing multi-factor authentication because it will take too long to open up an application. Others may reject fundamental cybersecurity and IT management best practices because they believe those functions are a) being delivered by the MSP and b), if they aren’t, the MSP is the backstop and will clean up the mess as part of their service agreement. Wrong!
Make Sure You and Your Client Are On the Same Page
This is why it is so essential for MSP and client to be in agreement and have ongoing communications about the relationship and what needs to be done. Because cybersecurity is changing so rapidly, MSPs need their clients’ active participation to be effective in guarding the customer against the threats they face, both known and unknown. MSPs cannot assume that the client understands something. Have the conversation, discuss the details, and make sure there is agreement on the significant issues.
Cybersecurity best practices are changing a lot right now. MSPs have a lot of responsibility to keep their clients updated and informed about the threats and protection measures available. One of the worst things you can have is a client that assumes everything is secured because the MSP is being paid each month.