By Angel R. Rojas, Jr., DataCorps Technology Solutions, Inc.
The world has changed in just a few short years. A lot. Our clients are under the constant threat of cyber-attacks with so many vectors it seems like an insurmountable task to keep them safe.
I’ve had the blessing to speak at ASCII Group Success Summits throughout the country this year which has afforded me an opportunity to have good, meaningful, face-to-face conversations with many peers. Cyber protection has been at the top of most of these conversations and, sadly, the state of affairs in our industry is weak. Many of the conversations reveal the focus is misaligned and is not even consistent with what we know will provide effective overall protection to our businesses and clients.
Time for a heart to heart ... maybe an intervention?
We preach the gospel of cyber, but we don’t practice it. We are the choir, but we think the preacher’s words do not apply to us. We have committed deadly sins and remain unrepentant. Here are the top three:
Since this isn’t optional we need to schedule a time, at least annually, to complete our risk assessment. There are even vendors out there who will help an MSP complete a risk assessment for around $300! There simply isn’t a valid excuse to not do this. Also, don’t forget to remediate the risk assessment!
A security plan addresses the who, what, when, where, and how about our security practices. Without it we are just flying blind and, while this may have served us well up until now, it is a false sense of security and demonstrates we are just lucky, at best. As the old adage goes, “Those who fail to plan, plan to fail.”
There are no tools you can buy that just complete your risk assessment or security plan. Worse yet, many think it is perfectly fine to buy a prepackaged or “canned” security plan and call it a day. All this does is set you up to fail and to create unreasonable expectations for you and your team. Do the work and you’ll learn a ton, plus you will have experience to help you address common misconceptions and objections clients have surrounding the process.
So how do we turn this around? How do we stop being frauds?
Confess your sins, repent, then stop committing them! The first step is to perform the risk assessment and follow the same process we are preaching to our clients. “But they’re not buying our cyber services, Angel.” Would you take advice from a hypocrite?
It’s time to turn this around and start minding our house. Don’t be an MSP fraud!
About The Author
Angel R. Rojas, Jr. is president & CEO of DataCorps Technology Solutions, Inc.