MSP 1337 | Cybersecurity Education & Security Guidance

When you travel, especially when you fly, you see the statement plastered everywhere, "If you see something say something." You are told not to watch someone else's bags etc.  Well, when it comes to cybersecurity is it really any different? Eric Hanson and I go through an exercise that looks at this concept applied to cybersecurity.  Inconvenience, obstacles, or other anomalies if ignored allow us to continue to be efficient and get our jobs done.  How do we balance and appropriately call out concerns or red flags while still doing our jobs?

I have often wondered if we tend to lean towards insurance instead of doing a better job of prevention and protection because it just costs too much.  I sit down with Ismael (Izzy) Amado of IT Ninjas to prove how affordable much of cybersecurity really is.  Culture change is hard but at the root of cybersecurity, success is people and process.  If you are struggling with getting clients or your own employees to take cybersecurity seriously then this episode might just help you push through.

With insurance renewals coming for many school districts in July are you able to satisfy the questionnaires?  There might be a few curveballs in this conversation. I sit down with Corey Munson of PC Matic to talk about some of the changes that are happening in the space. New requirements that now include specific vendors.  New vendors to choose from, limit caps, etc. are all impacting the ability of Tech Directors to successfully answer all the questions.

Ever had a client say, "I thought you were already doing that?" I recently had a challenge with a vendor product that I had provided an audit for the client to check the security controls and ensure the client had it optimized.  The questions I ask Jim Harryman of Kinetic Technology Group are all around how to clearly understand what we are responsible for whether it is with our vendors or clients.

What should we talk about this week? I have been back and forth with topics recently that involve getting started with cybersecurity and have moved into vendor management and other areas of focus that all revolve around one key theme... Reducing risks and protecting ourselves and our clients.  Join me as I discuss with Charles Love of Showtech Solutions, configurations and implementation of products and services.  Where does the responsibility of vendor stop and MSP responsibilities kick in.  What is an appropriately secured implementation of O365 or really any product or service that your clients need and you have been tasked with implementing and managing.  We don't go down any rabbit holes on this one!

We don't know what will happen tomorrow or the next day.  We do however have responsibilities to our clients and our employees and there are things we can do to plan for events that we don't have control over.  Join me with Steve Alexander of MSP-Ignite as we discuss how to plan so we don't end up in the knee-jerk scenario that so often is the first response.

As MSPs you are all dealing with managing or providing support services that involve working with 3rd party vendors.  In this coversation Eric Hanson and I discuss the challenges of vendors where those who have authority to make decisions on critical infrastructure leave or are no longer in the role that would required them to manage that vendor relationship.  This is not a new topic but is often an avoided topic as it pertains to MSPs working with Internet, cell phone and other vendors in supporting their clients. 

Endless topics to discuss and yet we still find ourselves talking about many of the foundational things we should all be doing in our businesses.  We can only be accountable for our own actions regardless of the decisions of our vendors or our peers.  Who are the vendors I work with today and what happens if they are gone tomorrow? This and many other questions are discussed with Jim Harryman of Kinetic Technology Group.  As we evaluate our vendors and the services we offer we discuss having a predefined plan that takes into account levels of urgency.  In our case, we use the Defcon threat levels, and whatever model you use we are pretty confident that there really is a sit back and relax for any of the vendors we use for service delivery.

We all struggle with different areas of cybersecurity and there is no perfect solution.  That being said we shouldn't get paralysis analysis either, it isn't new and it isn't going away.  Most of us started implementing cybersecurity tools and services long before MSSPs existed and have in many cases satisfying controls of the different frameworks anywhere from 10% to 60% and didn't even know it.  Join Jim Harryman of Kinetic Technology Group as we navigate areas in which MSPs can continue to improve their cybersecurity maturity.

The conversations and requests coming from MSPs is still about how to get started.  Hopefully, this conversation will help you find your path.  Join me as Charles Love and I navigate the getting started in Cybersecurity.  Even if you have already started down the path of improving your cybersecurity posture there is always room to improve.