Managed Service Providers (MSPs) and their clients are growing numb to the ransomware threat, but that doesn't change the very real situation that remains. As you know, not only have ransomware attacks been rising year after year, but since remote work became a must, it continues to spike. No, this is not another ransomware article. This is about taking a security-first approach to data protection. Clients need to understand the importance of backup and disaster recovery (BDR) solutions, not as an optional extra cost, but as the backbone of their security infrastructure.
The number one cause of data loss is human error, and that's why BDR is critical. While ransomware risks are often ignored with an, 'it won't happen to me' mentality, accidental or malicious deletion is relatable for SMBs. With that said, it's all in the way MSPs – serving as their business continuity experts – position data protection to clients.
1. Establish and review best-in-class incident response policies and procedures.
Ideally, clients have a current cybersecurity playbook outlining organization-wide steps to protect, detect, communicate, respond, and recover from a cyber incident. A crisis communication manual, SOC2 certification requirements, and industry-specific compliance standards can also support the business continuity and disaster recovery (BCDR) conversation with clients. These guides put clients and their businesses in the hypothetical scenario that a cyber incident has just occurred.
What do they do now? How would they fare in a regulatory agency audit?
Identify holes in their incident response plan, manage expectations around current solutions – especially if there is not a comprehensive BCDR solution in place – and calculate the impact of insufficient data protection on cyber insurance rates, and their ability to gain coverage. Many times, clients just aren't aware of how important BCDR is until they're confronted with tough questions.
2. Launch an unannounced faux phishing campaign.
It's easy to be flippant about data protection when you've never been in a cybersecurity incident. Clients who believe their employees are well-trained on phishing attacks, data storage, access, and collaboration, and public Wi-Fi safety should welcome the opportunity to prove their team and response plan. Test the security of clients with a simulated phishing attack to reveal where training and incident response should be strengthened and updated.
There are a variety of no and low-cost phishing tools, open-source platforms, and demos available. Infosec IQ offers a free phishing risk test that automatically launches with results in 24 hours. Gophish, is a free open-source phishing platform with a simple campaign launch, and real-time results.
3. Protect yourself with a voluntary waiver of liability.
Regardless of how much you try to educate, inform, and push data protection on clients, if there is an option to opt-out, some will chose to. In the event that a client does forgo BCDR, and they experience a cybersecurity event where data is irretrievable, they will undoubtedly come to their MSP for answers. As an MSP, you risk losing the client and gaining a bad reputation within the channel, but now there are larger implications. New MSP regulations are shifting the blame for data loss from the business that lost data, to their MSP. Mandated MSP data loss reporting, and public record of cyber events, can compromise more than just one client, and destroy your competitive edge.
A voluntary waiver of liability is a non-legal document that you can ask a client to sign if they decide not to protect their data. The document acknowledges that the client has been informed about the risks of data loss, and your recommendation for BCDR, and is forgoing security regardless. Inform clients of the risk to your own MSP, and reference the waiver if a data loss event ever becomes contentious. Even though the waiver isn't legally binding, it can put future accusations of insufficient protection to bed. Additionally, many clients think twice about data protection after being confronted with the reality of accountability, should an event ever occur.
4. Offer BCDR that delivers.
A lot of MSPs suffer from vendor sprawl after trying to meet every disparate client need with a new solution. Axcient lets you protect everything – BCDR, Microsoft 365 and Google Workspace, and secure file sync and share – under one roof. Now with Direct-to-Cloud hardware-free BDR, MSPs can boost profits by standardizing and simplifying backup management with a single solution.
Maximize your tech's time and MSP resources with one BCDR product for endpoint backup, public or private cloud backup, turn-key, and hardware-free BDR. Equipped with AirGap, AutoVerify, Virtual Office, and chain-free backups, you can give clients the security, confidence, and peace of mind they need to keep business running.
See Axcient x360Recover yourself with a Free 14-Day Trial and one-on-one Product Demo.
Guest blog courtesy of Axcient. Read more guest blogs from Axcient here.