In this interview, Richard speaks to Mostyn Thomas, the Senior Director of Security at Pax8 and an expert in cybersecurity. He’s responsible for overseeing the company’s channel security operations, empowering Pax8 partners to reduce risk, improve efficiency, and ultimately grow their business.

Mostyn has more than 20 years of experience working with managed service providers, including founding Astrix Integrated Systems in 2001. He’s a Cyber Essentials trainer and holds a range of security qualifications.

An Interview With Mostyn ThomasHow MSPs can Support Clients with Small Cybersecurity Budgets

Mostyn admits that budgets are a challenge for many small businesses, especially when it comes to IT. “But cybersecurity is important. So I think MSPs need to be mindful of what it is they’re trying to protect, which is data.

“If you have a client with a limited budget, prioritise what matters most to them. They can’t have everything, so help them to choose what they need. Don’t just follow the tech, follow the data. Ask what their priority is, and look for cost-effective ways to protect it. And then you can build from there.”

The One Cybersecurity Tool Every SMB Should Have

Every business is different, but almost all will have an email tool of some sort. So that’s the first thing MSPs should help their clients protect. Mostyn adds: “And we all know that it’s the number one attack vector. It makes sense to protect that. So ensure that they have a good password policy and 2FA – both of those are free.

“Make it clear to your MSP clients that they can ramp up their security free of charge, or with low-price solutions. Encryption can be done cheaply or for free, and anti-malware and firewall are also reasonable. For very little investment, the payoff is huge.”

Resources to Stay up to Date with Cybersecurity Trends

As a distributor, Pax8 commit a lot of time and effort into providing their MSPs partners with free resources on cybersecurity. Plus, their in-house team can answer tool-specific questions, such as how to strengthen Microsoft Office.

Mostyn also delivered a cybersecurity masterclass, which has been very popular. “I’d  also recommend looking out for podcasts and other online resources. Lots of vendors offer resources and training programmes tailored to their solutions. And peer groups can also help. Threat intelligence needs to be top of your list.”

Cybersecurity Threats SMBs Should be Aware of

Unfortunately, SMBs are at risk of a whole range of cybersecurity threats these days. However, the good news is that there are also lots of techniques to defend against them. Mostyn says that the first one to know about is phishing emails.

“These are sent in cast quantities, and while the majority get caught, you only need one to get through to cause damage. Alongside that is business email compromise, which is slightly different. People can lose a lot of money through those.

“These are highly targeted and well-researched, and it’s usually a member of staff who’s taken in. And finally, ransomware is a big problem. This is also often delivered via a phishing email, and it’s an extortion exercise. It can really damage your reputation, so be aware of that.”

The Number One Mistake MSPs Make

MSPs sometimes forget that they’re also small businesses, and equally vulnerable to phishing and ransomware attacks. However, Mostyn says the biggest mistake he sees managed services owners make is a failure to clearly communicate with clients on how they help.

“Your clients don’t always know what they need, but they may ask you about a specific service they’re looking for,” says Mostyn. “If they say, ‘Do you offer cybersecurity separately?’ and you say no, there’s a risk that they assume it’s already included in their services.”

This could end badly if they fall foul of a ransomware attack that they’re not protected against. Mostyn’s advice: “Tell them clearly what you offer, and more importantly, what you don’t.

“As an MSP owner, you also have to be a salesperson. So make it clear that you can offer it as an additional service, or point to someone else who can. The potential damage to both their business and your reputation could be colossal. And make sure they know your SLAs, too, in case something does go wrong.”

How to Have a Security-First Mindset

When you’re dealing with so many vendors, clients, providers and software, MSPs can’t always dictate what happens. But you still need to be flexible, so you need to have the right mindset to stay constant.

“Don’t say ‘No, we can’t do it that way’, because then people ignore it. But we have to have a risk-based approach to governance and compliance, because your clients need it.

“Make sure you’re constantly assessing the risks and how to resolve it. This is a good analogy I use to help MSPs think security first: Imagine you had to break into your own system. How would you do it?

“How would you break into your own home? Where are the weaknesses with your burglar alarm system, your door locks? Now realise that your burglar is thinking the same way. And likewise, a hacker is thinking like that about your networks. Now you’re in the right mindset to implement protection.”

How to Connect With Mostyn ThomasPax8Connect with Mostyn on LinkedInEmail MostynFollow Pax8 on TwitterLike Pax8 on FacebookFollow Pax8 on LinkedInHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate and review TubbTalk in iTunesSubscribe, rate and review TubbTalk on Stitcher RadioSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog on TwitterMentioned in This EpisodePax8 AcademyGraham CluleyIan Thornton-TrumpWes SpencerJennifer BleamCompTIAKarl PalachukNational Cyber Resilience CentreCyber EssentialsAcronisConnect SecureSentinelOneSimon SinekBook: Jim Collins: Good To Great: Why Some Companies Make the Leap… and Others Don’tMalcolm GladwellChip and Dan HeathBook: Matthew Syed: Black Box Thinking: Marginal Gains and the Secrets of High PerformanceBook: John Maxwell: Failing Forward: Turning Mistakes into Stepping Stones for SuccessYou Might Also be Interested inPodcast: The Top Ways to Move Your MSP Business to a Cybersecurity FocusPodcast: How to Navigate the Scary World of MSP CybersecurityArticle: Channel-Sec 2023: A Security Event for the European IT Channel

The post TubbTalk Bonusode: The Best Cybersecurity Resources for MSPs You Need to be Aware of appeared first on Tubblog: The Hub for MSPs.