The IT supply chain is under attack yet again and this time it directly involves Managed Service Providers and their clients. While this most recent attack appears to have only affected a handful of MSPs here in the US, it is important for all MSPs to proactively communicate details to their customer base to put them at ease and help them understand what is going on. Every MSP claims to be proactive when it comes to supporting their clients and their networks, and situations like this are the ideal time to show it. Not only will this communication help your clients understand the severity of the situation, but it will also help you develop templates and processes that can be used in the case of an emergency in the future.
Here are a few tips on communicating supply chain attack details to your clients, regardless of its direct impact on your organization:
Be Transparent About The Impact On Your Customers
The most important thing to consider from a “PR” standpoint is transparency. If your customers are being affected by the current event, you need to be open about this. We all want businesses to take cybersecurity more seriously and one way to accomplish this is by showing them how “close to home” these events truly are. I relate this to a time a few years ago when my next door neighbor had their car stolen as it was parked less than 100 feet from my driveway. While I wasn’t the victim, it completely changed my level of comfort, which led to me upgrading my security system to include cameras that cover the driveway.
If your clients were not affected by this event, then certainly share the good news, but be careful with what you say. While the most recent event was isolated to a specific provider, the next time that could be yours. Don’t use this as an opportunity to brag about your security and the “best in class” tools that you use. If we have learned anything, it is that no one is immune to these events and that it could very easily happen to you next.
Help Them Understand The Origin Of The Attack
Something that you need to consider when communicating to your customers is that they don’t have the same brand recognition and understanding of acronyms that you do. As you are attempt to describe the origin of the attack, put the terms into context that is easy for them to understand. For example, an RMM can be described as “a tool used to manage remote connections into our client’s computers.”
In addition to this, help them also understand the position that the targeted vendor has in the industry. For example, the most recent attack has targeted one of the top providers of software to the IT industry, who claims to have over 40,000 customers. If you think about how many endpoints are supported through those thousands of partners, the impact of this event could have been catastrophic. Help your clients understand this so they have a better understanding of the motive behind this unique supply-chain targeting method and why it is such a threat to our industry.
Explain How Your Company Is Addressing It Internally
No matter the direct impact on you and your clients, every supply-chain attack is a learning opportunity and a chance to improve your own posture based on the latest information. These events also cause every other vendor within the supply chain to look inward, promptly issuing updates in response to new information gained from the latest attack. Help your audience understand the actions being taken by you and the vendors that you partner with, so that they understand that there is in fact a response.
In addition to this, remember that the IT Channel is a tight-knit community that supports each other. If you weren’t affected by the incident, consider offering your resources to local competitors or peers that were. These attacks are bad for the industry as a whole, so there is more gained than lost by offering a helping hand in a time of need. This can also be communicated to your customers so that they know that you are offering your resources for a good cause, which may lead to slower response times in the interim.
Offer Clear User Instructions For Worst Case Scenario
While each attack is different in nature and may prompt a unique technical response, practicing emergency response is never a bad thing. It’s also possible that your communication goes out before the attack has even concluded, therefore you should offer your clients clear instructions on what to do if it does impact them in the very near future.
If you are going to produce such content for your audience, consider making it “evergreen” so that it can used in a pinch later on. For example, the latest scenario could be a motivation to create a “Ransomware Emergency Response Guide” which you issue to your audience immediately when these type of events start to unfold. You can update the guide to include information on the most recent event, but having the template ready will allow you to respond quickly and in kind.
Provide Trustworthy Sources To Follow The Story Themselves
Ever since the attack on SolarWinds that was discovered earlier this year, cybersecurity headlines have been in rotation among the largest media outlets in the world. While this is a great for awareness, not all of these outlets cover these events with technical accuracy as the journalists may not completely understand the technology that is being leveraged in the attack.
At the same time, some tech-focused publications provide incredible technical accuracy but not in a way the average Business Owner can understand. These resources are meant more for IT Professionals and those that already have a base of technical knowledge, which can cause confusion for everyday readers. Do your best to find the best resources covering the event at hand and provide them within your communication. Not only will this validate your own information, but it also allows your customers to stay abreast to the latest updates at their own convenience.