Security Breaches and the MSP Responsibility

Man in hoodie in front of multiple device screens. Apparent computer hacker

Contrary to what we’d wish, the risk for security breaches is growing rather than shrinking. With COVID we saw a rise in cyber attacks and that increase has not subsided over recent months. In our role supporting clients as their managed service provider (MSP), we are hypervigilant about finding ways to protect against the new ways that cyber attackers find to compromise our clients data and assets. While it may appear pessimistic, we often operate as if there is already a breach to get in the minds of potential hackers allowing us to identify weaknesses and correct them before a hacker attacks. Today, we outline a few of the ways we handle the before, during and after of a security breach for our clients.


The best cure for a security breach is prevention. For most of our clients, when they first start working with us, they haven’t spent significant time thinking about the “what ifs” related to the possibility of a hacker attacking them or their systems. We have though. But that extensive anxiety over what could happen is easily transformed into action when we explore how to prevent this issue from occurring at all. 

When we work with clients about protective measures to put in place we first want to understand what has been done in the past, if anything. We discuss if they have considered cyber insurance or have a policy in place. Often, cyber insurance will require that a cyber policy is in place that outlines what would happen in the instance of a breach. This policy is something that can evolve over time but the process of putting together such a policy can open up great dialogue with organization leaders to ensure the risks, prevention mechanisms and also communication plans are in place. 

In addition to discussions and policies, there are tactical items that our team will recommend for clients that protect the organization. These can include implementing multi-factor authentication on any and all credentialed systems. It can also include setting up alerts and notifications on your systems so that our team can be aware of any attempted hacks in real-time.


If the unfortunate situation arises where a hacker has intruded on your systems, you’ll need mechanisms in place to identify, react and communicate to your respective audiences. As our clients’ MSP, we have invested in systems such as Huntress or M365 audit logging, to monitor all systems 24/7. The alerts that we have for our clients ensure that if something has gone astray, we will know about it immediately and can more quickly work to rectify the situation. In addition to monitoring tools, your MSP may also be monitoring email rules that are setup as hackers sometimes will hack into your email system, setup rules to divert incoming emails to other locations and will use this information to produce new intelligent emails about your partnerships and business dealings. 

If such an event does occur where an active breach is occurring, your MSP partner should be fully available and dedicated to resolving the situation. For Firefly, we provided a dedicated resource from the moment we discover an issue until it is resolved. After the issue identification, this team member will immediately reach out to the client in real-time to discuss next steps. We will provide guidance on the issue but ideally, the cyber policy is in place to reference as well. 

Our team member will guide the client on whatever protocols are necessary given the type of breach that has occurred. This could mean forced password changes or removal of email rules if they were intact depending on the type of attack that has occurred. 

In addition to triaging immediate needs to prevent deeper intrusion, it is imperative to understand how this occurred to make sure the systems are once again secure. This could involve working backwards from the evidence to piece together how the hacker was successful in their attempt. Depending on your cyber insurance policy, a forensic IT firm could be engaged in the investigation, and sometimes local officials or even the FBI. Your MSP partner is likely involved in those discussions providing any applicable details that could be helpful. 

Lastly, your MSP could also prompt you about communication needs. Depending on your business and the type and extent of the security breach you might need to communicate with your employees, clients or partners. For instance, if you are in the medical industry and a data breach occurs, there could be a HIPPA violation from the breach or if you are a financial institution, your constituents might need to know immediately if their financial information was compromised. 


After the immediate threat is resolved and communicated, a last critical step is to debrief on the security breach. Working with your MSP on what happened, what could be done to mitigate this risk in the future and modifying your cyber policy accordingly are important for growth and prevention moving forward. Your MSP could also recommend additional employee training or specifics around how to more fully secure your data and systems. 

In Conclusion

Remember that your MSP is your partner and while we can’t guarantee you’ll never have a breach, we can guarantee that we will be there with you the entire way, consistently finding new ways to protect your business.

Author avatar
Adam Jones