How MSPs inform their clients about cyber threats

The cybersecurity threat landscape is constantly changing to the point that it is an MSP’s duty to ensure clients are adapting to these emerging threats. MSPs provide crucial resources to clients in order for them to protect themselves. There are several strategies that MSPs can do, with common examples being supplying educational content or in-person training.

However, the best approach overall, is to provide a combination of the following practices below. This will ensure MSPs inform their clients about any threats and adapt as necessary.

Regular Security Audits

Every business owner likes to think that they are fully protected whenever they have the most simplistic of security measures in place. The reality is, only about 5% of company business files are protected and that it’s essential to expose that fact to clients.

Making clients aware of vulnerabilities is to show them through regular security audits. These audits work two-fold as they reinforce why cybersecurity is so important, but also highlight potential risks that have emerged since the previous audit.

MSPs should conduct thorough audits which consist of the following:

  • Check for unsecure passwords
  • Check for permissive access control lists (ACLs) on folders
  • Check inconsistencies in ACLs on folders
  • Check file activity and note any lowered file activity
  • Check for outdated security software
  • And ensure that software installed on systems are compliant with security standards

These audits should be performed once every two years for clients. However, the frequency can change depending on certain circumstances. When new threats emerge, it would be ideal to perform an audit. The frequency should also be increased if companies store sensitive customer data.

Updating Clients Via Newsletters & Social Media

A quick and easy way to let many clients know at once about updates is through newsletters or posts on social media. These can be used to inform clients of any changes – including new threats to their cybersecurity.

These newsletters and posts can provide general knowledge of the cybersecurity world. This also allows cybersecurity to be kept in mind at all times.

Newsletters are all about providing value, so it’s important that they deliver key information. When an MSP spams newsletters or they are constantly promoting their services, people will unsubscribe quickly. If clients and subscribers know that the newsletter provides news, company updates, and other useful things for them, they’re more likely to open and read.

In terms of frequency for newsletters, once per month is a good policy to have.

Social media is more complex. A strategy MSPs can use for social media posts is to use them to provide security updates and to post throughout the day other useful information. Some general topics MSPs can include in either medium are:

  • Reminders of cybersecurity best practices
  • Updates to new phishing scams or malware
  • Announcements about cybersecurity training and seminars
  • Useful articles and resources
  • Overviews of what the MSP has done to protect clients

Blog Posts

Newsletters and social media posts are helpful, but they are inherently short. People don’t want to spend a lot of their time reading through long-form content on social media or in emails. Blogs are a whole other story though. Blog posts, such as this one, can provide more depth to information and can serve as a solid point of reference for clients. Blogs are helpful as they can establish MSPs with more authority and build trust with clients.

Hold Seminars, Events And Webinars

MSPs can host local seminars and events. These can provide opportunities for clients and potential customers to learn about the cybersecurity industry, receive the latest information, and ask time-sensitive questions.

These events and seminars don’t need to be large or expensive. Renting a room or inviting clients and businesses to presentations can be used to provide immense value. Alternatively, holding webinars can cut costs further as MSPs can select a simple venue and run a promotional campaign on social media. As a result, an MSP could reach a broader audience.

Awareness Training & Phishing Simulations

As mentioned before, direct training is one of the ideal approaches for MSPs to inform clients of security threats. This is crucial as currently many businesses lack the awareness of cybersecurity threats. A recent survey revealed that only 22% of businesses conduct regular cybersecurity awareness training and 41% have mandatory cybersecurity training for new employees.

Training isn’t only about bringing awareness to threats. It should include information on:

  • Compliance and operation security
  • Potential threats and vulnerabilities
  • Application security
  • Data security
  • Host security
  • Access control
  • Identity management
  • Cryptography

MSPs should go one step farther and provide simulations. Phishing simulations is ideal as these are the most common attacks. These will allow opportunities for organizations to identify vulnerabilities in their systems as well as apply what they learned.

Review Policies & Security Procedures

MSPs will often find themselves developing and reviewing clients’ policies and procedures. Once those are in place, it is important for MSPs to routinely review them once per year to ensure clients and teams are following them.

These reviews also serve as refreshers for existing clients and as introductions to new members. Reviews can also provide opportunities to update or add procedures that address emerging threats. Additional reviews could be required in the following scenarios:

  • A new office is opened
  • Employees can work from home
  • Employees can use personal devices for work
  • The client hires more remote workers
  • The client had a security breach


Cybersecurity is an important cornerstone; however, it’s not the first item on the client’s mind. The duty of the MSP is to stay abreast of latest trends and developments and provide simple ways to keep their clients informed. Through the strategies mentioned above, MSPs will be able to confidently provide information that will keep themselves and clients safe.

About MSP Corp

MSP Corp understands you’ve worked hard to build your business and you want to protect it. With a mission to be a world-class business partner for MSP owners across Canada, we actively seek to acquire and partner with owners looking to secure the value of the business they have built and provide a seamless exit process that ensures business continuity and employee and client stability.

Contact us today to learn more about selling your business and maximizing its value.