LastPass HACK: How to communicate it to your clients

LastPass Hack How to communicate it to your clients

It keeps getting worse for LastPass, doesn’t it?

We can confirm that any password stored on LastPass should be considered public knowledge as the company has now disclosed several incidents that have allowed a malicious actor to access highly sensitive customer account data during a coordinated campaign.

Using information stolen in an initial breach in August 2022 and a keylogger on a lead engineer’s home computer, a threat actor now has access to multiple LastPass resources.

According to LastPass representatives, “The threat actor targeted one of the four DevOps engineers who had access to the decryption keys needed to access the cloud storage service. The threat actor captured the employee’s master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer’s LastPass corporate vault.”

Essentially, this means that every single password vault on LastPass is now free for the taking.

So, from a marketing perspective, what can you do to ensure your current clients are protected and that you are in the best position to secure more business?

As security professionals and the trusted advisor to many companies, your job is to make sure clients (and prospects looking for guidance on the matter) are aware of the risks. Below are a few steps you should take to communicate with your clients effectively and help those looking for a proactive cyber security team.

Step 1: Write a blog.

Blogs are a great way to provide timely information to your clients. Use the timeliness of this event to share recommended steps to resolve the LastPass issue, advise on alternative solutions, and offer up a 5-step plan to prevent a similar incident in the future.

By writing a blog post that contains recommendations and advice on how to resolve the issue and prevent similar incidents, you can show your clients (and prospects) that you have the expertise to help them. This will also provide further education and awareness of security risks.

Step 2: Nurture them with an email sequence.

Regularly engaging with your clients is a great way to build trust. Send out an email sequence that provides more in-depth information on the LastPass incident and how you can help them protect their data. Over a series of emails, you can better nurture them through the event while providing them with easy-to-access, actionable advice delivered right to their inbox.

A nurture email sequence will ensure that your clients are aware of the risks, understand the importance of data security and have access to resources they can leverage to protect their data.

Here is an email sequence to get you started (and don’t forget to link the emails back to your blog article!):

Email 1: Set the scene.

In this email, explain the LastPass incident, why it’s important, and how it can affect them even if they don’t use LastPass. These days, around 25% of people globally use password managers, and while this may not seem like many, there are 8 billion people in this world, so it ends up being a lot of people.

Password managers are a great solution for managing passwords, but it’s important to understand the risks associated with using them.

Email 2: Offer ways to mitigate the risks.

Here is your chance to further gain trust by showcasing your knowledge and expertise. Offer advice on how to mitigate the risks associated with using password managers. This could include:

By providing clients (and prospects) with actionable steps they can take to protect their data, you can help them feel more secure and confident in their security practices.

Email 3: Suggest alternatives.

Your clients and potential clients are not looking for a hard sell, but what they are looking for is solid advice from professionals that know more than they do. Suggest some alternative password managers, or if you have a partnership with LastPass, offer up complementary ways they can ensure protection.

By providing clients with more options, you can further build trust and demonstrate your commitment to helping them protect their data.

Email 4: Share with them how they will know if it affects their business.

It’s important for clients to know what to look for if the incident does affect their business. Explain the signs they should watch out for, such as phishing attempts, strange activity on their accounts, or unauthorised access. Explain how they can take proactive steps to further protect themselves.

Remind them that they can always reach out to you if they have any questions or concerns. Providing clients with a clear plan of action can help to put them at ease and make them feel more secure which can help to build trust and loyalty in your skills and services.

Email 5: Encourage them to act and make an offer they can't refuse.

Everyone loves a good offer, so why not make one? Offer a free security audit or if they are looking at moving away from LastPass, offer a migration plan or other service to help them with the transition.

By offering them a “no-brainer” deal, you can encourage them to act and build trust in your services. This is also a great way to show that you are looking out for their best interests and care about the security of their business.

Step 3: Leverage social media channels.

Social media is a great way to spread the word and reach new audiences. Share your advice on how to protect data and accounts, as well as any offers you have made, across your social media channels. Be sure to include a link back to your website or blog post so people can find more detailed information.

Encourage followers to share the information with their own networks and use hashtags related to data protection or cybersecurity in order to reach more people. This is an effective way of spreading the message and helping people feel more secure in their practices.

Keep calm and communicate effectively!

While cybersecurity events like this can be a source of stress and confusion for clients, it is also a great opportunity to demonstrate your expertise and show that you are the right partner for their IT needs. So, whether you are a fully certified MSSP or a simple MSP with no security offering, be sure to use this opportunity to communicate effectively, help your clients, and grow your business.

If you need more quality tips to help you navigate communications with your clients and target audience, get in touch with the team at LeftLeads today! We can help you leverage the right channels and the right strategy to ensure your success!

Goodbye LeftLeads, Hello Opollo!

We've rebranded to Opollo, bringing you bigger, better, and bolder digital marketing solutions. Discover the future of IT marketing!