MSP 1337 | Cybersecurity Education & Security Guidance

Power outages, slow internet, ransomware, and many other scenarios cause a finger to get pointed at someone.  I know I have had a few fingers pointed at me and I know that I have also done my own share of finger pointing.  In recent discussions with other MSPs I came to the following conclusion... Finger Pointing doesn't help!   Eric Hanson of Inland Productivity and I sit down to discuss ways to reduce the finger pointing during crisis to get the client back online and working as quickly as possible.

With T-Mobile, AT&T, and now even Microsoft reporting breaches questions start to come up as to what can be done.  Why is this happening? Don't these companies focus on securing our information?  I have also noticed that many of the answers coming from these large companies is a bit cold and lacks any real empathy towards their customers who have now become potential victims. Join me as I discuss this with Chad Holstead from BKS and our take on what can be done as an MSP and how taking a proactive approach may prevent or at least reduce the impact on those compromised.

We have all had an opportunity to work with a Microsoft product or two in our careers.  This week I sit down with Charles Love to recap some recent O365 challenges we both faced and better prepared for future migrations, upgrades, and enhancements.  Cybersecurity and O365 don't play nice out of the gate with each other, but that doesn't mean we can't get it locked down appropriately.  We cover licenses and product types as pertains to different compliance frameworks and regulations.  We discuss MX Records and DNS Monitoring, and we get into some of the security defaults that often get overlooked when an MSP onboard a client that already has O365 in place.

It seems we have covered different cybersecurity frameworks and the challenges MSPs face to become compliant, but until now we haven't talked specifically about HIPAA compliance.  As an MSP you might find that you are a Business Associate and not knowing doesn't let you off the hook. Join Bryan Sullo and me as he fires questions about HIPAA compliance and I try to answer as many of them as I can.  If we leave something out please let us know.

It seems that more often than not we talk about Cyber Insurance.  The last two episodes we talked specifically about risk and going back to December 2020, Episode 8, we talked about cyber insurance and ransomware with Frank Bauer of Vade Security.  A recent voicemail from Eric Hansen of Inland Productivity Solutions prompted a discussion around Cyber Insurance.  Here are the key discussion points: 1. Do I have enough insurance? 2. If I make a claim will my insurance company pay? 3. My clients don't have it so how does that impact my risk? These are just a few questions and as we explore the topic we ask you the listener to send in additional questions that we might answer on future episodes.  

Last we we discussed client risk and even a bit about our own risks.  Throughout our discussion I kept thinking we need a way to score our prospective or existing clients to help determine those that bring us more risk.  There is one person I know that is meticulous in how he manages the onboarding process and so I am happy to say Charles Love is back to give us some tips on how to create a client or prospect scorecard.

Most of us can relate to a client grading system. We grade client's prompt bill payments, how they treat our techs, demands, or requests that sometimes seem outlandish or impossible. In our ever-changing world of managed services, we are now layering on security service offerings that have potential consequences that may include ourselves when declined. Join me this week as I sit down with Jim Harryman of Kinetic Technology Group to discuss client risk and how to address it. Our goal is that our listeners would see a path towards exiting a relationship with a client as a last resort (pertaining to cybersecurity). Jim has some great tips, and I think we would all agree that none of us want to see our clients succumb to ransomware or other threats due to refusing to implement cybersecurity recommendations.

If you haven't seen the NIST definition of Zero Trust, then you have come to the right episode.  I sit down with Bryan Sullo of Clock Tower Technologies to discuss what Zero Trust really means to those of us who operate in the realm of an MSP.  As we go in circles on zero trust, we begin to unpack the cybersecurity stack and compare it to balancing a checkbook. I'm not sure we have the full comprehensive answer, so if you have ideas or suggestions related to this episode or a topic you would like us tackle in the future, please send them to chris@pinpointsolutions.comThanks to MSP-Ignite for helping us make this episode happen.

Do you ever feel like you aren't the expert?  You are meeting with a prospect or an existing client, and you suddenly doubt your abilities... If you have ever been there and felt like you were just weren't good enough and what do the clients or prospects think when we don't have an answer.   Join me as I sit down with Joshua Smith, former business partner, and a cybersecurity expert himself, as we navigate imposter Syndrome.  This is a vulnerable episode as we admin some of our challenges early on in our careers and how we overcame our limitations to continue being the experts in the room with our prospects and clients.  Expertise isn't a destination; it's a journey.  Remember that imposter syndrome is self-inflicted. Thanks to MSP Ignite for helping us make this happen. Do you ever feel like you aren't the expert?  You are meeting with a prospect or an existing client, and you suddenly doubt your abilities... If you have ever been there and felt like you were just weren't good enough and what do the clients or prospects think when we don't have an answer.   Thanks to MSP Ignite for helping us make this happen.

Starting with Communication and what is appropriate?  We will discuss the different types of communication and when they should be used to have effective communication.  When to use Chat, when to use email, when to use phones, and text messaging.  This leads us down the path for incident response and other more urgent communications are getting to the right person and read. I sit down this week with Matthew Schroeder a grad student at Lindenwood University to talk about communication protocols and how they should be used correctly to ensure that we get our messages to the appropriate party as quickly as possible. Thanks to our sponsor and partner MSP-Ignite for making this happen.