Ask Intronis: How can I reassure customers after Yahoo's data breach?

Posted by Lauren Beliveau on Oct 10, 2016 7:13:00 AM

Ask_Intronis_Logo_2016.png Yahoo data breach has a few of my customers rattled, and I feel like they need some reassurance to feel completely secure. How can I use the data breach as an opportunity to convince my customers that I’m taking all the necessary precautions to safeguard their data?

The Yahoo data breach has startled a lot of companies and has customers questioning their providers about what extra security precautions are in place. Reassuring your customers is no easy task, though, and it often needs to go beyond a ‘trust me’ type statement. However, taking the extra time to talk about it with them and finding a way to demonstrate your value will go a long way to reinforcing those relationships.

To give you the best advice on how to approach the subject, we consulted Chris Crellin.  He is the senior director of product management at Intronis MSP Solutions, and he has an extensive background in the security sector. This makes him the perfect resource to help you understand how to reassure your customers.

How to reassure your customers that their data is safe

Assuming you already have security best practices in place, such as enforcing security policies, keeping systems up to date, and layering email security and firewall solutions, then reassuring your customers will be easier than you may think. Here are a few ways to put your customers’ minds at ease.

Communicate with your customers regularly and be as transparent as possible. Have a regular check-in with your customers and update them about what’s happening both on the security threat front and what’s happening in their IT environment. Share relevant metrics such as how many threats detected and prevented, how many devices you’re protecting for them, how much data you’re backing up, and how many times a backup was incomplete. Catching small errors like an incomplete backup due to a laptop being shut off can help them recover more easily if they do experience a breach or malware infection down the road.

8939222795_a8b9d02939_z.jpgRemind your customers that you have a solid email security product combined with a next-generation firewall to mitigate attacks. If a breach can happen to a company like Yahoo, it can happen to your SMB customers, so having the proper security measures in place is important. The most comprehensive way to protect your customers is to use a layered data protection and security solution, an approach that includes email security with advanced threat detection combined with a next-generation firewall. (If you aren’t currently using both, — it’s time to start.)

Show customers the reports. Implement routine testing to evaluate the integrity of their systems, and then run reports. Illustrate your value by showing them what you protected them against, how many threats were blocked, and what you may have restored. This helps illustrate the value of your services. If there’s a gap.  If it’s a problem in the security and/or data protection systems that are running, be proactive about addressing them. Use the Yahoo data breach as a teaching moment. It is better for customers to learn from someone else’s mistakes than to feel the pain themselves.

MSP's Complete Guide to Cyber Security

Remind customers what policy standards are in place to mitigate risks. This includes current password policies, such as how often employees have to be reset passwords and how complex passwords need to be. You should also tell them how you regularly make sure their systems are up to date, including the latest security patches and updates. 

Take time to educate end users. While a customer may have robust security in place, education is still the best defense against cyberattacks. Identify the most common threat vectors and tell them what best practices you are implementing to counteract these attacks and what they can do to help keep the business safe.

For example, email is a huge security attack vector. Explain that to mitigate this risk, you’ve set up email security. However, they should not open emails from contacts they don’t know or click on suspicious links, and they should be cautious when sending personal information. Leverage this type of user training to protect your customers and their employees. Teach them how to avoid falling into cybersecurity traps, like phishing or ransomware, as well as precautions they can take to secure their accounts.

One thing that is often overlooked is password training. Remind users to not use the same password in multiple places, not to reuse expired passwords, and not to write down passwords anywhere. While you are educating your customers, give them tips and examples of what a strong password might look like.

The Yahoo data breach may not have effected your customers directly, but it is a good opportunity to talk to them about security and data protection and what they can do to mitigate the risks. If you communicate with them on a consistent basis, it can also help reassure them by letting them see what steps you’re taking to keep their business safe. Your customer doesn’t want to be the next one to make headlines due to data loss. Do the due diligence on your end to keep their data safe and secure, and reassuring them will be that much easier. 

MSP's Complete Guide to Cyber Security

Photo Credit: Esther Vargas via Flickr. Used under Creative Commons 2.0. 

Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com.

Topics: Ask Intronis

Which Data Loss Gremlin Is Targeting You
MSP Health Check
MSP Phishing Quiz
Intronis Local Lunches
MSP Marketing Assessment