TubbTalk 116: How Cybersecurity and Cyber Protection Keeps Your MSP Clients Safe

An Interview with James Slaby

James Slaby is the Director of Cyber Protection and Solutions Marketing at Acronis. This role sees him creating assets, identifying markets to expand into and delivering talks and webinars on all things cybersecurity.

Acronis are a multinational tech company with a focus on cyber protection, cybersecurity and supporting MSPs and businesses to keep their data safe. This interview was recorded live at the CyberFit Summit in Miami, Florida, in November 2022.

Watch the Interview

What is Cyber Protection?

James explains that it’s simply the integration of data protection and other security. “Think classic backup and disaster recovery with cybersecurity, but with advantages for the typical MSP when they use Acronis solutions.

“There’s a single agent on the endpoint managing a whole range of services, and it’s all integrated at the console. The coolest bit, though, is the leverage you get when you combine cybersecurity and data protection”. That includes things like scanning cloud backups and checking for vulnerabilities. 

Why All Businesses Need Disaster Recovery

Non-tech businesses tend to think of threats as things like a natural disaster, says James, but even if you’re a butcher, your business is still more likely to be brought down by a malware attack rather than a flood.

He recommends taking a clear-eyed look at managing risk and prioritising cybersecurity. Disaster recovery is becoming even more important in the risk management plan. And this leads to a greater need for insurance.

James adds that: “Insurers were making money in cyber insurance but ransomware has made it unprofitable. They’re increasing premiums and raising insurability standards, requiring companies to prove they have MFA and a DR plan before they get insurance. Fortunately, this is affordable, because MSPs can put a plan in place for their SMB clients.”

How to Protect MSP Clients Against Ransomware

MSPs need to closely scrutinise their vendors and technology providers, James advises, to make sure that they are doing everything that they need to do to protect themselves, and look at their development process. If you don’t do this, you won’t be able to protect your clients effectively.

“We all remember when one big IT ops tool was breached, which led to their malware customers having their data stolen. Don’t forget, you’re a trusted tech provider, so you don’t want the reputational damage of letting your clients being victims of ransomware.”

How Cybersecurity Awareness Training Helps Businesses

We’re all human, says James, and it’s easy to make mistakes when you’re tired or busy. However, cybersecurity awareness training is a really worthwhile discipline to practice. Remind people that phishing emails are getting more devious and convincing.

As their IT partner, though, gently remind them to be wary, but make sure clients know that you’re all on the same side in the fight against cybersecurity. Don’t punish them if they fail your phishing simulation test.

The other key component of this, James adds, is to include your executives. It’s hard to encourage the big boss to test their cybersecurity knowledge, but it’s important because it’s the leadership team who are increasingly being targeted. “Say they have the power to move funds; you successfully phish them and send an email to a junior employee to send sensitive info in the middle of the night. Then you’ve proved your point.”

Cyber Protection for Cloud Services

“The big three cloud providers do a pretty good job of protecting their own infrastructure, but not so much protecting the data of their users. And their contracts actually state that if the worst happens, they’re not willing to help much to restore lost data. It almost certainly won’t meet an MSP’s own objectives.

“That means you really need to take data protection into your own hands. You could push your provider to commit to providing stronger protections, but it’s better not to. If an MSP can do it effectively, it’s a selling point for them to say to their clients “If you’re using AWS, their protection might not be as good as you think. Let me help.” The biggest worry is assuming you’re better protected than you actually are.

Helping MSP Clients to Understand that Cyber Protection is Never Done

It’s a big challenge to educate your MSP clients on the reality that cybercriminals never rest. But MSPs also need to accept that they’ll never eliminate every single point of failure in their overall risk management project.

They need to constantly remind clients about big breaches that make the news, and try to raise awareness through webinars and supporting material. Acronis, for instance, have a range of case studies, eBooks, pre-recorded webinars and more, which users can reshare.

“Use these tools to show your client that the cyber threat environment is constantly evolving, and it’s your job as their IT partner to keep up with that. And point out that constantly updating and doing patch management is both time consuming and hard to get right if you’re not an expert. Doing it for your clients saves them time and worry.”

How to Connect with James Slaby

• Acronis
• Follow James on Twitter
• Connect with James on LinkedIn
• Follow Acronis on LinkedIn
• Like Acronis on Facebook
• Follow Acronis on Twitter

How to Connect with Me

• Subscribe to TubbTalk RSS feed
• Subscribe, rate and review TubbTalk in iTunes
• Subscribe, rate and review TubbTalk on Stitcher Radio
• Subscribe and rate TubbTalk on Spotify
• Follow TubbTalk on iHeartRadio
• Follow @tubblog on Twitter

Mentioned in This Episode

• How to register for next year’s CyberFit event
• Channel Futures article on clients who won’t use cyber protection
• Ebook: Assessing the Software Supply Chain Cybersecurity Risk
• Acronis CyberFit Sports Team-up

You Might Also be Interested in

• On-demand webinar: Acronis Cyber Protection Conference
• Cybersecurity Top Tips for Small Business Success and Growth
• Podcast: How do Criminals Think? Cybersecurity for MSPs

You might like: