Backups, Insurance, and Incidence Response Policies: Why MSPs Need All 3

As an MSP, you’re all about protecting your clients, but how are you protecting your own business? Backups, cyber liability insurance, and incident response (IR) policies are all fundamental to a layered security approach – for both you and your clients. The problem is, some MSPs are choosing between the three, when in fact, you need all three layers to survive an inevitable attack.

In a recent Fire Side Chat with Axcient’s Senior VP of Product and Art Gross, CEO of Inskyber, Breach Secure Now!, and HIPAA Secure Now!, the two-channel experts discuss security standards, recent breach implications, and best practices for data protection. As an MSP owner, MSP insurance provider, and MSP platform vendor, Art brings a wealth of knowledge and real-world experience to the conversation. See why he and Ben agree that this multi-layer approach is the best way to recover completely from an attack.

First Things First…

Understanding the difference between these foundational layers of security is essential to see their value, protect your MSP, and have meaningful security conversations with clients. However, relying on one, rather than all, leaves holes in your ability to restore completely and keep businesses moving.

As Backups are duplicate copies of data stored in a protected environment – be it the cloud or on-prem. During disaster recovery, backups should be able to be restored regardless of accidental or malicious deletion, malware attack, or physical damage. To ensure successful backups, the integrity of backups must be verified often with alerts and notifications to ensure they’re ready to be restored no matter what.

Cyber liability insurance financially protects businesses after a cyberattack or incident where the company and/or client data is lost. According to Inskyber, depending on your policy, cyber liability insurance can protect against claims for the following:

  • Regulatory fines
  • Media liability
  • Breach management expenses
  • Cyber extortion and ransomware
  • Social engineering
  • Reputation loss
  • Business interruption
  • Breach response

IR policies tell you exactly what to do in the event of a breach. An incident response plan answers the question, ‘what now?’ with a detailed, practiced, accurate, and comprehensive roadmap from breach discovery, to complete restore, and through investigation and policy updates. Through mock disasters and table reads, incident response plans are regularly updated to accommodate internal changes, current security threats, system upgrades, and changing state, federal, and industry regulations.

Heightened Risks Should Make You Assume the Worst

Even as ransomware attacks continue to rise, become more complex, destroy massive amounts of data, and specifically target MSPs and SMBs, some businesses continue to turn a blind eye. While protecting yourself and your clients with robust solutions is up to you, Art says, “you’re also at the mercy of the vendors you use.” It’s risky to be in the channel right now, but it’s not hopeless – you just need to widen your perspective of protection. The most prepared MSPs are looking outside of just technology and BDR solutions to ensure security from different angles. Recent data shows 60% of MSPs are carrying cyber liability insurance, but a whopping 77% of organizations do not have an IR plan in place.

Ben explains the approach Axcient takes on today’s threat landscape, “From a company perspective, from a vendor perspective, whenever I do testing or security risk assessment, it’s always under the assumption that we are going to be breached. A 100% preventative approach is not a successful strategy. You need to figure out what can I do to reduce dwell time, isolate and remediate quickly, identify gaps fast, and follow breach notification requirements so when something happens, everybody is prepared.” Thinking ‘it won’t happen to me’ or relying on a one-prong approach fails to adequately address the reality of cyberattacks.

Insurance Demands Raise the Bar for Security

Unfortunately, despite frequent warnings, regular breaches, and the fatal consequences of cyber incidents, many MSPs continue to forego insurance and allow clients to remain unprotected. Insurance companies have noticed – causing premiums to rise, making policies more demanding, and intensifying applications. Businesses used to get coverage by simply answering three questions: are you using a firewall? Antivirus? Encryption? Today, applications are upwards of 20 pages examining your administrative, physical, and technical safeguards. A big portion of that application is assessing the vendors and solutions you use and ensuring your clients have comprehensive cybersecurity protections in place.

Art sees stricter policy demands as having a positive implication for the channel. “It’s going to force MSPs to implement more security safeguards. It’s going to force their SMB clients to implement the security safeguards that MSPs have struggled to convince them to implement. If you can convince clients they need cyber insurance, it’s the carriers that are going to force clients to implement the right security, or they’re not going to be insured.” The trickle-down security effect will undoubtedly lead to minimum security requirements, increase the cost of doing business, and expand the role of vCISOs and CIOs – but it will also protect the consumer and business-critical data and enable recovery from cyberattacks.

Overcoming a Breach is All in the Details

There’s an assumption that only companies that do not have backups have to pay ransom demands. And so, having backups will prevent you from being put in that position. Art says the real reason a company with backups often pays the ransom is that the time necessary to restore the data is so long that lost revenue outweighs the ransom. If you don’t know how long it takes to restore your backups, you’re risking considerable downtime, profit loss, damage to your reputation, and lost clients.

Ben explains, “If you can’t get on your network, can’t get in your office, alarm systems are shut down, phone systems are offline – whatever it is – it carries over into business continuity, and that’s what people don’t think about. They’re like, ‘I have my backups. I can just restore my data,’ but it’s about good data forensics. Understanding how long your carrier is going to be on your network and what they need to do to conduct those forensics. And then, what are you doing from a continuity perspective to make sure you can continue making money so the business isn’t completely dead in the water in the meantime.” This is where your IR plan comes into place. With regular table reads and rehearsals, you and your clients will be prepared for both ensuring data forensics are protected while keeping the businesses running. As Art says, “you never want to start Googling ‘data forensics’ in the middle of a breach.”

Instead, you need to be methodically following your plan – shutting down systems, calling your insurance carrier, virtualizing data in the cloud for continuity, dealing with the press, managing your reputation via public relations, following breach notification requirements and communication protocols, potential credit monitoring, and so on based on the guidelines of your IR policies. Art continues to push this point, “It’s all of those services that come along with a cyber insurance policy that is really important because, the honest truth is, very few MSPs are good at those types of services – data forensics and reputation and breach notification. You need help with that immediately, and you need to be on top of it. So when you look at incident response, you have to factor in all of those pieces beyond just getting the services back up and running again.”

Cyberattacks are Shaping the Channel. Are You Ready?

Backups, cyber liability insurance, and IR policies work in tandem to provide safe recovery from the cyberattacks that threaten the channel every day now. Leaning on one or even two of these protections leaves your MSP and your clients vulnerable to disasters you can’t overcome. Learn more about establishing security standards in Ben and Art’s Fire Side Chat, and visit Axcient’s latest product release – x360Recover Direct-to-Cloud – to see how we Protect Everything™.  Start Your Free 14-Day Trial Today to see how hardware-free BCDR simplifies management and lowers costs.


More Great Stuff From Our Blog:

Check out some other interesting pieces from our blog: MSP-friendly resources and tools to learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR., we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, and hear our CEO David Bennett explain why the current cybersecurity landscape means traditional backup is dead.

Subscribe to the Axcient blog.