There’s no mistaking the business value of proactive network and data protection. Virtually every organization would benefit from having a security-focused MSP minding their systems and updating their defense-related policies, procedures, and training programs.

SMB owners need that expertise to ensure cybercriminals don’t compromise and ultimately destroy their businesses. As compliance requirements and financial risks continue to grow, stealthy schemes are making it harder for even the most tech-savvy people to keep from making mistakes. It’s complicated.

At the same time, cybercriminals are getting smarter and leveraging AI to expand their capabilities. In fact, many experts expect the threats to increase exponentially over the next few years and few organizations will be able to stop 100% of the attacks targeting their systems.

If hackers want to get in, the chances they eventually will find a way to make it happen are increasing. In those cases, remediation services are needed to isolate and remove the existing threats, bring the businesses back online, and notify the proper parties. Those essential steps help ensure the organization meets its regulatory compliance requirements, limits its financial exposure, and most importantly, protects employees’ and customers’ data.

Security requires that level of commitment. Phishing attacks and breaches occur every day, but it’s what happens afterward that can make or break an affected organization. Failure to remediate according to industry best practices could be catastrophic to their reputation, bank account, or very existence.

Remediation is a Different Mindset

Despite all the known threats to business, selling cybersecurity to the SMB community is still a difficult endeavor, at least according to the majority of MSPs I encounter. With that in mind, bringing up what they will do when their defenses fail ‒ especially when pitching new solutions ‒ seems risky, but it may end up being the security piece that saves their business.

Two of the key questions MSPs must consider when discussing remediation services include:

  • Will bringing up worst-case scenarios cause clients to question your company’s tools or abilities?
  • How much will small business owners spend on services that they think (and hope) will never be needed?

SMBs typically expect a return on their technology investments, so cybersecurity professionals are already at somewhat of a sales disadvantage. In a best-case scenario, effective protection ensures that their systems and activities remain “status quo.”  Security solutions won’t improve productivity, grow sales, or strengthen a company’s financial condition; though those factors could all be negatively affected by attacks and data compromises.

MSPs should never make security promises to their customers, other than agreeing to address any threats that come their way as soon as possible. As every channel professional knows, there are no guarantees with cybersecurity. Every incoming email and online interaction increases their customers’ risks and, as long as people are part of the process, there’s a good chance that bad things will happen.

A Partnering Opportunity?

Since remediation is so infrequently needed ‒ at least when the proper protections are in place ‒ MSPs should consider partnering with specialists more accomplished at delivering this service. That’s not to say providers can’t build their own practices, but they should be fully aware of the resources and training required to support the continually evolving needs of their current and prospective clients.

While going the solo route offers your company and your clients more control over the process, expect the costs and learning curve to be high. Incidence response isn’t a “learn-on-the-fly” solution. Your team must be prepared to act quickly and effectively, so regular practice is a must, and frequent use of their skills will help increase their remediation capabilities.

If you have a large client base, that work will come as the cybersecurity threats increase. For most MSPs, partnering with third-party professionals is the most cost-effective solution.

Ready to boost your cybersecurity practice capabilities? IoTSSA membership is free for MSPs and IT services providers, so join our channel community today and get engaged in the conversation.

Brian Sherman,