How to train MSP employees on cybersecurity
Cybersecurity services are a growing area of opportunity for many MSPs. Small to midsize businesses (SMBs) alike are looking for increased cybersecurity support, especially during this era of increased remote work. In fact, our 2020 ConnectWise State of SMB Cybersecurity report found that 73 percent of SMBs planned to invest in cybersecurity either “more” or “much more” over the next 12 months.
While many MSPs want to meet demand for cybersecurity services, becoming fluent in cybersecurity can seem daunting. There are many new terms, regulations, and technologies to consider, and your existing staff may not have experience or background in cybersecurity.
At ConnectWise, we call MSPs who offer essential cybersecurity services alongside their core IT services an MSP+. To transition to the MSP+ model, MSPs will need to offer cybersecurity training and education to technicians. Training your technicians in cybersecurity has many benefits. With the ability to offer more services, you can scale your MSP business in 2021. And by investing in employees’ career growth, you create a great MSP culture and career path internally.
In this post, we share resources and approaches that MSPs can use to train employees on cybersecurity.
Send employees to educational events
Industry events are some the best places to start an educational cybersecurity journey. Spend some time looking for conferences and other educational events that can deliver value to your MSP business and employees. Then select a few of your employees who have indicated interest in cybersecurity, and invest in sending them to attend industry events.
What are the best cybersecurity events for MSPs? While there are many cybersecurity resources out there that help inform and educate the business world about the daily threats we're all vulnerable to, it can be difficult to find resources dedicated to the MSP perspective. That's why ConnectWise started IT Nation Secure. It's an industry-specific community geared towards helping MSPs put cybersecurity first. For events that are not specifically designed for MSPs, we suggest looking through the agendas to determine whether the event will deliver value for your employees’ knowledge or your suite of services.
Regardless, whether it’s a multi-day conference, a day-long seminar, or a quick webinar, industry events offer an entrypoint to employees. And to extend the reach of the conference, consider having employees take notes and making a small presentation on their key learnings to the team. They can become internal cybersecurity experts and evangelists within your own MSP business by sharing what they’ve learned with the company.
Sponsor training programs & certifications
There are a number of cybersecurity training programs and technical certifications available.
Various industry groups and leading vendors offer certifications.
For example, SANS is a highly-respected security organization that provides a wide range of courses, conferences, and certifictications. In addition, CompTIA offers the CompTIA Security+ certification, and the IAPP offers the Certified Information Privacy Technologist (CIPT) certificate.
Meanwhile, big-name vendors like Cisco and Microsoft offer a range of certifications that focus on different areas of expertise and at various levels of experience. At ConnectWise, we created the IT Nation Certify cybersecurity and certification program, designed specifically to help MSPs get up-to-speed on cybersecurity matters.
Look for vendor support & resources
Don’t forget that you’re not alone in this. Look to the vendors you already work with for resources and support to educate your team. More often than not, they’ve probably heard these questions from others, and they may have materials to help.
For example, at ConnectWise, we created a suite of resources to help our MSP customers ramp up on cybersecurity. As mentioned above, we created our conference, IT Nation Secure for business owners and leaders committed to increasing their cybersecurity services and knowledge. Owners and MSP employees can meet like-minded professionals, earn certifications, and learn about key topics in cybersecurity to help them on their MSP+ journey.
We’ve also developed a cybersecurity starter kit, an MSP+ playbook, and a cybersecurity certification to support your growth and expansion.
Stay up to date on cybersecurity news
Knowledge is power, and publications are full of insights and information. And in a field where things evolve as rapidly as cybersecurity, keeping an eye on the headlines is crucial. Providing access to cybersecurity news and trends is a great way to ensure your employees are up-to-date on all things cybersecurity. Select a few top publications, and purchase subscriptions for all your employees. Ensure everyone is subscribed to the morning newsletters, and encourage them to check the news as part of their morning coffee ritual—it’s a big advantage to proactively flag breaking news, new security risks or hacks, and areas of concern to customers.
Some popular cybersecurity publications include:
Many publications and companies also offer free or paid webinars. These can be a useful way to learn and network in the cybersecurity field.
Offering cybersecurity services in 2021
2021 will be a big year for MSPs who offer cybersecurity services. As more people work remotely and companies adopt virtual and hybrid models of work, security concerns will only grow. By investing in employee education and training, MSPs can scale up their cybersecurity services and make both employees and customers happy—a win/win.