“If you are contacting us about our website, please hang up. Our website was hacked. You were contacted by mistake.”
🧐
I was following up on a prospect who submitted to our contact form. I did not use the listed phone number from the submission. I went directly to the site. Why? Because the email felt off. That instinct was right.
Do you remember years ago when everyone started saying, “We can’t rely on word-of-mouth anymore,” and businesses made a major shift to focusing on SEO and marketing efforts?
We’re in a similar era, but the focus is, “I can’t leave my website unattended anymore. Security threats are too real.”
Have you noticed how many more hacks have happened in the last couple of years? Did you know that roughly 2 in 3 businesses worldwide reported at least one cyber incident in the last year?
If you’re not covering your bases, it’s not a matter of “if” but of “when” you’ll get hacked.
We’re in a similar era, but the focus is, “I can’t leave my website unattended anymore. Security threats are too real.”
Have you noticed how many more hacks have happened in the last couple of years? Did you know that roughly 2 in 3 businesses worldwide reported at least one cyber incident in the last year?
If you’re not covering your bases, it’s not a matter of “if” but of “when” you’ll get hacked.
MSPs – You’re also at risk.
Just for context, this wasn’t just any business. It was an IT company.
It is not a good look.
The very companies selling cybersecurity services are increasingly showing up with:
- Outdated WordPress installations
- Vulnerable plugins
- No web application firewall
- No MFA on admin logins
- Exposed contact forms
- No monitoring for defacement or malicious code
It is extremely easy for MSPs to put their web security on the back burner for a few reasons:
- They likely did a set-it-and-forget-it style build
- They don’t have firewalls or other security monitoring delivering to any board
- They don’t view themselves as a target
- They aren’t proactively monitoring their site
Your Website Is Part of Your Security Posture
When was the last time you checked:
- Your SSL certificate
- Your DNS records
- Your email authentication (SPF, DKIM, DMARC)
- Your site reputation
- Whether your domain has been spoofed
If you’re selling managed security, your website must reflect that same maturity.
The Overlooked Web Security Gaps I Keep Seeing
Across MSP websites, I regularly find:
🔎 Exposed admin panels
🔎 No brute-force protection
🔎 No MFA for CMS users
🔎 Unmonitored plugin updates
🔎 No vulnerability scanning
🔎 No dark web/domain monitoring
🔎 Missing DNS protections
🔎 No web backup validation
What’s Really At Stake With Web Vulnerabilities
Do you think that the company I tried to contact will recover? Likely, but not without a lot of the following:
- Lost trust
- Sales friction
- Competitive disadvantage
- Insurance complications
- Compliance exposure
Your website, DNS, email authentication, hosting environment, and domain reputation should be treated with the same rigor you recommend to clients.
If I can quickly spot vulnerabilities on an MSP’s website during casual prospecting… So can attackers.
Not sure where to start? Ask me.
Fair warning… I really can’t seem to shut up about it.
