Guest Column | April 16, 2020

MSP Cyber Fraud And How To Fix It

By Angel R. Rojas, Jr., DataCorps Technology Solutions, Inc.

Cyber Fraud security

Now that you’ve read the first and second articles in my series, you should be well on your way to correcting the deadly security mistakes most MSPs are making. If you haven’t read the first two articles in the series, now would be a great time to do so!

If you have, stay on track! You’ve come so far and we’ve got just a little more ground to cover and you’ve made a ton of progress… trust me on this! Through this journey, you will have added processes and procedures that are going to be cumbersome. Don’t fret, they’re there for everyone’s protection but the temptation to deviate is high and you may not get 100 percent buy-in from your team at first. Trust the process.

The biggest reason most folks start to deviate is because this is the hard stuff. We all want that “silver bullet”, the “set it and forget it” system. The problem is that it’s a farce – it does not exist!

Here are three ways to ensure you and your team stay on track:

Engage with cybersecurity-focused communities such as FBI Infragard, U.S. Secret Services Electronic Crimes Task Force, etc. By engaging with these communities and participating in their regular activities, you will have access to peers that will validate and reinforce your newly learned behaviors. This will give you a positive feedback loop that you’re on the right track. Recently, I attended an Infragard meeting held at Tampa International Airport. We were briefed by their security folks and to hear them share their overall processes and philosophies and have them match what I’ve been building with my team was a tremendous encouragement! From that meeting, I was able to validate that we’re on the right track and to see that the challenges I’m facing are not unique.

Involve your team in the process so they have buy-in. Encourage them to give input on what’s reasonable. Your folks are where the rubber meets the road. This means that they’re the best people to tell you if you’ve gone too far with a particular process. Some processes have flexibility and others are non-negotiable. Making this a group effort will give your team ownership and they are more likely to adopt!

Keep the “main thing”, the “main thing”. The purpose of this is not compliance, it’s just good business. We are hearing more and more MSPs getting hit by ransomware and/or infecting their clients with ransomware. Let’s just get this matter settled, this is no longer optional or a nice to have. We need to rise up to our responsibility to have a “reasonable duty of care” (that’s a legal term you should be very familiar with) to our clients. It is no longer good enough for them to simply say, “so and so IT company is taking care of things, I’m not worried”. What are you doing to truly prepare them for an incident? By focusing on the “it’s-just-good-business aspect” you are ensuring success for you and your clients, as well as rising well above your peers.

Thank you for reading my series on MSP cyber frauds and how to fix it. I hope this brings light to the fact that, in many cases, we are the first and last line of defense for clients and that we are not immune. When disaster strikes, will you rise to the occasion or will your ship sink?

About The Author

Angel R. Rojas, Jr. is President & CEO of DataCorps Technology Solutions, Inc. and has been a member of The ASCII Group since 2017.

About The ASCII Group, Inc.

The ASCII Group is a vibrant reseller community of independent MSPs, VARs, and other solution providers. Formed in 1984, ASCII has more than 70 programs that provide turnkey cost-cutting strategies, innovative business building programs, and extensive peer interaction. ASCII members enjoy benefits such as marketing support; educational information; group purchasing power; increased leverage in the marketplace; and multiple networking opportunities. These programs enable ASCII members to increase revenue, lower operating costs, and grow service opportunities. ASCII is the oldest and largest group of independent information technology (IT) solution providers, integrators and value added resellers (VARs) in the world. Learn more at www.ascii.com.