In the mistaken belief that their companies are not big enough to attract data thieves, small and midsize businesses notoriously resist tightening their IT security, ranking it as a low priority. Yet, when those same SMBs experience a data breach, they sometimes point the finger at their MSPs. Worse, they may file lawsuits and haul their providers into court to recoup financial losses from the breach.
MSPs, in fact, have their own mistaken belief about raising the issue of security. Some providers actually think that if they attempt to sell additional security solutions, their SMB clients will hold them liable if a breach occurs. This line of thinking ignores the reality that clients may hold them liable anyway.
One strategy for addressing this dilemma is for MSPs to shift from selling clients on the need for stronger security to educating them about why it’s important. MSPs can point out that hackers have grown much more sophisticated in the past 15 years, and SMBs are easy targets. They should educate SMB employees on how to spot malware threats, as well as phishing and social media scams. In addition to positioning themselves as educators and advocates, MSPs must also take these specific steps to avoid costly courtroom battles: