What's every IT professional biggest fear? Telling the customer bad news that could lead to potential retaliation. We understand that you are busy with business continuity tasks like data backups, user account administration, security monitory, and responding to customer tickets.  As cyberattacks, become more prevalent it is important to proactively communicate about threats.  

As this article is being written, there have been multiple supply chain breaches from various products from FireEye and SolarWinds Orion. This article provides 3 email templates that show you how to communicate alerts and cybersecurity incidents with your customers.


1. Dodged a Cyber Bullet

Send this message to your client to alert them about cybersecurity news that does not apply or affect their organization.


 

Hello [FIRST NAME],

I am writing to inform you of a security incident that was recently reported in the news relating to the [APPLICATION / TOOL NAME] on [IDENTIFICATION DATE].

Once we became aware of the issue, we launched an investigation. Based on what we found, this incident does not likely to have had any impacts on you or [ORGANIZATION NAME].

We want you to know that we take this issue very seriously. We hope this information helps you to rest easy knowing that we take your security seriously.

If you have any questions, please feel free to raise a support request at [SUPPORT EMAIL ADDRESS] referencing ticket number.

Sincerely,
[YOUR NAME]
[YOUR TITLE]


2. Supply Chain (3rd Party) Remedy

Send this message when the cybersecurity incident does impact your clients.


 

Hello [FIRST NAME],

I am writing to inform you of a security incident that was recently reported in the news relating to the [APPLICATION / TOOL NAME]. The incident was identified by [SOURCE] on [IDENTIFICATION DATE].

Once we became aware of the issue, we launched an investigation. Based on what we found, we [REMEDIATION ACTIONS] to rectify the issue. We want you to know that we take this issue very seriously.

If you have any questions, please feel free to raise a support request at [SUPPORT EMAIL ADDRESS] referencing ticket number.

Sincerely,
[YOUR NAME]
[YOUR ROLE]


3. Apologize for the Exposure

Send this message when the client has been exposed to a cybersecurity incident.


 

Hello [FIRST NAME],

I am writing to inform you of a security incident that was recently brought to my attention about [APPLICATION / TOOL NAME]. The incident was identified by [SOURCE] on [IDENTIFICATION DATE]

Once we became aware of the issue, we launched an investigation. Based on what we found, we [REMEDIATION ACTIONS] to rectify the issue. We want you to know that we take this issue very seriously. Please accept our sincere apologies for any inconvenience this may have caused. We are conducting a thorough review of our internal processes to ensure this does not occur again for you or other customers.

If you have any questions, please feel free to raise a support request at [SUPPORT EMAIL ADDRESS] referencing ticket number.

Sincerely,
[YOUR NAME]
[YOUR ROLE]

We want to help you retain customers by building trust through open communication.  Communication is a form of security awareness. HacWare is providing the resources to help you combat the next generation of cybersecurity attacks.


HacWare measures risky cybersecurity behaviors and automates security education to help MSPs combat phishing attacks.

Learn more about HacWare at hacware.com. If you are a Managed Security Service provider (MSSP), we would love to automate your security education services, click here to learn more about our partner program.