In recent years, trust in general online security has taken a significant hit. Many high-visibility hacks and data leaks have led people (quite sensibly) to fear for the safety of their information. And while this inevitably presents great opportunity for managed service providers (MSPs) that can prove their value and consistency, it also ensures that the conditions are more challenging.
After all, your work as an MSP will be judged not only by the security you achieve for your customers but also by your internal security. Would you trust an interior decorator with a filthy house? No – either they lack the skills they claim to possess, or they don’t care to use them for their environment, suggesting that they don’t see their field as vital. It simply doesn’t look good.
Regardless of the quality of your work in general, it’s entirely possible that just one simple hack could completely destroy the trust your customers have in you, forever damaging your brand image. Seem dramatic? Allow me to elaborate.
It raises questions about the rest of your work
If you identify a weak link in a chain, it forces to you to wonder if the rest of the chain is as strong as it appears on the surface. The same is true for your service. If evidence comes to light that just one facet of your system has been compromised by a basic hack, it will call the entire thing into question.
As an MSP, you’ll likely provide a wide range of services to your average customer: maintaining and updating systems, taking preventative measures, providing advice, and responding to urgent support tickets. Should a hacker enter your records and retrieve some customer data, it would lead to all of your customers having genuine concern about your quality in general.
They’d then not only be warier about everything else you did, but they’d also demand more reassurance if they continued to work with you. They’d no longer be willing to give you the benefit of the doubt, so even if you resolved the underlying flaw and continued to provide a faultless service otherwise, their skepticism might periodically lead them to suspect faults where there weren’t any. Such a contentious working relationship is hard to endure.
Personal data problems feel personal
If one element of your system falls victim to a hack, you can recover fairly well. Perhaps your support system goes offline for a few hours until you’re able to resolve the issue and get back online. While annoying for your customers, that kind of thing isn’t the end of the world.
However, if any kind of personal data gets hacked, that isn’t only more serious and alarming — it also feels fundamentally different. Not everyone is subject to the kind of wild panic that many experience about having their personal information publicly available, but everyone is at least distantly aware of the ever-present threat of identify fraud, and the ease with which limited personal details can be used to access countless user accounts.
Consequently, if your system suffers a personal data hack, your customers are going to feel violated to some extent — regardless of whether they were personally affected, and even if no data was actually stolen during the hack. The fact that unauthorized parties were able to gain access in the first place will be enough to scare people. If you couldn’t protect their most sensitive information, how can they ever trust you for anything?
Word spreads rapidly
Death by social media backlash is a real threat for today’s brands. You can be tried, found guilty and sentenced to mockery and boycotts in the court of public opinion, and the entire process can take place in just days — or even less time if it’s a slow news day. Once your brand name has been thoroughly dragged through the mud, you’ll essentially be considered toxic. Businesses won’t want to associate with you for fear of being tarred with the same brush.
Think of the extent to which you ultimately rely on the stability and good reputation of your brand. A ruined name doesn’t just limit your ability to operate: in ideal circumstances, selling a business is one option when you need to move on to greener pastures, but a tarnished brand will inevitably make that a very difficult process. Even if you decide to start from scratch with a new name and a new brand, you’ll likely never be able to escape that underlying association.
Furthermore, consider how much of your current work can be traced back to personal recommendations. I’d expect it to be a fair portion, since it’s inconvenient to keep changing MSPs. Because people like the stability of having the same service provider for many years, they want to vet them thoroughly first (as they would life partners!), and having someone you trust vouch for a company is the fastest way. Let down just one of your customers to a large enough extent, and they’ll sink your word-of-mouth recommendations in no time.
How to keep your system protected
So, we’ve run through a few reasons why it only takes one hack to ruin customer trust, but what can you do to guard yourself from that prospect? Well, as an MSP, you already know the technical side of the equation, so my main suggestion is that you focus on the other side: the human side.
That’s the side that leads technically-minded people to make ill-considered decisions about how to distribute admin access, leading to complete disaster. It’s also the side that sees basic laziness step in and convince people who know better that it’s not all that important to change passwords regularly — after all, there haven’t been any problems before, so clearly everything’s totally safe, right? Wrong.
The ongoing security battle you face is against the bad habits that creep in through indifference, complacency, arrogance, or the reckless willingness to trust people you haven’t fully vetted. You have to be vigilant, and you must understand the consequences that await you if you fail to do what needs to be done to keep data protected.
And if you fail in that effort, and your system gets hacked? What then? Well, it isn’t entirely under your control. You can do your best to rehabilitate your image, make reparations, and commit completely to never, ever, ever allow something like that to happen again — but your customers might simply refuse to forgive you. It’s entirely possible to damage a reputation so vitally that it can never recover.
If you don’t want to leave that up to chance, you don’t need to. You just have to prevent a security incident from ever taking place. That’s something you can control.
In essence, each one of your customers will rely on you to be responsible for the security of two systems: theirs, and your own. Leaving a vulnerability in either of them can thus be very damaging for both — not only might a hacker be able to access one through hacking the other, but it’s also inarguable that the weakness of one calls the strength of the other into question.
Being a reliable MSP is an excellent and steady foundation for a lasting business, because the customers you impress will want to keep working with you for years to come. Don’t risk that goodwill by failing to keep every last part of your system secure. Follow the listed suggestions, and do your best to earn customer trust.