Talking to your customers about cybersecurity shouldn’t be stressful, it shouldn’t be one time, and it shouldn’t be after a breach or other incident has occurred. Too often however, that’s not the case for managed service providers.
Asking the right questions—beforehand—can be a determining factor between preventing or even recovering from a cyber-attack and disaster, according to panelists during a CompTIA Cybersecurity Community Meeting at CompTIA’s Communities & Councils Forum in Chicago.
Start the Conversation with a Common Pain Point
Starting a cybersecurity conversation with customers could entail bringing up a common pain point, including one that they don’t even know exists—like asset management, according to Chris Johnson, cybersecurity strategist for OnShore Security.
“A simple question like ‘What are your assets?’ is not given enough attention. There’s often an assumption on the client side that MSPs are already managing all the assets. But you can’t protect what you don’t know, and what you don’t know will be the downfall,” Johnson said.
If nothing else, take pen to paper to manually collect a list of all assets so you’ll have an idea of what the client should have. And don’t forget possible virtual assets like Azure or AWS servers offsite.