It’s not something most MSPs think about, but it should be. Data breaches are an unfortunate reality of our life, and it is not a question of when not if it will happen next.

For MSPs, the question is whether it will be a breach of the MSP’s network or a customer. While it is easy to defend against cyber attacks, should an attacker get through the defenses the next steps you take can mean the difference between being a hero or being the cause of the problem.

There are far too many variables to cover in this article, but there are some best practices every MSP should be prepared to implement.

Data Breach Response Plan

The first step is to have a plan. Just like you have a plan for business continuity (hopefully) you should also have a plan in the event of a data breach. A data breach plan should consider both breaches internal to the MSP network and the customer network. It really won’t matter much after the breach happens, but having a plan to put into action is very important and will eliminate a lot of missteps during a crisis.


It’s what MSPs do for customers, so it shouldn’t be that hard to point that monitoring technology to the inside. Cybercriminals are targeting MSPs. This is a new reality we all have to face. MSPs need to be watching their perimeter as diligently as they watch their customers. Effective network monitoring will help prevent a data breach from happening, but should it occur, knowing about the breach is the next best thing.


Part of your data breach plan will be a communication strategy. Once the breach has occurred, you’re going to have to tell someone. This could be a lawyer (that’s probably your best and first call to make), your internal team, and possibly a customer (if it was an isolated attack).

A breach notification strategy is essential, not only because it is the right thing to do, but because it is required in most developed countries. All 50 states in the United States have data breach laws; the same is true with the European Union. The point is, much of the world now has a data breach notification law, so MSPs had better get used to the fact that this type of external communication is part of being in the managed services profession.

These are just the basics. There are more involved steps your MSP practice will need to take when a data breach happens. Being prepared is half the battle. Having a documented plan you can follow to simplify the process while all mayhem is breaking loose is essential for fulfilling your obligations and keeping your customers (and employees) calm.

MSPWorld will be holding a session on this topic. Register today to attend.

Tags : data breach,MSPWorld,Security

Post A Comment
YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.





Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.