MSP 1337 | Cybersecurity Education & Security Guidance

As the podcast series has grown to more than 30 episodes it is starting to feel like  Deja vu.  We have topics to choose from that will likely go on indefinitely but is there a pattern to this madness as we work together to go on the offensive.  The threat actors are still getting away with huge ransoms tied to poorly implemented configurations, protections not properly installed alongside people who still click on the link or use weak passwords. Join me this week with the return of Eric Hanson of Inland Productivity Solutions as we talk about why it's different this time.  Finally, we have a breach or a series of breaches that everyone is paying attention to.  If we can reduce our client's risk we can reduce our own risk. We have to take responsibility and accountability for our data in order to see real change.  Cybersecurity is a shared responsibility. Our Cyber insurance companies are asking questions about our security posture before they will continue coverage.  What is needed to get our clients to recognize their risks that in turn is our risk?  It's time to get brutally honest with our clients. Thanks to our sponsor and partner MSP-Ignite for making this happen.

Is there hope in the fight against ransomware?  In this week's episode, I sit down with Greg Edwards of CryptoStopper to discuss ransomware and other exciting topics.  It is long past due that we get proactive and take the fight to the bad guys.  There is hope and it isn't a single product or service but more an approach.  If you haven't met Greg Edwards you are in for a treat as he talks about his journey as an MSP fighting what seemed like a losing battle with ransomware and how a change in how they approach the fight isn't out of reach for the rest of us. Thanks Again to our partner and sponsor MSP-Ignite.

Recently Common Controls Framework put out a survey that asked respondents questions about how well they know the people in their client's companies and the people that work there. I thought I would really like to understand what went behind the questions and what the survey results looked like... So I reached out to Dorian Cougias, CEO and founder of Common Controls Framework. After several conversations about the schemas and research that goes into a KYC exercise, we were able to put together this episode that focuses on the importance of KNowing Your Client. Join me this week as Dorian and I go on a journey down the rabbit hole of who people are underneath the surface and not just what they listed or didn't list on their resume or LinkedIn profile.  This episode focus on the need for answers to these two questions: 1. What is your client's truth posture? 2. What is your client's security posture? Thanks again to our partner and sponsor, MSP-Ignite, for making this happen.

A recent post on Linkedin asked whether you do Table Top Exercises internally or with your clients?  It hit me right between the eyes.  We talk about the need to do them, and I am guilty of not getting past the conversation stage, so I decided to sit down with the guy who posted the question.   Join me this week as I sit down with Art Gross of Breach Secure Now to talk about tabletop exercises and how we don't have to make it complicated.

This week I sit down with a former student, Matthew Schroeder, to talk about his take on cybersecurity.  What inspired him to pursue a path in cybersecurity and the opportunities that await.  While we do go down a rabbit hole or two, it is important to know that we are really focused on sharing our cybersecurity passions and answering some questions around automation and people.  Did I mention people?  Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.

People and Privacy, From one office of twenty or thirty employees to twenty offices of one employee per home office.  2020 was difficult for all of us as we adapted to new working conditions both at home (most of us) and at the office or school, where you might have to follow vastly different protocols to stay safe.   This week I am joined by Raffi Jamgotchian of Triada Networks to talk about privacy and an increasing request for Secure Access Service Edge (SASE). We uncover that while security in the workplace is paramount, its privacy on the consumer side is really at the core.  End users love checking their email on their personal phones as it's convenient but try getting them to install a 2FA app on their phone, and now you are trying to get them to submit to an Orwellian workplace. Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.

Over the past twenty-plus episodes, we inevitably get around to talking about people. In episode 22, "Cybersecurity Still Comes Down To People", only reinforces the need to hear what my guest, Craig Taylor of Cyberhoot has to say.  We talk about educating the unwilling when it comes to cybersecurity but it is so much bigger than that.  Join us as we discuss the finer points of vendors who provide products that aren't set to a security state as a default, Frameworks that might include the need to protect data and provide training to staff but don't think it's important enough to be number one priority. Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.

Last week we talked about vendor evaluation from an MSP perspective and this week we talk about it from a client or end-user perspective. Join me as I sit down with Jon Munford of New London Community School District to continue the vendor evaluation discussion.  It may come as no surprise but there are three checklist times that are an exact match with last week's episode.  Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.

In this two-part series we are taking a look at vendor evaluation from the perspective of an MSP and then next week we will look at it from the perspective of a client.  While checklists are important one thing that comes up frequently is to make sure that when evaluating a vendor that you are in the right state of mind.  What problems are you trying to solve? Is this a need or a want?   Join me once again as I welcome Charles Love to this episode as we unpack evaluating vendors and their approach to confidentiality, integrity, and accessibility. A big thanks to our sponsor, PC Matic, Endpoint Security built on a zero-trust/default deny philosophy, allowing only trusted sources and blocking all the rest. Lightweight, simple to deploy, easy to manage & compatible with all major antivirus products.  Find out more about PC Matic by visiting PCMatic.com/msp/.

Having gaps in your cybersecurity is inevitable, but plugging gaps with products and services doesn't necessarily make you more secure. It may put your business at a greater risk of compromise.  I had the opportunity to sit down this week with Rick Mischka of Short Arm Solutions and one of The Cyber Pro Podcast hosts to talk about some of the emerging trends from the many interviews on their show that focuses on 10-12 questions about cybersecurity.  There was one consistent pattern that emerged... People making decisions that have a significant impact on their companies, but because we have become so desensitized to password compromise, breaches with big companies splashing headlines in the media, and our desire for convenience and comfort.  Lots of ideas, and you can bet that Rick will be back on a future show. A big thanks to our sponsor, PC Matic, Endpoint Security built on a zero-trust/default deny philosophy, allowing only trusted sources and blocking all the rest. Lightweight, simple to deploy, easy to manage & compatible with all major antivirus products.  Find out more about PC Matic by visiting PCMatic.com/msp/.