MSP security solutions just got legal assistance. Marketing agencies, salespeople, and managers need to take full advantage. Andrew Cuomo, Governor of New York, recently put into action laws which require any business regulated by the Department of Financial Services, or DFS, to have an approved cybersecurity program in place. That program must be maintained. Businesses affected by these new regulations include large and small operations, though smaller businesses won’t have the same level of regulations as larger ones.
The reason for these new regulations is that more than the business’s personal security is at stake. Many cybercriminals use businesses as a means of attaining personal identification about specific customers. Say, for the sake of illustration, that you were a savvy criminal who knew some big-ticket politician regularly used a certain auto mechanic.
Now say you were able to hack that auto mechanic, get specific information pertaining to that politician’s new car, and then hack the computer inside the car to extort the politician. You may get away with that if the auto mechanic does not have the right kind of MSP security in place. But to be sure, the New York regulations are geared more at big-ticket businesses. Financial companies, banking institutions, realtors, and other organizations which regularly handle large quantities of both currency and clients.
As an MSP, you can really clean house simply by finding businesses who are under DFS regulation and selling your services to them. The new regulations will come into effect over the next two years, which means you’ve got some time to develop and implement acquisition strategy. A good way to convince those who are holding out on establishing a security service until the very last moment is to use information. Remember, the law doesn’t require an MSP to serve these clients, it just requires they establish and maintain cybersecurity solutions. Those could be internally sourced, but what your prospective clients may not realize is that such solutions often cost much more than external solutions. Let them know.
Additionally, inform them about these things:
Minimum Data Security Standards
An MSP who regularly deals with diverse clients will be more equipped to handle large volumes of data and to back them up. They will already have storage solutions in place, or at the very least work with vendors providing this service. A business, large or small, who doesn’t primarily rely on such technology will basically have to source such storage solutions themselves, as well as their management, installation, maintenance, and upgrades. MSPs do the same for cheaper.
MSPs can additionally train employees in areas of data security more effectively both in terms of costs and education. What you might do as an MSP is used employee training programs as a pot-sweetener to sign on new clients. They would have to pay externally to do this themselves. You’re going to have to do it anyway, or your MSP will experience expanded workload that otherwise could have been avoided. So it’s a win-win for everybody; especially considering that such training is now legally required.
Penetration testing is basically a “trial-by-fire” of a business’s security system. A tech professional breaks into a given network as a hacker would. This can be expensive for prospective clients to do on their own. Your MSP, meanwhile, can even use a pen-test as a sort of “audition” for employment even if such a stunt may not be wise. It will depend on the client; sometimes sales and marketing have to be creative like that–but this is a digression. The point is, pen-testing is government required now, and you can save your clients money by helping them fulfill this need. Again, everybody wins.
Right now is the perfect time for your MSP to start reaching out to businesses that are regulated through the DFS. You can leverage services with packaged deals, educate prospective clients, and get ahead of your competition. But you need to act soon; within two years this MSP security windfall will pass.