Security Awareness Training for MSPs
Interactive simulations for MSP technicians, help desks, and the client workforces you protect. Phishing for RMM and PSA credentials, ransomware response, vendor-impersonation vishing, and tech-support scams calibrated for the blast radius MSPs carry.
Why MSPs Carry the Largest Blast Radius in Cyber
MSPs sit at the most attractive choke point in the cyber ecosystem. One phished RMM credential, one Approve tap on an MFA push, or one help-desk technician who hands a session token to a vishing caller can compromise hundreds of client tenants at once. The 2021 Kaseya VSA incident hit roughly 1,500 downstream businesses through a single vendor footprint, and CISA continues to publish MSP-specific advisories warning that this pattern is not slowing down.
CIS Controls 4.4 already calls for security awareness training, and the CMMC 2.0 program codifies it for MSPs supporting US government contractors. Cyber-insurance carriers now ask for evidence of training before binding policies, and most enterprise clients flow SOC 2 or ISO 27001 expectations down the supply chain. Annual click-through compliance videos no longer satisfy the underwriters or the auditors.
RansomLeak delivers training that the MSP technicians use themselves and the same training they push to their clients. Interactive 3D simulations rehearse the decisions that protect the entire book of business: refusing an unsolicited MFA push at 3am, verifying out-of-band before a vendor-impersonation caller talks a help-desk into a password reset, and recognizing a ransomware foothold before it propagates from one client to all of them.
MSP-Specific Threat Patterns
Ransomware via RMM and PSA tools
Kaseya VSA, ConnectWise, NinjaOne, and similar platforms are persistent ransomware vectors. A single phished credential or compromised vendor update propagates to every client tenant. Training rehearses the discipline that keeps the keys out of attacker hands.
Vendor-impersonation vishing on the help desk
Attackers call MSP help desks pretending to be the client IT director, a Microsoft account manager, or a backup vendor. A single password reset or session token grants access. Help-desk staff need scripted verification patterns and the authority to refuse.
Tech-support scams against client end users
Client end users receive fake popups, callback numbers, and remote-access prompts. The MSP gets the call when the user has already granted control. Training the client base reduces incident volume and protects the MSP relationship.
BEC against MSP and client finance teams
MSP finance handles client invoices, vendor payments, and payroll across the book. BEC fraud targets the MSP, the client, or both at the same time, often via lookalike domains or compromised mailboxes.
Supply-chain compromise via trusted tools
Backup vendors, monitoring tools, and update channels carry implicit trust. Workforce training reduces the chance that a poisoned update or compromised vendor portal lands deeper into the stack.
Compliance Frameworks This Page Covers
Mapping to the regulations that drive most msps buying decisions.
CIS Controls v8
CIS Control 4.4 (security awareness and skills training) is the baseline cyber-insurance carriers and clients reference. Coverage maps to phishing, social engineering, secure use of authenticators, and incident reporting.
CMMC 2.0
MSPs supporting US Department of Defense contractors must meet Cybersecurity Maturity Model Certification practices. Awareness training is required at every level, with documented evidence for assessor review.
SOC 2 Type II and ISO 27001
Most enterprise clients flow SOC 2 CC1.4 and ISO 27001 A.7.2.2 expectations into MSP contracts. Audit evidence has to cover MSP staff and frequently the client workforce being managed.
Read the articleIRS Pub 4557 and HIPAA BAA
MSPs serving tax practitioners must align with IRS Publication 4557 (Safeguarding Taxpayer Data). Healthcare-supporting MSPs sign Business Associate Agreements and inherit HIPAA training expectations.
Read the articleCyber-insurance carrier requirements
Coalition, At-Bay, Beazley, and other carriers now require evidence of security awareness training before binding or renewing MSP policies. Per-employee completion records are the most-requested artifact.
Featured Exercises for MSPs
Pulled from the 100+ exercise catalogue, prioritized for this industry.
Phishing Email Detection
RMM, PSA, backup, and Microsoft 365 admin credentials are the highest-value phishing targets in the MSP ecosystem. This is the foundational exercise.
Read the guideRansomware First-Hour Response
MSP ransomware events propagate fast. The exercise rehearses containment, escalation across the client portfolio, and what NOT to do during the first hour.
Read the guideVishing (Voice Phishing)
Help desks are vishing magnets. Practice covers vendor impersonation, urgency pressure, and refusing credential disclosure on the phone.
Read the guideTech Support Scam Recognition
Both MSP techs and client end users encounter fake-popup callbacks. Reduces incident volume by training the client base on what a real callback looks like.
Read the guideBusiness Email Compromise
Tailored for MSP finance and operations and for client finance teams the MSP supports. Covers wire fraud, vendor change requests, and lookalike-domain detection.
Read the guideMFA Setup and Push Fatigue
Push-bombing against MSP technicians is now standard tradecraft. The discipline of refusing unsolicited prompts protects every downstream tenant.
Read the guideThreats this program covers
Read the pillar guide for each attack type and the exercises that train against it.
Frequently Asked Questions
Does RansomLeak training satisfy CIS Controls 4.4 and CMMC 2.0?
Can we resell or white-label this for our clients?
How does this help with cyber-insurance renewals?
Does it integrate with our PSA and RMM stack?
How do you cover help-desk and tech-side scenarios?
How often should MSP staff and clients run training?
What does this look like for clients in regulated industries?
References
Primary sources cited above.
- AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers — CISA, NSA, FBI, NCSC-UK, ACSC, CCCS, NCSC-NZ
- Stop Ransomware: Guidance for MSPs and Small- and Mid-sized Businesses — CISA
- NIST SP 800-161 Rev. 1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations — NIST
- CIS Controls v8 (Control 4.4: Security Awareness and Skills Training) — Center for Internet Security
- SOC 2 Trust Services Criteria (CC1.4 Training Requirement) — AICPA
- CompTIA Cybersecurity Trustmark — CompTIA
- Sophos State of Ransomware Report — Sophos
Related Reading
See RansomLeak in Action
Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.