Guest Column | January 5, 2023

MSPs: What To Do When It All Goes Wrong

By Eric Weast, ECW Network & IT Solutions


A growing number of MSPs offer a complete security technology stack of expertly-assembled solutions that combine to deliver airtight protection. But “offering” isn’t enough anymore. MSPs should require every client to purchase and implement that complete protection package before sticking their neck out. Going gentle on clients who are looking to save a buck on security sets the stage for harsh outcomes, and the fallout of data breaches or regulatory non-compliance can be reputationally, legally, and financially devastating to clients and their MSPs alike. MSPs: if you don’t currently enforce best practices and require a layered security stack you believe in across all your clients, my advice is to do it ASAP. It’s good business, yes, but it’s also absolutely necessary.

That said, here’s what to do if it’s already too late.

You’re In A Security Crisis Scenario. Keep Calm And Quell The Panic

Take this scenario: an MSP doesn’t have a standardized security stack it can automatically roll out and price as a package. It recommends security solutions to a client here and there but doesn’t chase or pressure the client to implement them, and initiatives stall out.

Then the client gets ransomware.

During a crisis, human nature naturally leans toward panic and laying blame. Client relations are suddenly in a strained position. No matter how you got here, the pressure is on you—the MSP—to deliver clear guarantees and get their operation back to normal. You must identify and recover from any business liabilities while keeping your client’s reputation as unscathed as possible. You also need to carefully document the incident for auditing purposes and adhere to best practices and compliance standards throughout this recovery.

Clients want immediate answers, but best practice procedures may delay accurate recovery estimates. Understand that this may be a very tense time with your client, as well as staff members in your own organization. You need to speak carefully and provide an accurate and professional plan that restores the client as efficiently as possible.

Remember that this high-stress situation can be traumatic for your employees as well. While sorting through these issues, behave as a leader and take care not to blame or berate your own team. Instead, remain calm and logical, and lead by example.

Provide Professionalism (And Seek It Out As Needed)

If you need support to deliver the practiced professional communication and actions your security scenario requires, engage with your cyber insurance company to guide your incident response and get some additional tools and resources in your corner. Your security software providers also can be a helpful source of professional assistance and recommendations; chances are they’ve seen another MSP go through something similar.

If this situation is new to you, don’t make the same mistake as your clients and assume you can navigate high-stakes security challenges with no experience or proven methodology. Enlist professional help, embrace the learning experience, and come away prepared to audit and harden your security strategy. For example, you might commission an internal pen test on your own MSP network and systems. Such a test might seem expensive, but nowhere near the cost of not handling this and future incidents correctly.

Determine The Thoughtful Holistic Security Stack You Need In Place For Next Time

The right security stack likely won’t provide your clients with a bargain, but it will provide layered enterprise-grade protections and effective regulatory compliance. It’s crucial to come out of a stressful security incident with the knowledge and drive to adopt best practices and plug any and all security gaps. For example, our security technology stack starts with BeachheadSecure’s cloud-based data encryption and access control, with which we can delete data and revoke access to at-risk devices remotely and prepare finely-tailored RiskResponder functionality in answer to emerging threats. We tap SentinelOne for effective endpoint security, alongside Huntress for threat detection and response. I recommend that MSPs follow our example by implementing as many as seven different agents on endpoints at a time (or more if you see fit), while also utilizing multi-level ransomware security, a DNS filter, and automatic hardware isolation tooling. Any solutions that simplify compliance in the industries you serve are good adds as well.

Protect Clients From Attackers, And Also From Security Scammers

While prudent security technology investments are my essential recommendation for MSPs and their clients, don’t allow the stress of an incident blind you to scammers on the security side of the equation.

For example, our MSP practice recently had a very weird experience in which a vendor told our client that they needed to comply with extremely high-level NIST/CMMC controls to process credit cards on their web system. If we hadn’t kept a cool head in the face of this request, we could have gone ahead with trying to sell the client on what would amount to a six-figure security investment. However, our knowledge of more practical approaches to meeting PCI standards told us the audit request was absolutely over the top. We requested a call, and the vendor quickly offered to convert the full-scale audit and compliance requirement into a phone interview instead. It smelled scammy, and I wouldn’t be surprised if this vendor also conveniently provides security services to sell the customer once they’re finished scaring the you-know-what out of them. Security is crucial, but if a vendor is telling your client that they need to turn their small business into Fort Knox (“or else…”), it’s good to serve as their expert MSP advisor and tell them when they’re being taken for a ride.

Deliver An Assured Recovery

Finally, it’s really important to understand that a single flawless incident recovery that takes three days is far, far better perceived than three failed restorations over the course of two days. In your recovery efforts, measure twice and cut once. Be methodical and coherent. As an MSP in the aftermath of an incident, you’re a professional with a network of other specialized security experts you can engage to help you out of this jam.

Sure, it might be a long time before the client refers to you as “My Good Friend, Eric” again. But if you keep your head, take communication seriously, recover without reputational or regulatory harm, and then require the full security stack you should have had in the first place, you have every chance to emerge from a bad situation even stronger.

About The Author

Eric Weast is the owner of ECW Network & IT Solutions, a South Florida-founded Managed Services Provider which has expanded its footprint over nearly two decades to service, secure, host, and support businesses in mature SMB and mid-market enterprise solutions throughout the country. ECW’s support staff is distributed across six different states within the U.S. and delivers 24x7 Cloud Hosting, Managed IT Support, and Managed Security Services.