2022 is applying ever-increasing pressure on MSPs to become more complete partners—able to provide tools and end-to-end strategic solutions tailored to clients’ specific and quickly evolving requirements.
MSPs looking (or needing) to hone their services in the second half of the year should consider these strategies to drive new business and strengthen retention:
1Adopt a layered security strategy (rather than obsessing over ransomware).
For MSP clients, security is essential, and ransomware is terrifying. Businesses that rely on MSPs to enable their IT capabilities naturally require external MSP expertise to navigate the infosec landscape and implement appropriate safeguards. With ransomware attacks continuing to increase, clients that read the news are likely to have ransomware top of mind—and gravitate to MSPs that purport to address that fear.
MSPs should certainly implement robust measures to defeat ransomware attacks and highlight those capabilities to the degree that doing so enhances marketing efforts. That said, a holistic and layered security strategy utilizing a comprehensive security stack is necessary to protect clients from the breadth of less popularized—but no less crippling—risks they truly face. And here’s the punchline: a holistic security stack is required to guard every avenue ransomware attackers might use to gain access to a client’s systems and data, making a comprehensive approach more successful than one focusing on ransomware exclusively.
For MSPs, an effective layered security strategy must include:
- Employee training. Regular employee training can transform employee behavior—still the single greatest source of security risk—to prevent employees from clicking on clever phishing emails or nefarious site links that invite ransomware or other attacks. MSPs can use tools like Breach Secure Now and KnowBe4 to orchestrate training sessions and put that training to the test.
- Perimeter security. MSPs should introduce antivirus firewalls, application whitelisting, regular security patches, and harden surfaces to deny attackers.
- Interior security. Encryption and access control protections must secure data across every device employees use. If insulated from attackers, data backups can thoroughly neutralize ransomware attacks by giving clients a spare copy of the data being held hostage.
- Risk responders: Proactive and preset “risk responders” enable MSPs to protect clients with powerful and automated countermeasures, such as when a device experiences a set number of failed login attempts or travels outside a geofenced location.
2Avoid becoming a commodities dealer.
Many clients now interpret MSP offerings as commodities, a mentality that will be a race to the bottom—and a security disaster—if it continues. MSPs need to flip this script in 2022 by providing not tools but results. Using layered security as an example, clients cannot be in a position to tell MSPs which individual security services they will and won’t use. Leaving a gap in an MSP’s thoughtful, holistic strategy in the interest of a cheaper option causes the whole system to collapse. Beyond revenue concerns, such practices present real risks to clients and MSPs. By instead providing packaged security and/or compliance-as-a-service solutions, clients and MSPs get a better deal in the long term.
3Foster close client relationships, and don’t get complacent.
MSPs can’t sit by and assume that clients are satisfied with the level of service they’re receiving. Aloof and distant MSP partners are a dying breed in 2022. To avoid that fate, MSPs should demonstrate a thorough understanding of a client’s business and any changes in how current offerings, policies and strategies align. Successful MSPs engage with clients to proactively explain the value and strategy behind each tool and how such strategies help those clients meet HIPAA, NIST or other security mandates/frameworks, adapt to match circumstances and continually add greater value.