5 Essential Cybersecurity Services

Small to midsize businesses (SMBs) are becoming increasingly aware of cybersecurity as a major area of concern. In fact, our 2020 ConnectWise State of SMB Cybersecurity report found that over half of SMBs don’t have the skills to properly manage cybersecurity. 

Cybersecurity services represent a massive window of opportunity for managed service providers (MSPs) in 2021 and beyond. Consider that the same report also found that 91% of small businesses would consider switching IT service providers if they found a new one that offered the “right” cybersecurity services. 

As SMBs start thinking about security, they’re often turning to MSPs for help, and well-prepared MSPs who adopt an MSP+ playbook (traditional MSP services plus cybersecurity support) will be better equipped to take advantage of this growing demand.

Below, we’ve broken down five key cybersecurity services that MSPs should offer. Take a look to see where you could increase your service offerings to drive revenue, meet customer needs and tap new markets.

1. Threat Detection and Response

Every endpoint—from laptops, to mobile phones, to tablets—in your customer’s organization represents a potential entry point for a hacker to infiltrate their systems. That’s why endpoint management is a crucial part of any cybersecurity program. One key service MSPs can offer their customers is monitoring for cyber threats, detecting them if/when they occur, and responding quickly to stop them in their tracks and prevent fallout.

For example, email is one of the most common ways hackers try to enter systems. By monitoring popular software and SaaS apps on your customers’ endpoints—such as Microsoft 365 and Azure—you can detect abnormal behavior, stop it and investigate whether something malicious (or accidental but dangerous) is happening.

Other core threat detection and response services can include:

• Monitoring and analyzing logs
• Security information and event management (SIEM) management
• Customizing alerts for individual users and devices
• Dark web scanning to detect stolen credentials
• DNS protection

The least impactful cyberattacks are those that are caught, stopped and remediated early. Endpoint monitoring and threat detection are the frontline in preventing attacks.

2. Risk Assessments

Dental offices, legal firms, and medical practices are all busy doing what they do best—fixing teeth, practicing law and treating patients. They’re typically not cybersecurity experts, and they know it. So, while your SMBs customers may be aware that cybersecurity is important, they may not know where their risks are or what to do about them. At the same time, they must keep up with industry regulations like the Healthcare Insurance Portability and Accountability Act (HIPAA) and protect patient and client data and confidentiality at all costs.

MSPs can prove value to customers like these by identifying potential security risks proactively. And that starts with having the security conversation and conducting a risk assessment.

Presented in an easy-to-read report, a risk assessment should cover areas such as:

• How employees are trained/educated about cybersecurity
• If and how threats are documented and addressed internally
• Whether the organization assesses IT assets for vulnerabilities
• Any plans or processes for addressing cybersecurity incidents (and whether that plan is followed during an actual incident)

Based on the information gathered in a risk assessment, MSPs can then recommend actionable next steps for their customers to shore up security. A thorough risk assessment includes network vulnerabilities, data compliance issues and even internal threats. It can also make the threat of cyberattacks more real for customers who are not well informed or fully aware of their risks.

A risk assessment can be a starting point for a discussion around compliance with key security and privacy regulations—such as the EU’s General Data Protection Rule (GDPR) or the California Consumer Privacy Act (CCPA)—and the difference between being secure and being in compliance. For healthcare and medical companies, HIPAA may come into play, and for law practices, there are often client confidentiality rules and laws that must be respected.

To get started, take a look at