4. Know How You're Going to Respond In A Worst-Case Scenario

Lehr urged MSPs to prepare a comprehensive incident response plan in advance, addressing who on the team responds to an attack and what information needs to be retained afterwards.

"Do it ahead of time," Lehr said. "Don't be in a situation where you have to develop one under the gun."

And in the event one of Hinrichsen's clients is successfully breached, he said Wulf Consulting will do a root-cause analysis, which will inform future security response plans.