Before things went all COVID on us this episode was planned out. It may be even more worthy of an episode now. Have you been evaluating your MSPs response to your current state of business? We knew there were some MSP issues in 2019 but now, in 2020, you must have a reliable trusted MSP partner more than ever. What kinds of things do you need to know about your tech needs, your MSP and where you both plan for the future?
In this episode:
Evaluating MSPs – Ep 252
–
The HIPAA Boot Camp
2020 Session Dates
August 18, 19, 20
Tucker, GA
2020 Fall Session Dates
Sept 15, 16, 17
San Pedro, CA
For info go to TheHIPAABootCamp.com
[button link=”https://helpmewithhipaa.com/hbc” type=”big” center=”yes” newwindow=”yes”] Registration Form[/button]
Share Help Me With HIPAA with one person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
Evaluating MSPs
There was an article published about a talk that the Louisiana Secretary of State did in January: Louisiana Criticizes MSP Industry’s Security Practices; Employs MSSP that had some tough things for MSPs to hear. The first paragraph was as follows:
MSSP Alert picked up the original story from State Scoop and that article shows a room full of leaders from various states because this talk was given at a meeting of the National Association of Secretaries of State. Yes, they all heard what happened to LA over the summer when several government agencies and schools were hit by a ransomware attack. Plus, a follow up ransomware attack on agencies in Nov. Sec of State, Kyle Ardoin, didn’t seem to pull any punches based on quotes in the State Scoop article.
He explained that his office now uses an MSSP. David has been doing that work now for some time. He saw the need to step up security and made the switch. Yes, it is more expensive but as Ardoin told the group “election officials need to fight for more IT security funding” and closing with a statement that sounds eerily familiar to our listeners.
While this discussion was about elections we know that the same principle applies in banking, healthcare, and fintech and much more. This message should be heard by every business out there regardless of industry or size. You should evaluate your risks and address security requirements on your networks. That includes evaluating your MSPs or MSSPs because they clearly don’t have things covered the way many people believe they do or should.
As we discussed this topic another discussion came up from a forensics group. The unnamed group said the following:
So that brings us to the point of the episode. How do you go about evaluating MSPs or MSSPs that you use or are considering using. This is where David gets to drop some knowledge on us all. Check out the full session on this at the SMB Cybersecurity Summit where he discusses evaluating MSPs in his session with William Price of Cyberx.
Things You Need To Have Clarity On Before Evaluating MSPs:
- What Are Your Wants/Needs?
- What Is Your Total IT Budget?
- Average 14%
- 11% Security
- What Are Your Expectations?
- What Risks Does The Vendor Bring Into Your Org?
- Do You Have A Vendor Security Assessment?
- Do you truly understand your industry’s requirements for privacy and security?
Things The MSP Must Have Clarity On:
- What Are Their Differentiators?
- What Services / Security / Solutions Do They Provide?
- What Are Their Expectations For You?
- What Risks Do They Bring Into Your Org?
- What Do They Do To Stay Educated?
- How Do They Ensure The Security Of Your Business?
Things To Look For When Evaluating MSPs:
- Tenure In Industry And Space
- Understand The Bigger Picture
- Follow Proven Cybersecurity Frameworks
- They Have Proper Insurance
- They Have A Formal & Comprehensive Agreement
- They Have An IR/BC Plan
- Submit To A Vendor Assessment
- Provide Proof Of Concept
- Does the vendor truly understand your privacy and security requirements in detail?
Things To Expect:
- Communication
- Documentation
- Technical Reviews
- Periodic Assessments
- Action Plan / Roadmap
- Identify, Protect, Detect, Respond, Recover
David’s list applies to him, too. Don’t hesitate to ask these questions of your current MSP after you have asked yourself what you really need. Even if you feel certain your current MSPs are set with security and HIPAA it is better to document you checked.
Just as the article discussing what Louisiana learned about cutting corners with their MSPs, or by their MSPs, it isn’t about saving money it is about protecting systems. It is clear after what we have all been through in 2020 technology is officially the backbone of business today. If you can not run your business via technology the business was pretty much shut down completely without people onsite. Otherwise, technology allowed businesses to continue operating during social distancing. As we move forward evaluating MSPs for your business will become a necessity to keep the ones you work with now as well as when you are selecting one.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
