client-onboarding-securityWhat might not have been that important a couple of years ago or even a year ago might be on top of mind today.

In the current era where clients are most definitely paying attention. Especially during transitional periods with your clients—including onboarding new clients—they will be keeping an eye on progress from a cybersecurity perspective.

If you aren’t communicating how you’re adding or improving their security posture, your relationship with them might be off to a rocky start.

Communicating updates to your clients when you perform onboarding projects will be crucial to keeping them engaged and making the right decisions towards becoming more secure. If you aren’t giving updates and explaining their security status in terms of risks they understand, you might be creating an irreparable wedge within your business relationship. Let me tell you, that mistrust is extremely difficult to repair.

Today I want to walk through three specific security items your client will be anxiously thinking about during your onboarding process.

Their PII

One of the biggest issues within all SMBs today is that no one understands exactly where their sensitive information is located. Most organizations have little inventory of where important documents are located. And most have no idea how to track down information drift. This is especially true when it comes to personally identifiable information (PII).

Maybe HR had payroll information on their machine, perhaps team members downloaded their insurance information or W2s in their download folder, maybe some business information was mistakenly saved within OneDrive. Wherever the information ended, your clients—especially new ones—probably have information drift all over their network.

If you are able to report out some big problem areas by shining a light on specific issues and help come up with a plan on how to remediate the problem by providing your client with an easy way to either delete or secure sensitive files, you will be able to report that if a hacker were to get on their system, they wouldn’t be able to get their sticky fingers on exploitable information.

You will make them confident that you have their best interest in hand and are taking action to secure them in ways previous support teams were not capable doing.

I would strongly recommend that you start your engagement with new clients by running a penetration test on their network, then following up at the end of your initial onboarding project to show that information drift has been dramatically reduced on your watch.

Security Alerts

Your new client will expect you to be on top of monitoring their system for anything suspicious. If something funny is happening on their network, they’d expect you to see the issue and have a remediation plan. On very clear example of this would be the Alterra exploit recently hitting MSP networks.

By giving your new client an understanding of a high level of the type of issues you are actively monitoring for them, they will understand that you are consistently making sure their systems are running. By educating them that security is on-going and always changing, you will help them understand that they can’t be content simply with a perceived one golden bullet solution to every security problem.

As you start showing them information on alerting, you are giving them a high-level understanding that security is changing and that you are monitoring and making recommendations based on the latest information, both from their network along with your entire client base.

Data Backups

When I was running my MSP, backups were probably the biggest ways to spoil a good relationship. If our client had an incident and needed a file recovered and my team took too long or couldn’t guarantee that file’s recovery, it was a huge deal.

What I learned while improving our backup processes is that reporting out backup status, showing tests of their backup system and holding my team accountable to a recovery time objective (the time at which it takes to recover a client environment), I was able to maintain a high level of trust with them. They understood that our team were on point in making sure recovery was possible.

Unless you communicate both expectations up front for recovery and a way to show that your backups are working, they might see your service completely as a black box and not appreciate you completely having their backs.

Bottom Line

Communicating your value to new clients will be in how you report out status updates. Unless you are shining light on major improvements on their security posture during onboarding, they will never be able to understand how you are different from the last guy they had.