Skip to main content

The big new security risk is public opinion

(Image credit: Image Credit: Wright Studio / Shutterstock)

We used to be able to say that a lie was able to travel halfway around the world while the truth was putting on its shoes. Not anymore. Thanks to social media, lies travel faster, are more pervasive, and shared more efficiently with a single click. The truth doesn’t even get close to putting one foot in a shoe before the lies have circled the world many times over. For businesses, this means that reputations can change in an instant.

This isn’t an entirely new phenomenon. In 2005, before the rise of social media, fast food outlet Wendy’s was sued by a customer who found a human finger in her chili. She was later jailed for fraud when it was discovered the finger had been planted, obtained from a family friend who had severed the digit in an industrial accident. The fact that it was a hoax doesn’t stop people remembering and sharing that Wendy’s chili once had an extra, unsavoury ingredient—the myth lives on, while the true facts are mostly forgotten.

Social media has taken this phenomenon and turbocharged it—it has the power to rapidly sway public opinion. This is a big consideration for MSPs, whose survival is often based on reputation.

An issue for MSPs

When an MSP seeks to manage its reputation, it’s important that it follows the same best practices that it would expect customers to. Handling online reviews is a good example. Platforms such as Facebook, Google, and Yelp are one of the main ways new customers assess a business before engaging with it. They are also one of the few ways that a frustrated customer can vent. If a customer feels let down and out of options, then they can call out their MSP online and feel some measure of satisfaction. They can also do so maliciously—with no real complaint but simply a desire to do damage to the business.

When this happens, it’s sensible to follow best practice. Faced with a bad review, always assume good faith unless there is evidence to the contrary. Pause, don’t respond immediately. Instead, investigate the issue in detail and find out what has gone wrong. Reach out to the customer and find out if the issue can be resolved. Always maintain professionalism. If necessary, apologise publicly and if the complaint has led to changes, make these clear.

Bad reviews are one thing, but a more targeted campaign should make an MSP pay more direct attention. Online disinformation campaigns tend to be part of something bigger— such as DDoS attacks and spear phishing—which are attempts to take websites down or steal data. Some vertical markets suffer from this problem more than most. The gaming industry, for example, is a prime candidate. A recently jailed hacker took down the servers for League of Legends, DotA 2 and as part of a harassment campaign aimed at a single Twitch streamer. This wasn’t collateral damage in the usual sense—unintended and regretted—but targeting of several businesses to inconvenience someone using these services. MSPs are a target for this type of attack, because they hold the crown jewels for their customers.

 By getting to the MSPs, hackers will get to a whole host of valuable assets because of the businesses that the MSP is responsible for protecting.

Community and churn

For the MSP, reputation is particularly important where related to security—a hack or attack can spiral. If an MSP is labelled ‘unreliable’, customers may quickly jump ship. In the very worst of cases, that MSP may be forced to shut up shop.

SolarWinds’ 2018 Trends in European Managed Services revealed that MSPs gain five new customers a month, but lose four. This unusually high churn rate stems from one major factor—and that is security. Customers can be easy going about levels of service from their MSP, but this level of tolerance flatlines in the event of a security breach.

Businesses view MSPs as extensions of their IT function and, therefore, expect strong responses to security incidents.

There’s a great opportunity here for MSPs to build a strong reputation around security—the kind that will not only build a reputation and drive new business, but also retain clients for the long term. On the contrary, MSPs can very quickly earn a bad reputation if they fail to effectively handle a security incident in the right way. What’s more, an MSP should know its limits—and where necessary, strike up a partnership with an MSSP (managed security service provider). They are more security focussed and literate and are on hand to support.

Also important is not just the retention of customers, but the creation of a community. This can be done offline or online, but what’s important is that customers get to know each other and their MSP and share their experiences and expertise. This community can be a valuable ally when a reputation is at risk—investing in a community means being rewarded with loyalty.

It’s clear that reputation can change in an instant. By equipping themselves with the right toolset, partners and processes to manage incidents, MSPs stand the best chance of keeping their own reputation under control–for long-term business success.

Tim Brown, VP, Security, SolarWinds MSP

Tim Brown is the VP of security architecture at SolarWinds.