Whether you’re just starting out or looking to improve your cybersecurity skills, the CompTIA ISAO Cyber Fundamentals SME group has created a pair whitepapers that provide a comprehensive list of cybersecurity best practices that will be of benefit to all MSPs. MSPs have many areas of cybersecurity to cover, from acceptable use policies to vulnerability management. It can be difficult to be an expert in everything. One weak link could mean that your customers’ information and your own personal information could be at stake.
Members of the CompTIA ISAO Cyber Fundamentals SME Workgroup have created a pair whitepapers to help MSPs get started with cybersecurity or take further steps to become true cyber experts.
Both papers can be downloaded here.
Management Service Providers: Fundamental Cybersecurity
Advanced Cybersecurity for Managed Services Providers
After workgroup members discussed the difficulties MSPs have in implementing security processes and implementing security frameworks within their own businesses, both guides were created.
Bryan Hornung, CEO, Xact IT Solutions, a Marlton-based MSP, said that it was almost like a “deer in headlights” situation. “We felt it would help to create a framework that any MSP could follow.”
Justin Weeks, vice-president of cybersecurity and compliance at Aligned Technology Solutions (an Alexandria, Va.-based MSP), said that many MSPs don’t realize how much risk they face every day.
Weeks stated that “and those who are aware of the magnitude may not be able to answer the question ‘What do I do next?'”
Security Tips for Everyone
The group decided that separate documents would be created to ensure that both experts and security novices had the information and guidance they needed to improve their cyber resilience.
Robert Paradise CEO of Attain Technology (a Providence, R.I.-based MSP), said that the papers were created to help MSPs create a standard in the security space. “Fundamental security should be a goal for every environment. The advanced paper may be used in complex networks or larger environments with compliance requirements.
Weeks stated that all MSPs should follow at least the fundamental information and ideas contained within the Fundamentals paper, regardless of their size, region, or vertical focus.
It’s the minimum that we should offer our clients as a service. He said that following the fundamentals can reduce the risk to your company and the clients you serve. “There are very few people that can say you didn’t try to do the right things by implementing the fundamentals.
Weeks explained that the Advanced paper is intended for organizations who have mastered the basics and want to continue their security journey with clients and internal employees. It’s not “advanced” in a way you don’t use it, but it’s the next logical step. Trend Watch
Protecting client information and networks is a serious business
Paradise stated that MSPs who don’t consider cybersecurity an integral part of an IT environment and customers pay for it reflect poorly on the entire MSP industry.
“Some MSPs take this seriously, while others are clearly not.” “I still see very insecure networks when we migrate new clients, and that tells us that some MSPs don’t make the right recommendations or implement them effectively,” he stated.
Hornung said that the problem is that there aren’t any regulations or mandates regarding cybersecurity for MSPs.
“MSPs have the option to offer security services in addition to traditional MSP services. Hornung stated that it is important to communicate whether or not you provide security services and, if so, the process and framework that you use. MSPs can use these whitepapers to help them build a security strategy for their business. Once they have the foundations for choosing and implementing a framework they can move on to implementing more industry-specific solutions.