MSP hacks can cause some of the messiest communications crises. Here are 5 steps you can take today to prevent future headaches

Guest post by Meredith Griffanti & Kelly Miller, FTI Consulting

As leaders of cyber breach communications response teams for many of the most prominent hacks in history, we can confidently say we’ve seen it all. One trend remains true: MSP hacks can truly wreak havoc on even the most buttoned-up communications teams.

Many companies today are rightfully focused on taking security steps to protect against intruders. But anyone who has experienced a cybersecurity disaster can tell you that while the origin of an incident may be technical in nature, communications can be the hardest thing to navigate. Preparing a communications response plan is critical.

For MSPs, the communications web becomes incredibly complicated with clients, end customers, clients’ clients, business partners… the list goes on. And even if a company is back on its feet from an operational perspective, the account team will be fielding client questions for weeks – and often months – to come. Across the board for incident response mandates, the communications workstream has the longest tail.

With our experience managing, some of the most memorable MSP hacks to date, we can recommend a few steps MSPs can take today so that any cybersecurity incident can become more manageable.

1. Evaluate communications business continuity – and know your backup programs

In the heat of a cyber incident when systems are either locked up or have been taken down to prevent impact, communication can seem impossible. The best-prepared companies have planned ahead and have external “out of band” communications tools in place to reach important stakeholders. Not only should you have a vendor secured to provide these services, but make sure communications professionals and others at your company are trained to use them. Ironically, an all-staff email can be most critical when you aren’t able to send one. Think about things like emergency text alerts or lead-gen software you can use in the absence of traditional communications channels.

2. Have a communications approval strategy in order

An update to staff doesn’t usually take long to write – but it can take ages to get properly approved. The usual chain of command for press releases should not stand in the event of a crisis. Organize an emergency protocol today to ensure the right internal stakeholders (including board members, C-suite, and tech teams) can swiftly provide input and streamline a stamp of approval for communications.

3. Understand your business relationships

MSPs’ business networks are incredibly complicated and many account/sales teams interface with many clients at once. When a cyber incident occurs and every client wants more information, existing structures can quickly become untenable. Now is the time to think through how you’ll manage a high volume of inquiries and make sure each external touchpoint has a clear POC within the company. This also means keeping contact sheets up to date. Often former clients are implicated in cyber incidents – so know how to get in touch with them (and who is on point to make the call).

4. Give account teams visibility into data governance policies

Data governance policies and procedures should not be held secret or in a privacy vacuum. When an incident occurs, account teams are the ones on the front lines explaining to customers why certain data elements are stored and for how long. They are also often attuned as to what information will be more meaningful to various customers – or considered “sensitive.” As your organization makes data governance policy decisions – ensure those are communicated clearly to client relationship teams.

5. Evaluate contractual agreements in advance

Long after you’ve sorted all the security and operational concerns that a cybersecurity incident can create, you may be continuing conversations with clients about how to move forward in the aftermath – if they’re owed discounts due to any system downtime, how many data controllers or subjects may need to be notified if data retention agreements were honored… many details that may not be top of mind when you’re signing new clients. Take the time today to ensure contractual agreements are easily accessible, categorized, and regularly reviewed – that way in the event of an incident, you can prioritize communications decisions also based on contractual need.

When it comes to communications around cyber incidents, MSPs are often held to a higher standard due to the outsized impact that downtime can create for their clients. The goals of an effective response should be ensuring a smaller blast radius through a well-thought-out and organized communications plan, equipping leaders with messages so that they can have consistent and informative conversations about workarounds that minimize operational impact, and delivering quick, transparent, and accurate notifications. When preparing your cyber plan, don’t forget communications – it can save you immense time and money down the road.