By Angel R. Rojas, Jr., DataCorps Technology Solutions, Inc.
Have you read Part One of my series on how to avoid being an MSP Cybersecurity fraud? If not, stop what you’re doing and read that first because we can’t proceed until those items are out of the way.
Several months ago I wrote an article entitled, Is Your MSP A Fraud. In the article, we discussed how many MSPs are advocating cybersecurity but not practicing what they preach. We covered three deadly sins I commonly encounter when talking to fellow MSPs and now we’re discussing what to do about them.
Caught up? Great! Let’s get started with how to fix the second sin: We are not building or executing on a security plan.
Once a risk assessment is done, we have a pretty large to-do list of things that need remediation. Not the least of which is our security plan, which will outline our protections, policies & procedures, how we will conduct ourselves during an incident or breach, and who is on our response team. Part of a security plan also can include steps needing to be remediated.
This sounds daunting, and it is, but it’s absolutely critical to be thorough with the plan even if we’re not going to remediate or execute on 100 percent of it. Why? Many regulations have addressable items, meaning they’re not required or can be implemented within reason. This makes room for organizations of all shapes and sizes to adopt security at a pace that will not break their business. What we don’t want is to be willfully negligent, meaning that we didn’t do anything or follow our plan. That will not bode well with anyone…
So how do we take on this gigantic monster? Here are three tips on working through your remediation and building your Security Plan:
As I’ve shared before, there is no silver bullet – this is real work and we have to just get it done. You can see that we’re not the only ones that have to do it and developing a network of allies can be extremely powerful to get much-needed, valuable help that would otherwise cost us a fortune. Approach with a win-win mindset and you could have a powerful testimonial to share with others, a new key relationship and referral source, and an excellent Security Plan!
About The Author
Angel R. Rojas, Jr. is president & CEO of DataCorps Technology Solutions, Inc. and has been a member of The ASCII Group since 2017.