Share This:

MSPs expertsManaged service providers (MSPs) must navigate an increasingly complex cyber world. From dealing with the Internet of Things (IoT), 5G, and ransomware, to managing hardware, education, and training. The intricacies of running a business, both theirs and their clients, can bring numerous challenges.

Over the past year, I’ve had the opportunity to speak with experts throughout the industry. This week’s article offers a variety of expert advice for MSPs, including insights provided to me post-publication that are sure to help them overcome potential hurdles.

Licensing cybersecurity providers

Several countries, including Ghana and Singapore to name a few, have begun licensing cybersecurity providers. “Licensing may help in tracking the industry but will do little to increase overall security,” says Ian Paterson, CEO of Plurilock Security, a cybersecurity solutions company. “Governments may be better served in focusing on upskilling their economies overall in cyber hygiene, best practices and talent development at the K-12 level to build more resilient societies, rather than imposing speed bumps on solution providers.”

Mobile device security

Mobile device security demands increasing attention as workplaces are expanding adoption of these solutions. George McGregor, Vice President of Aproov says that steps must be taken across the mobile ecosystem to decrease vulnerability. “The devices, apps, the channel to backend systems, and the APIs that serve mobile apps are all vulnerable to attack. A zero-trust approach is required, including runtime app attestation, comprehensive device attestation, and protection from man-in-the-middle attacks,” he explains.

Future mobile device security needs to be more robust, requiring a zero-trust or defense-in-depth approach. Assume nothing is secure and assume breaches will happen,” McGregor states. He adds that defenses will include app attestation and comprehensive runtime checks of the devices they run on. “APIs will require every request to be validated to be sure that each request comes from an unaltered app on an unmodified device. In addition, it is important to have a plan and be ready when issues arise: it is crucial to be able to rotate keys and secrets immediately in the case of breaches to ensure service continuity.”

PHI security

Dr. Kevin Huffman, CEO and founder of holistic health services Ambari Nutrition, has to safeguard patient information daily. “If a bad actor steals your protected health information (PHI), the attacker can open new lines of credit or loans, or even get medical care in your name – a scenario that leaves you with a financial and medical quagmire on your hands,” Huffman states, adding that electronic health records are the backbone of the health records system, but also coveted by hackers.

“EHRs are one of the central pillars of modern medicine and their associated services – but they might also be a giant target for hackers,” Huffman adds, and robust cybersecurity must be implemented to safeguard them. “Obvious cybersecurity measures include requiring strong passwords; conducting regular security audits; and encryption of PHI as well as implementing training for employees on proper handling of data.”

Device disposal

When getting rid of end-of-life cycle computers, consider the following:

“For organizations looking to recycle their old devices, remove any remote management, firmware passwords, or bios passwords to be sure this equipment can be reused,” says Thomas Witherell, president of Data Recycling of New England.

“A newfound problem that we are dealing with is more devices being remotely managed. This not only brings up organizational information on where the devices came from. It also makes the product unusable unless the organization removes the device from management,” Witherell shares. He adds that sometimes on-site disposal is best. “For companies and Individuals with sensitive data such as hospitals and law offices, it is always a good idea to consider on-site hard drive shredding to ensure that your data is safe.”

Cybersecurity insurance

Cybersecurity insurance is an increasing topic of conversation among MSPs and their clients. The market looked uncertain for a time. However, most experts say it is a viable product and the market is stabilizing.

Wayne Bernstein, senior vice president of insurance wholesaler XPT Specialties weighs in. He shares that “in the past year, capacity has stabilized with more carriers offering coverage. However, pricing continues to rise while limit availability is shrinking with increased limit demands from third-party vendors. Underwriting has also tightened up, leading to better overall risk management, for now.”

Berstein thinks cybersecurity will remain a viable product for the foreseeable future. “If the market is managed carefully, cyber insurance will be around for years to come. There are privacy laws and protections on the state and federal levels, including HIPAA. Cyber insurance will be necessary for any company. This is including the small to Fortune 500 since any business can fall prey to bad actors on the Dark Web.”

Understanding and addressing these potential challenges is crucial for MSPs. It will help them to protect their clients, optimize operations, and stay ahead in an ever-changing field.

Photo: Aksonsat Uanthoeng / Pexels


Share This:
Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *