This snippet of a press release was published by the Department of Justice on December 20, 2018:

“The APT10 Group obtained unauthorized access to the computers of an MSP that has offices in the Southern District of New York, and compromised the data of that MSP and select clients involved in; banking and finance, telecommunications and consumer electronics, medical equipment, packaging, manufacturing, consulting, healthcare, biotechnology, automotive, oil and gas exploration, and mining.”

This report from the DOJ about the hack of an MSP was enough to send shivers down our spines. There are tens of thousands of businesses across the country that rely on our services, and those customers have the same access to these news articles as we do. Whether we’re dealing with new or potential clients, we need to address the elephant in the room: MSP providers are being maliciously targeted by big-time hackers.

So, where does that leave your business? Does this change how you interact with your clients?

 

What’s the Big Deal?

As an industry, we know better than anyone else that anyone at any time is potentially a target for an attack from hackers. The difference now is that instead of MSPs being lost in a sea of other potential victims, we, as a group, have a bullseye on our back.

If you think about it logically, it makes a lot of sense. Why rob an individual when you can rob the whole bank? Hackers know that if they go after an unsuspecting and underprepared MSP, they could potentially have access to dozens, hundreds, or even thousands of their clients’ personal data files. It’s safe to say that as an industry, we should be on red alert.

 

Get Out Ahead of It

In a perfect world, these hacks would be an industry secret of a rare event — well, actually, in a perfect world it wouldn’t be an issue at all. But since things don’t seem to be getting any better, you must address this issue with current and potential clients before they bring it up to you. The truth of the matter is that you need to be proactive about it. When you address it in an unsolicited way, you show your clients that you have given the subject a lot of forethought.

 

Don’t Undersell the Problem

We may not like what’s happening but we can’t stick our heads in the sand either. One of the biggest issues that is coming to a head involves liability. Having a breach and losing data is enough to cause a headache, with a loss of productivity and the expense involved in rectifying the situation. But having a client approach you for reimbursement because they’ve been breached is a problem none of us wants to deal with.

What we’re seeing now is much more dangerous and damaging than is was in the past. We live in a world where the newest currency isn’t Bitcoin — it’s information. Hacked databases with personal, financial and medical information on millions of individuals is bought and sold every day on the Dark Web. This can be a major liability if it’s found that the company responsible for protecting that information didn’t take the proper precautions.

 

Perception Is Everything

Put yourself in the shoes of your clients: Imagine that they are watching the news and hearing about another MSP that was hacked and another group of companies are in a jam because of it. Then imagine that person hearing this news while looking over the last invoice you sent them. What do you think is running through their heads? They’re probably wondering what exactly you’re doing differently to protect them.

Even if you are doing a bang-up job of taking every precaution and working around the clock to address potential issues, you need to make your customers aware of it. A recent survey shows that 93% of all small and medium-sized businesses polled would leave their current MSP if another one approached them with what seemed like a better solution, regardless of the reality. That last line should scare you: regardless of the reality.

 

Set Your Scanners

Given all this, you still may not want to call your clients and scare them with the news directly. Try to find an opportunity to get in touch. One option may be to do a Dark Web scan to see if any of their data or passwords have been leaked and are up for sale. Regardless of whether you find anything or not, making that phone call allows you to look like you’re on top of things and are the sort of MSP they want to continue to work with.

If you don’t know how to do a Dark Web Scan or aren’t in a position to do so, we have a recommendation for you. Our vendor for Dark Web Scans, ID Agent, would be more than happy to walk you through the process. In fact we even have a deal with them right now for our Premium Marketing Members. Contact sales@CharTec.net if you’re interested.

 

Bottom Line

Besides these pesky hackers, no one is happy about the current situation. The silver lining may be that knowing that a lion is on the prowl often brings out the best in the antelope. Many MSPs are finding that working to protect themselves against this threat, they end up providing a better service to their customers overall. And that’s good for everyone.

While it may not be the most comfortable thing to talk about with clients, you really should address this sooner rather than later. If you keep ignoring the elephant in the room, he’ll eventually trample you.