In part three of our series on risk management for MSPs we'll take a look at the role of insurance. Several months back we posted a blog on the importance of having a comprehensive cyber insurance policy to protect against potential claims of negligence or malpractice from your clients.

Most likely from the early days of our practice we have carried Errors and Omissions (E&O) insurance to protect against potential claims for negligence in the course of our work. Should one of our engineers accidently lose significant data of one of our clients resulting in a claim, we wanted to make sure we were covered. However, most older traditional E&O policies do not cover cybercrime events.

It is important for MSPs to now carry insurance that covers any type of cybercrime that takes place inside their organization as well as any cybercrime that takes place within one their clients environment…

In our last article, we discussed the importance of reviewing your current contracts to make sure that you are protecting yourself against new threats, not just from nefarious parties but from your vendors and your clients.

In part two of our series we'll look at policies and procedures you should be implementing in your MSP practice. As with your contracts you may have created policies procedures over the years that are simply not adequate in today's threat landscape.

According to Rob Scott of Scott and Scott LLP, a basic set of policies would include:

Written information security policy

Breach incident response plan

Acceptable use policy

Other policies required by regulation

Information Security Policy

Your information security policy outlines the procedures by which you keep data in your organization confidential, insure its integrity, and always make it available to those that need it. As an MSP your ISP should include policies and procedures by which you protect data for your clients as well…

The one constant in the MSP business is change. In order to address the constantly changing threat landscape we must take a holistic view of risk management and reexamine all aspects of our business. This four-part series will look at the threat landscape for MSPs from several angles.

We are used to thinking of the threats as acts perpetrated against us by bad actors. We mitigate those risks through the use of firewalls, anti-virus/malware software, SIEM/MDR solutions, and end user training, etc. Job done! Right?

Nope! The threat landscape for MSPs extends way beyond "the bad guys"...

As the threat landscape for MSPs continues to get broader and wider, it is more important than ever that we shore up our internal security as much as possible. However, this should not be done in a "piecemeal" manner. It is easy to fall into the trap of assuming that we know which specific measures should be taken and simply implementing those. That may result in a more secure network, but it will most likely leave gaps and literally provide a false sense of security.

There are several Common Security Frameworks (CSF) available that provide a standard set of guidelines that can be followed by the MSP. By selecting one of the common security frameworks, an MSP will have a structured roadmap by which to assess their current state, identify the gaps, remediate the gaps, and certify the environment. By selecting and meeting common standards, MSPs also add to the protection they gain in the event of a lawsuit brought on by a breach. If the MSP has certified against a recognized standard, and their practices are compliant with that standard, any legal liabilities…

In previous posts we’ve discussed rethinking the corporate conference room in the new world of remote work. We've also talked about the need to secure the home office against hackers. But what about the overall comfort and functionality of the home office?

 With the pandemic continuing way longer than we ever thought it would, it's time to think more long term about how we work. Many companies are embracing the work-from-home model as a permanent part of their culture. Many are offering a split schedule with a few days in the office per week and a couple of days remote. Flexjobs has compiled a list of 30 prominent companies with various plans to allow remote work on a permanent basis.

 For the long term, the dining room table is just not going to cut it as an effective home office environment. It's time to really look at what is going to make for a comfortable, productive space…

In last week's article we brought to light the need for MSPs to shore up their own security. As part of that strategy we discussed the need for a Cyber Insurance Policy to protect against any lawsuits that may arise due to perceived negligence on the part of the MSP.

So let's delve into the Cyber Insurance industry in general for a minute.

The cyber insurance industry is still very much in its infancy. Although it has been around for a decade or more, that pales in comparison to other forms of insurance such as casualty and property…

Most traditional MSPs today are aware of the need to provide their client base with a much higher level of security services. The recent spate of high profile ransonware attacks make national headlines but lesser attacks that don’t garner as much attention occur every day in much smaller institutions. Many MSPs are seeing the need for advanced security services as not just an opportunity but a "must have". Whether they are looking to build their own MSSP practice or partnering with others the provide the service for their clients the need to look internally at our own security is a must.

Although, it was revealed early on that the SolarWinds Orion Platform compromised in March of 2020 was not the same one used by many MSPs, it was a wakeup call…

Photo Credit: JonaThunder

By now, we have all heard that many major corporations are instituting policies allowing workers to continue to work remotely even after the pandemic is declared over. Facebook is allowing employees, whose jobs are conducive to 100% remote work, to work from remotely on a permanent basis. Those that require, at least, some in-office participation will be allowed to work remote as much as 50% of the time. Twitter has done the same. Apple has announced a three day in-office work week. Google and Microsoft are tracking with Apple's policy.

Regardless, the era of the hybrid office is here. Businesses at all levels are grappling with this issue.

Organizations pivoted a year ago to enable workers to stay home and remain productive. MSPs rose to the challenge of setting up and supporting the new environment. We, as a community, have enabled our clients to survive and perhaps flourish in some cases over the past year. However, most of us most viewed this as a temporary situation…

Microsoft 365, formerly Office 365, formerly Business Productivity Online Suite (remember that?), has been around for over 12 years. Originally, the online version of the standard desktop apps and an online version of Exchange, MS365 has grown into a much more robust platform offering virtually all of the capability of the traditional on-premises networking experience.

Organizations are slowly adopting various facets of the MS365 platform, but many have yet to fully embrace the promise of a completely serverless, cloud-based architecture. There can be many reasons for this. Some may be using third party applications that are not adaptable to the cloud. Others may be waiting for their on-prem infrastructure to fully depreciate. Still others may be uncertain of how the architecture will change their office culture.

Regardless of the reason, the post pandemic world may change the conversation…

The past decade has seen a shift in the account management role from that of an inside sales associate to a true strategic partner. Monikers such a Virtual CIO (vCIO) and Technical Account Manager (TAM) have aimed to articulate the distinction. Instead of being in the role of waiting for the client to make a request for a product or service, the role has become proactive where Quarterly Business Reviews (QBR) are conducted to ensure that strategic goals of the client are met as well as the relationship bolstered. Ideally this also helps the MSP retain the customer and sell more services to the client.

 Traditionally, most of these meetings were held face-to-face and perhaps over lunch. Covid-19 changed all of that. In the beginning of the pandemic,