TruMethods Standards and Alignment Manager, Brian Dappolone, gives his take on the security landscape of the industry and how businesses can better prepare for 2021.
Why should MSPs reevaluate their security processes and take time to focus on security during the end of 2020?
Three months into 2020, businesses had to make a split-second decision: close up shop or create a remote workforce. Creating a remote workforce was tough due to inadequate resources or a plan for full-time remote workers. The quick transition from office to home produced security gaps granting threat actors easy access to confidential data through a user’s unsecured home network.
What are some simple ways MSPs can improve their current cyber security practices?
Start with a plan and continually check your cyber security program. If formal security policies and procedures are not in place, get them on paper, and make the effort to enforce them. Start small by using the Center for Internet Security’s CIS Controls Implementation Group 1 standards and increase your company’s maturity level as necessary.
How has COVID-19 changed the security landscape for MSPs?
With the extensive shift of employees moving from a secure office network to their homes, increased exposure to confidential information was likely. Lack of encryption on laptops and mobile devices, weak or no wireless access passwords, and poorly configured networking equipment have changed how MSPs secure their clients.
Who in their organization is responsible for implementing security practices and keeping processes up to date?
In some circumstances, statutory or regulatory compliance requires the assignment to the role that maintains policies and procedures. For instance, HIPAA explicitly states, “Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the covered entity or business associate” (45 CFR § 164.308(a)(2)). Small to medium-sized businesses may lack the budget or resources and could outsource the responsibility to a reputable vendor. Enterprise organizations most likely employ in-house security personnel.
How often should an MSPs cyber security plan be evaluated?
Evaluation of an internal security plan is an ongoing process; there is no set frequency an MSP evaluates or updates their plan. The frequency, depth, and breadth of a cybersecurity program are all dependent on the organization’s level of risk. Businesses with a lower level of risk may assess their security program less often than organizations with medium to high levels of risk. That is, a mom and pop shop most likely has less complex network security than a multinational corporation.
How can TruMethods help MSPs/vCIOs on this topic?
The TruMethods FormulaWon program and myITprocess go hand in hand when evaluating and implementing the security controls of your customers. FormulaWon establishes company roles (e.g., vCIO, Technology Alignment Manager, Service Desk) and outlines how they work together to build Technology Success and develop a World Class MSP. With myITprocess, MSPs go a step further by developing standards and best practices, performing an assessment of their customer’s environment, and designing a strategic roadmap to implement improvements over time. FormulaWon and myITprocess give MSPs and vCIOs the tools needed to build a thriving IT company while securing their clients.