Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

One of the most frustrating things about modern IT support is security. Your clients assume you’re taking care of it, even if they haven’t paid for any specific service. They just assume that security is “built in”. Many still subscribe to the old myth that they’re safe because they’re too small and the bad guys aren’t after them.

Meanwhile, bad guys are hiring genius programmers for very high salaries—because they have the income from ransomware to pay the bill. As a result, attacks are becoming smarter, faster, and trickier.

You need a coordinated defense system, a disaster recovery system, and a program to educate your clients. And on top of all that, it’s a great idea to have cybersecurity insurance.

Perhaps the best thing you can do regarding security is to get ahead of it. In other words, be prepared. The advice is the same here as it is with other challenges: create the right bundles!

What your security offering needs to consider

The classic problem with security is that you have to defend everything, all the time. Meanwhile, each attacker can put 100% of their attention on one specific vulnerability. With massive, distributed computing, your client sites are being bombarded with attacks everywhere, all the time.

Cybersecurity awareness

The first step is client education. Train clients to be aware. They can’t know everything about an attack, but they can be aware when something doesn’t seem quite right. Constant training for clients is recommended, both online and in person at the client office.

Minimum baseline

Second, you need an absolute base. You have to have a minimum level of preparedness in order for someone to be your client. This is no longer an option. If a client won’t commit to the most fundamental security measures, they are more of a liability then an asset.

Your base might include comprehensive patch management, anti-virus, anti-phishing, backup, DNS filtering, or any services you define. With the constant evolution of technology, the base might be a little broader every year. But you have to start somewhere.

Start with the combination of services and settings that make you feel comfortable. Adjust your bundle from there.

Disaster recovery

Third, you should offer a comprehensive disaster recovery or business continuity solution. Prevention is great. But hackers with almost unlimited budgets are bound to be successful someday.

Make a ransomware attacks irrelevant. With modern business continuity options, you can create bundles that get clients up in sixty seconds, sixty minutes, or the next day—depending on how much they want to spend.

Talk to your Sherweb account manager about the bundles you can offer your clients. Set a base level of security, and then offer tiered options to build from there.

Not a Sherweb partner? Explore our Partner Guide to learn about the benefits of working with Sherweb

Get insurance

For decades, IT professionals have ignored insurance. Those days are over. Your clients need cybersecurity insurance as well as business interruption insurance. You need a strong errors and omissions policy. And you might also need some kind of cybersecurity insurance for your own organization.

Obviously, you need to be good at what you do. But you can’t be perfect. And if a client pays out for ransomware, their insurance company is going to come after you.

Protect your clients with good security offerings and practices. Sherweb can help.

This is a guest blog by Karl Palachuk, author of Cloud Services in a Month and thought leader in the MSP channel. Find more of his insights at

Written by The Sherweb Team Collaborators @ Sherweb