Scott Riley has worked with MSPs for over six years, helping them tighten up their security practices and take real control of their 365 tenancies. In this episode, be prepared for the shift in mindset that Scott encourages. The idea that you are too small or not interesting enough to be a target is no longer valid. The reality is that attackers are not selective. They cast a wide net. If your MSP gets breached, the damage can extend far beyond email. Your PSA, RMM, partner centre, licence platforms, password vaults, and all client environments are at risk. 

Scott Riley explains that token theft is one of the most common attack methods in play right now. A stolen login token can allow someone to log in as you without being challenged. If your global admin account is tied to your day-to-day login, the attacker has immediate access to your critical systems. Many MSPs still store MFA tokens inside password managers alongside usernames and passwords. It might seem convenient, but it undermines the whole point of multi-factor authentication. 

We explore the emotional and financial consequences of a breach. Scott shares a real-life case where criminals sat silently inside a business email system, watching communication styles and eventually mimicking the MD’s tone to authorise fraudulent payments. The losses started small but escalated quickly. These attacks are personal and targeted. For a small business, losing six thousand pounds can be the difference between making payroll and laying people off. 

Scott stresses the importance of making this real for clients. He talks about positioning cybersecurity not as a technical need but as a business-critical risk conversation. Instead of relying on fear or jargon, help clients picture the consequences. What would happen if they were locked out of systems, lost money, or lost their reputation? Clients need to be educated through impact-based questions and examples they can relate to. 

We also cover the responsibility that MSPs carry themselves. Cybersecurity starts with you. It must be owned by the business and led from the top. While the technical work can be delegated, the responsibility cannot be passed on. Regular reviews, clear security standards, and the discipline to follow them are essential. Inside Agent, Scott’s platform, helps MSPs quickly assess their Microsoft 365 environments and bring them up to best practice. It gives a live compliance score, offers guided fixes, and creates ongoing visibility. It is designed to simplify the process, not complicate it. 

We discuss why compliance frameworks such as Cyber Essentials Plus should be a minimum standard, and how the upcoming UK Cybersecurity and Resilience Bill is going to push MSPs to meet new legal requirements. With MSPs being seen as part of critical national infrastructure, business owners need to ensure that their internal environments are secure and compliant, not just their clients’ systems. 

Scott Riley shares clear recommendations for securing 365 tenants. These include using hardware MFA tokens, enforcing location and device-based access policies, reviewing and removing unused app integrations, ensuring third parties such as accountants or offshore VAs have the right restrictions in place, and stopping the use of global admin accounts for daily operations. He encourages every MSP to sit with their team regularly and walk through breach scenarios to build internal clarity and confidence. 

The message is simple. Know where you are exposed. Fix what needs to be fixed. Get independent validation to confirm it. This episode is full of practical, plain-speaking advice that any MSP can follow. Scott Riley brings clarity, urgency, and support to an area that often gets ignored or pushed to the bottom of the list. If you want to protect your business, your team, and your clients, this episode is the reminder you need to act today. Thank you, Scott, for bringing such clear value to this conversation. 

Connect with Scott Riley on his LinkedIn profile by clicking HERE. Or you can also find out more about Inside Agent by clicking HERE. 

Make sure to check out our Ultimate MSP Growth Guide HERE, and remember that the help is out there. You just have to go get it.   

Connect on LinkedIn HERE with Ian and also with Stuart by clicking this LINK 

And when you’re ready to take the next step in growing your MSP, come and take the Scale with Confidence MSP Mastery Quiz. In just three minutes, you’ll get a 360-degree scan of your MSP and identify the one or two tactics that could help you find more time, engage & align your people, and generate more leads. 

OR  

To join our amazing Facebook Group of over 400 MSPs where we are helping you Scale Up with Confidence, then click HERE 

Until next time, look after yourself, and I’ll catch up with you soon!