Rising State Regulations and Lawsuits Threaten SMB and MSPs

Judge law legal

If the idea of managing 425 government controls  related to cybersecurity doesn’t scare you, how about helping your small businesses sift through a few of the 330 bills or resolutions considered by US and State Governments in 2019.

Failing to adhere to the distinct and varied bills ranging from state to state will not only get your SMB clients into legal trouble, businesses hit with cyber attacks are now facing class action lawsuits registered mere days after the breach.

The stakes are massive. With 43 percent of all cyber attacks hitting small businesses, and the average incident now costing companies $200,000 in 2019, the victim organization hasn’t yet experienced the worst fallout.

Ballooning government regulations that vary between states and countries have fueled lawsuits and government fines that can far outlast the business itself. When these incidents happen, small business can point the finger to their MSP for not providing comprehensive cybersecurity service. How do you respond to your clients when they say, “This is why we hired you. ” The MSP may well be dragged into court for failing on empty promises of providing security.

MSPs can no longer cull through the increasingly complex regulations that require complicated compliance requirements and assurances that customer data is being protected. Add in the international compliance regulations such as  General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), Community-Based Participatory Research Program (CBPR), and Payment Card Industry Data Security Standard (PCI DSS), and your clients’ can lose contracts, alliances, and partnerships.

The solution means more than deploying simple tools. Companies such as inSOC deliver services based on internationally recognized security frameworks like the National Institute of Standards and Technology’s Cyber Security Framework (NIST CSF) and the Center for Internet Security’s (CIS) Top 20 security controls to protect the MSP and their clients.

inSOC leverages the NIST CSF to build a proactive, policy-based, cybersecurity program to Identify, Protect, Detect, Respond, and Recover your clients most valuable data assets. Following such frameworks ensures that the business creates written and approved policies that define the information security requirements necessary to protect these valuable assets, and the framework provides the means to achieve these goals.

Hannah Lloyd, VP Channel Sales for inSOC, said NIST CSF, documentation is the foundational part of the NIST CSF framework.

“By implementing the NIST CSF, you can document your steps, including service delivery, based on the industry-recommended best practices.”

inSOC also understand the changing landscape of government regulations.

COPRA, the Consumer Online Privacy Rights Act, was supposed to enact definitive guidelines for the complex government regulation measures. But that national effort stalled due to COVID-19 and the economic fallout. Now, failing to follow complex regulations is a triple threat of government fines, class action lawsuits, and a publicity nightmare that threatens the MSP and SMB. Increasing need for SOC services also reflects the changing landscape of government regulations as attacks increase.

Since inSOC has worked with the shifting landscape of regulation for years, our in-demand team plans for updates. The one thing we can guarantee, is more regulation on the horizon.

Find out how inSOC can partner with you to help your clients achieve compliance by mapping to the NIST 800 cybersecurity framework.

Hannah Lloyd
VP Channel Sales