In a recent study, we learned that 74% of MSPs have suffered at least one cyberattack, and a lack of skills and resources have left them ill-prepared to deal with attacks—either on their clients or themselves. And even if they were prepared yesterday, today’s remote work environment has introduced new complexities. To continue in your role as a trusted advisor to your clients, you MUST become more well-versed in cybersecurity—particularly now as the secure perimeter you’ve maintained is dissolving and threat actors are increasing their activities. In addition to the security training we discussed in Chapter 2, MSPs must focus on processes and tools as well.
Much of cybersecurity protection has historically focused on defending the perimeter—ensuring that corporate devices had appropriate protection on them, preventing certain traffic from coming in or going outside the corporate firewall, and monitoring network traffic to identify anomalies. As employees are now working on their home networks, they are using personal machines that others are using as well, and maybe accessing files via email. MSPs need to examine the security measures they have in place—understanding which of these protections were reliant on the user and their data residing inside the corporate ‘perimeter’ and how to provide additional protection where needed.