MSP cybersecurity and the process of securing your own organization is the latest topic to pick up steam. Though, it seems many MSPs are falling short on their own security posture. The issue is a lack of time, money, or resources, and unfortunately, negligence. Starting a cybersecurity program is no easy task, so let us look at some common questions we hear on where to start.
“I’m overwhelmed with securing our MSP. Where can I start?”
Choosing a starting point is difficult: you have either too many information sources or not enough. An information overload causes you to seize up and prevent forward motion. If you are looking where and how to start:
- Start small and avoid going from point A to Z in one step. Advance your way up the process instead of from the top down.
- Choose a framework that best suits your business. Size, complexity, industries served, and level of risk are factors in the required effort to secure your environment.
- Use all resources available to you. A cybersecurity program is not a solo project. Get stakeholders involved, use the right tools, and dedicate time to get the project up and running.
“Will the MSP Cybersecurity Jumpstart template in myITprocess help?”
The myITprocess Cybersecurity Jumpstart questions draw from CIS Controls 7.1. Its intention is for businesses with little or no cybersecurity program and limited resources to secure their environments. The idea is to audit your organization, fill the gaps, and monitor and maintain your security risks.
“I’m too busy making money. Can I back burner my cybersecurity program?”
The short answer is no. The long answer is no, you should not delay securing your MSP from malicious threats. Neglecting your organization’s security poses a serious threat to every one of your customers. Malicious actors are no longer focused on SMBs, but on MSPs, by leveraging the value of data stored and accessible by a service provider.
“Every MSP is the same so can I do what everyone else is doing?”
It is incorrect to assume all MSPs—or even SMBs—have the same level of risk. Size, the complexity of operations, industry, and other factors attribute to the level of risk required for mitigation. There is no ‘one size fits all’ solution so many MSPs must customize their cybersecurity program to fit their specific needs. Although many frameworks and best practices are often used, the requirements are subject to interpretation.
“I am unsure how other employees should be involved in our cybersecurity program.”
A cybersecurity program has everyone buy into the idea that security is a top priority. Frequent cybersecurity awareness training keeps everyone informed and helps prevent internal security issues, especially since 90% of security breaches are due to human error. Developing and maintaining a cybersecurity program needs a dedicated resource. An MSP needs to treat themselves and their most important customer.
“I don’t think my customers and prospects are concerned about our internal operations.”
Think again. A survey showed 89% of SMBs would consider hiring a new MSP if they offered the right cybersecurity solution. This indicates SMBs are paying attention to their service provider’s security policies and procedures. It is no longer about getting the lowest priced support; those same SMBs surveyed are willing to pay up to 25% more for the right cybersecurity offering.