MSP 1337 | Cybersecurity Education & Security Guidance

Now that we are in week two of the cybersecurity program we thought it would be helpful for MSPs to have something that they can map their program too.  I sit down with Jim Harryman of Kinetic Technology Group to discuss their journey to baseline security with SOC-2 and other frameworks that can help MSPs of all sizes be successful with their cybersecurity maturity journey.  Our goals are to give any MSP a level of confidence with supporting evidence of their cybersecurity maturity growth.

Paralysis Analysis are commonplace among MSPs, Businesses large and small when it comes to taking on Cybersecurity.  As we come off Cybersecurity awareness month we are tackling cybersecurity and incremental approach to implementing a cybersecurity program.  Join me as I discuss a where to start approach with Charles Love of Showtech Solutions.

After we talked about the pre/post-boom I thought we should cover the security services side of being an MSP.  Join me with Joshua Smith of Varonis as we talk about understanding what it is that we are trying to protect.  Do we understand the risks? Are we talking to the right stakeholders?  We are now in season two and just in time for the holidays... Do you know where your data is? Do you have the right tools in place? Thanks to our sponsor MSP-Ignite for making this episode and all of Cybersecurity month a reality!

What have you done to prepare for ransomware or other incidents that can cause repercussions that impact your business? Do you have a plan in place for post-boom or after an event has happened? This week I am joined again by Eric Hanson of Inland Productivity Solutions to discuss Protect and Detect. What are the tools and services in place for protecting yourself and your client?

Businesses come in all shapes and sizes, and when it comes to cybersecurity, there is no one size fits all.  I sit down with William Mulcahey of M6 Managed IT to discuss what it means as a smaller MSP.  Some good questions, and while not all of the questions necessarily have answers any of us want to hear, hopefully, it gives some guidance on where to start.

Sitting down with Jeremiah Grossman of Bit Discovery and Jeffrey Smith of Cyber Risk Underwriters to talk about the need to have cyber insurance.  What it covers and how relatively inexpensive it is compared to not having coverage at all.  Advocating for everyone to buy insurance (cyber insurance).  Knowing that the cost of insurance in many cases is far less expensive than trying to satisfy one more security control.  Looking at the risk and probability will help you determine how much coverage you might need to buy.  Requirements to get cyber insurance are becoming more significant.  It is no longer just about the questions or questionnaire but it is now becoming more about seeing the evidence of security.

A few weeks back I attended Blue Team Con in Chicago.  Based on one fo the sessions that discussed the culture challenges and shortages of qualified candidates I asked the founders of Blue Team Con to join me to discuss the challenges of finding talent and what to look for.  Why are hacker (hoodies) conferences always filled by young people? Why are other events that focus more on the blue team security defense side attended by those in business attire (suits) and seem to be an older age group?  Thanks to Frank McGovern and Stel Valavanis, founders of Blueteamcon, for a great conversation.

We recently talked about BCDR and making sure there is a plan in place that is communicated.  It felt like we left a few things out so this week I sat down with Charles Love again to hash out some of the procedures.  Join us as we discuss Tolerance, Expectations, and Categorical identifiers and how each have their own deliverables to ensure the best outcome for all involved.  No internet for 15 minutes?  No Power for 2 hours?  What happens if the power is going to be out for 4 hours or all day?  Just some of the scenarios we will discuss. Thanks Again to your sponsor ITPRO.TV

I don't think there are any MSPs who aren't dealing with backups of data for their clients, whether it is for onsite data or cloud services it has become par for the course.  In this episode I sit down with Charles Love of ShowTech Solutions to talk about pitfalls and obstacles we face with our clients when trying to appropriately size and position a BCDR solution.  We even talk about the risks and security that go into deciding which vendors or solutions to use.  CIS v8 Control 15 anyone? Thanks to ITPro.TV for making this episode possible.

Security and Compliance go hand in hand, but we live in a world where cybersecurity obligations are still driven by what our clients might require of us.  You don't have to become an MSSP to prioritize cybersecurity in our own businesses and our clients.  We don't have to be experts in cybersecurity controls, but you need to participate and guide your clients on the controls they need to address. As you work towards or maybe have already added an "s" in MSsP, are you providing guidance and helping to provide evidence to support how to address security controls internally and with our clients.  Brian Doyle of vCIOToolbox and I discuss this and other points brought to light as we address cybersecurity and the compliance control sets used to prove that security posture. Thanks to ITPRO.tv for being our sponsor.