Top 4 Things MSPs Must Do in a Security Breach

Data breaches have become the new norm, presenting a major security concern for organizations, as both customer personal data and a company’s intellectual property have become high value targets for cybercriminals.

Step #1: Notify Clients & Be Prepared

While a data breach may be weeks, or even months old (eight months on average), it’s important to contact the clients and notify them of the situation as soon as it’s identified. Honesty is the best policy and it will take cooperation from the client to determine the best course of action. If an MSPs customers are in a regulated industry there may be legal reporting requirements and specific actions to be taken to meet regularity mandates. Understanding these requirements ahead of time will put the MSP in a better position to help their clients during this highly stressful time.

Step #2: It’s All in the Details

Determining exactly how the breach occurred is paramount. For legal, regulatory and security planning reasons, the MSP will need to draft a forensic report detailing the attack including the initial point of compromise, the identified attack vectors used and the impact of the attack all the way through to the exact date and time the breach was spotted and stopped. Backtracking events to the initial point of compromise involves detailed telemetry, provided by forensic security solutions and meticulous analysis.

While many MSPs may not have these specialized competencies, the MSP can utilize a company that specializes in data breach forensics. These companies can deploy custom tools and specialized personnel to help build a comprehensive report. A MSP should plan ahead, understanding that, by having forensic tools in place ahead of time at all customer sites, to collect telemetry, they simplify and speed the task of piecing together the trail of the attack (if/when it happens). The efficiency of a MSP’s response will minimize client disruption, while solidifying the professionalism and minimizing the damage to the MSPs reputation.

Step #3: Determine Customer Impact & Response

It’s vital to understand that simply providing a technical analysis of the breach is not enough. The data breach report should also include the potential impact to the customer. Since data breaches involve stolen data, knowing exactly what type of data may have been stolen and the potential uses of the data, can give the MSPs’ client options for the counter measures they need to deploy to minimize the damage from the theft.

For example, credit card data loss may be countered by contracting a credit monitoring service and providing this service to the client’s customers who have been compromised.

Step #4: Repair Damage and Build Customer Confidence

MSPs need to offer more than just a list of actions that they’ve taken to stop the original data breach. They also need to explain what new processes and/or tools have been deployed to prevent similar incidents from occurring again. The MSP needs to prove to their client that they’ve taken effective steps in integrating new technologies that can proactively augment the overall security posture of the organization.

By explaining in simple non-technical language, all the steps the MSP has taken, as well as the ongoing action plan to prevent further data breaches, the MSP is repairing the damage to their reputation and restoring the trust that is critical to maintaining the client’s business.