Being a successful MSP isn’t just about solving technical problems—it’s about building trust. And nothing destroys that trust faster than a data breach that exposes your clients. Insurance carriers call it aggregation risk. Why? Because as an MSP, you are the gateway to every one of your clients’ networks. A slip-up on your end doesn’t just open one door—it opens hundreds.
That’s why insurance carriers are more cautious than ever when it comes to underwriting policies for MSPs. A single breach on your RMM (Remote Monitoring and Management) tool could mean mass exposure, and suddenly, that $1M cyber policy is just a drop in the bucket. But it’s not just about insurance; it’s about your reputation. Clients don’t forgive easily when their data is compromised.
Here are 5 things you absolutely need to do to keep the lights on—and maybe even put some dollars back in your pocket.
1. Lock Down Your Vault (aka RMM)
Think of your RMM as the vault that protects your crown jewels—your clients’ most sensitive data, credentials, and critical infrastructure. It’s where all the sensitive stuff lives. If you wouldn’t leave the bank vault open overnight, you shouldn’t leave your RMM without serious controls. Whitelisted IP addresses only—no exceptions. And yes, that means you can’t log in from the beach in Cancun. Sorry, not sorry.
2. One Key, One Person
Remember how everyone used to share that one admin password? Yeah, those days are gone. Each tech gets their own unique access, no master key nonsense. If someone’s going in the vault, you want to know exactly who it is, and what they took. Think of it like signing into the guestbook at Fort Knox—no one gets through without a record.
3. Approved Scripts Only
Scripts are like VIP access cards; they can do a lot of damage if they’re not the right ones. Only pre-approved scripts should be allowed to execute. If it’s not on the list, it’s not getting in. It’s that simple. You wouldn’t let a stranger walk into your vault just because they have a clipboard—same rules apply here.
4. Role-Based Access Control (RBAC): Not Everyone Gets the Vault Code
Just because you work at the bank doesn’t mean you get to open the vault. Your Level 1 techs should not have admin access, period. Set role-based permissions so that only the right people get the right access. The intern waters the plants; they don’t get the safe combination.
5. Protect Your Reputation (And Your Wallet)
It’s not just about keeping things locked up—it’s about keeping your business alive. Your reputation is everything in the MSP world. One breach can set you back years in trust and more in lost revenue. But here’s the good news: Insurance carriers love a well-locked vault. Show them your controls are tight, and you might just save some cash on those premium renewals. That’s money back in your pocket and a bit of extra padding to keep growing.
The Bottom Line
Keeping your crown jewels locked up in the MSP world isn’t just about avoiding risk—it’s about building a fortress that protects your clients, your reputation, and your bottom line. Follow these five steps, and you’re not just locking the vault; you’re fortifying it. And that’s how you keep the doors open and the dollars rolling in.