Navigating Through Crisis: A Modern Approach for MSPs

By

Picture this: your key client’s company is thrust into a crisis, their systems are down, and the media is swarming like bees to honey. As a Managed Services Provider (MSP), ensuring business continuity in tumultuous times is not just a goal; it’s a commitment. Whether you’re addressing a local hiccup or an international debacle, the actions you take in those critical moments can shape your brand and your customers’ resilience. Let’s delve into how as we guide you as an MSP through these challenges also with a focus on business continuity. This article is a reminder to MSPs that you are not only managing their IT infrastructure, but also their brand.

In the digital age, speed is paramount, and the “golden hour” (identified by Rob Shimmin of Ogilvy PR Worldwide, referencing wounded soldiers in World War II who were likely to bleed to death if not treated in the first hour) is now more like the “golden minutes.” Consistency in messaging is your first line of defence. Your team, plus the appropriate client spokesperson, must be in sync to prevent any chinks in the armour. In the age of instant information, losing control of the narrative even for a moment can be detrimental.

When the storm hits, your clients (and their clients) want answers to three critical questions: What happened, how are we fixing it, and how can we prevent a recurrence? Our suggested approach aligns with the fundamental principles of crisis communication: transparency, comprehensiveness, and speed. Embracing honesty, even when it means admitting fault, is the path to earning forgiveness and trust.

Crisis Communication Checklist

Here is a checklist as an MSP you might want to include in your client crisis and business continuity playbook beyond the technical. If something goes seriously wrong with one of your clients, these 10 tips will help to prevent a full blown PR catastrophe.

  1. Develop a simple message – reduce it to no more than four points.
  2. Respond to all questions based on specific message points.
  3. Be upfront, honest, and trustworthy.
  4. Prioritise speed in information dissemination.
  5. Show empathy; avoid robotic responses. If offering compensation, make it relevant to the situation, not just the legal bare minimum.
  6. Accept responsibility, even if the crisis isn’t entirely your fault.
  7. Follow Machiavelli’s advice: deliver bad news all at once.
  8. Explain how or when the problem will be solved.
  9. Detail steps to avoid a repeat of the problem.
  10. Protect employees and customers.

Optus Incidents

Another golden rule, learn from past mistakes and improve systems and processes including crisis management. Any effective internal review of Optus’s earlier cybersecurity crisis should have resulted in better messaging and handling of the recent national internet and telephony outage. Optus’s response to this incident has been widely criticised and it appears they had learnt little or updated their crisis management procedures from the previous hack incident. Optus customer’s (and the media) jumped to the immediate but wrong conclusion that it was another hack in the absence of any official Optus statement, bringing back painful memories for many customers.

Transparency is key, and deflecting attention or worse not adequately addressing the core issues can be extremely detrimental. The public cares about the impact on themselves, their business, employees and stakeholders, not personal woes of executives.

Unfortunately, this incident and how it was handled has now led to the resignation of the CEO Kelly Bayer Rosmarin. The likely ongoing consequences of this incident will be a continuation of the multiple government enquiries, further brand reputational damage, customer backlash around inadequate “compensation”, and potential government intervention with additional regulations and associated costs from the fallout of the first Senate enquiry. All of these are likely to result in potential customer churn and slower rates of new customer growth for several years. There is no doubt this will have a lasting financial impact.

Business Continuity Planning (BCP)

The recent Optus outage was a salient reminder of having a realistic business continuity conversation with your clients. For many Optus clients it appears they had no “Plan B internet connection”, or suitable redundancy and consequently were unable to transact or communicate with their customers.

With BCP currently front of mind for many businesses, now would be a great opportunity to have this discussion with your clients’ senior managers and add value by being proactive. While there are many different approaches to BCP, use this quick check list as a starting point to work out what is the right plan for you and your clients.

  • Identifying risks and potential business impact. What is “acceptable”
  • Planning an effective response. Documented “Fire Drill”
  • Roles and responsibilities. For you and your clients
  • Communication. As per the crisis management plan
  • Testing and training. No point having a plan if it doesn’t work!

How to do it: Johnson & Johnson (and 19 others)

In the realm of crisis management, few cases have become as synonymous with effective handling as the Tylenol crisis faced by Johnson & Johnson. This incident, where seven lives were tragically lost with cyanide-laced Tylenol (paracetamol) capsules due to malicious packaging tampering in 1982 serves as a beacon of crisis management excellence. Within hours of learning about the poisoning cases, the company had halted advertising, sent nearly half a million messages to healthcare facilities, issued a nationwide recall of all Tylenol products – approximately 31 million bottles – and offered refunds for returned products. They also assumed full responsibility for the crisis, shouldering the burden rather than deflecting blame.

What’s most interesting about this case is that, post-incident, Johnson & Johnson introduced tamper-evident packaging and tamper-resistant caps, which became the new industry standards. Within a year, Tylenol’s sales rebounded to its healthy past and it became, once again, the leading over-the-counter pain reliever.

Since then, the world has changed with the speed and breadth of communication, in particular, through social media. And while J&J stands out as an extremely valuable case study in its day, there have been many others who have leveraged the tools of the time to handle their own personal crises… KFC, Slack, Southwest Airlines and Nike, just to name a few. You can see a summary of their strategies and outcomes here.

Conclusion

For MSPs and MSSP’s it’s not just understanding the technical issues of how to handle an operational crisis or a network or security incident. It is also working with the company executives and media spokespeople using the 10 points above as the situation unfolds to minimise your client’s corporate, business, and reputational brand damage, while potentially enhancing your own by being a valued and trusted partner.

In today’s social media and information saturated world, crisis management requires adaptability, transparency, and a commitment to rebuilding trust. Learn from past mistakes, leverage modern communication channels, and prioritise swift, honest responses so all parties can emerge stronger from the storm.