Operating a business is difficult, so avoiding these five common mistakes is crucial to building your business and reputation. You devote significant energy and time working on the company. Given great focus and productivity, there are not enough hours in the day to address all of our obligations. We often look for more effective methods to improve our efficiency.
Executives rely on technology to perform their roles, but few are technically advanced enough to understand and solve their problems. That is understandable because technology may not be your area of expertise. This realization means finding a Managed Service Provider (MSP) or IT outsourcing provider to address your business technology needs.
As this delegation process occurs, the MSP makes several claims to give you a sense of security. They explain how they are experts at all things IT. They are proactive and responsive and can handle your critical business IT services. Their stated service skills include cybersecurity, network management, and PC support. Some also promote cloud computing, data backup, business continuity, and disaster recovery planning.
You don’t know what you don’t know. You are eager to delegate all IT responsibilities to focus on your business role. This lack of understanding forces your hand to trust what the MSP tells you. Criminal enterprises take advantage of good people and their companies during this disruption and change. Many MSPs also knowingly take advantage of good people, and we view this as an injustice.
When your service provider states that you are safe and assures you that your data is protected, do you believe them? MSPs provide needed helpdesk support, patch management, and system deployments. However, finding an effective MSP across the many facets of cybersecurity is rare. We will highlight common mistakes executives make when trusting their MSP to secure their businesses from disruption, financial loss, and reputational damage.
Delegate Instead of Abdicate
Great leaders effectively delegate responsibilities to competent people as a critical driver of productivity and scale. There is a feedback loop, and the parties check in to ensure the successful completion of the work.
Abdication is to relinquish responsibility or give up voluntarily. Assigning security responsibilities to someone and avoiding efforts to ensure the work’s completion would be abdication. Paying your invoice each month is not a guarantee of completed work.
Delegating cybersecurity to your MSP is prone to problems that lead to disastrous results. As MSPs fail in their duty to protect their customers, this becomes apparent after business disruption events occur.
Hackers are targeting MSPs and IT outsourcing businesses to attack the service providers’ customers, according to a U.S. Secret Service alert issued June 12, 2020. Threat actors use compromised MSPs to launch cyberattacks against service provider customers. These attacks include point-of-sale (POS) system intrusions, business email compromise (BEC), and ransomware attacks. Insurance companies also validate this alarming trend.
Beazley outlined reported incidents of their policyholders in 2019. Beazley recorded an increasing number of ransomware incidents that resulted from attacks on IT managed service providers (MSPs) and other service companies providing organizations with infrastructure and support services. Criminals target MSPs because of weak security practices and unpatched networks.
Accept Duty and Responsibility
As an executive stakeholder, you are likely highly committed to the business. You feel the obligation to lead and make effective decisions. Your team and customers rely upon you.
Duty of care refers to a fiduciary responsibility held by company directors, which requires them to live up to a certain standard of care. This duty, which is both ethical and legal, requires them to make decisions in good faith and reasonably prudent manner.
Whether an executive partner or employee, duty is a moral commitment to perform your role and support your team. Accepting personal responsibility is taking ownership of your behavior and decisions. These outcomes become the good or bad consequences that impact you and those around you.
We continue to see instances where the moral duty to perform contracted responsibilities, is absent within MSP organizations. This lack of integrity and commitment leads to the MSP’s failure to perform the contracted services. This failure to fulfill obligations causes business disruption.
Held Accountable
When tasks are complicated and issues frequently occur, motivational and capability problems may exist. When problems arise, the key to resolution is determining if the core issue is whether they can’t perform the work or won’t perform the job. You have missed deadlines, unhappy customers, and financial problems when tasks aren’t completed correctly.
Negligence is the breach of the duty of care. An individual can only make negligence claims once the failure of duty of care happens. This reactivity means that you have to wait for an incident to transpire before making a claim. Because of this, if the accident is severe, it’s too late!
Suppose you are careless at work, whether an employer or an employee, you could breach a duty of care. Negligence at work can lead to compensation claims on top of any criminal prosecutions. Many people are not aware of this exposure.
It will be interesting to see how the courts rule in lawsuits when MSPs and their customers point the finger. Will you be able to prove that your MSP incurred liability by knowingly accepting cyber security responsibilities without having the necessary qualifications? Will your MSP demonstrate that you abdicated responsibility and are negligent in your duty to care?
Inspectionem℠ Decreases Harm
The volume of businesses impacted by ransomware indicates pervasive integrity issues with MSPs and outsourced IT providers. The lack of oversight and documentation allows many service providers to operate unchecked. Your lack of verification means the exchange of value is primarily one-sided. You pay the MSP, and they do not consistently perform the services you contracted them.
Don’t let it go unchecked. MSPs know you lack the skills to assess their performance. Services rendered in secret, without validation, are inherently suspicious.
There are three typical reasons for inspection and accountability services.
1. Your leadership team has never reviewed your MSP or IT outsourcing providers’ adherence to security standards and contractual obligations.
2. Your leadership team has concerns about data confidentiality and integrity.
3. Your leadership team acknowledges that they have concerns about their services provider but lack the technical expertise to evaluate provider performance adequately.
Indirect responsibility involves moving beyond yourself and taking action to help people or situations around you that call for assistance. We provide inspection and oversight services to leadership teams that accept their duty and responsibility to protect the business from harm.
Getting Things Done
The more time it takes to consider investments that will improve your employees’ safety and productivity, the likelihood of avoidable business disruptions increases. We understand that you are feeling anxious because circumstances continue to change. You probably realize there are better ways to measure and contain cyber risk as you invest in the areas with the most impact.
Many MSPs and IT outsourcing providers are negligent in their contracted duties. Many executives, maybe even you, do not inspect what you expect.
- How do you know if you are reasonably secure?
- Do you cross your fingers and hope today is not the day your business is offline and cannot operate?
- Are you taking their word as validation?
Due to uncertainty, leadership feels compelled to reconsider information security changes to protect their business, employees, and customers from loss. Limited capital for investing in loss prevention requires a plan aligned with your current priorities to support the future. These fundamental elements are where we can help you.
We will not assume that we know what you want or need. Based on collaborative feedback from your team, we guide you through a renewed awareness process to pinpoint key factors that can cause business disruption, financial loss, and reputational damage.
Will you be accountable for preventing harm to your business and customers?
As a proud supporter of American companies, Certitude Security® is working diligently to inform leaders and facilitate essential asset protection priorities for manufacturers and supply chains throughout the United States.
Problem discussions can be a defining moment in your career. If you are interested in value creation, learn about SPOT-Beam™ by Certitude Security®. We look forward to helping you and your business succeed!