Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

Return to ChannelPro Special Report Q1, 2024
February 19, 2024 |

How MSPs Can Avoid Cybersecurity’s Legal Pitfalls

Experts share best practices on how to best protect your MSP — and your customers.

SMBs often trust their managed services providers to protect their privacy and sensitive data. In the current threat landscape, however, breaches will occur, resulting in potential legal implications. MSPs have a better chance of shielding themselves from debilitating expenses and extended litigation if they follow some best practices.

Don’t Over Promise

Too often, MSPs commit to providing services they don’t have the resources to provide, observed Blair Dawson, member of Chicago-based law firm McDonald Hopkins LLC.

Blair Dawson

While this tendency may stem from good intentions — the firm wants to please its customers — it’s not a good practice, Dawson said. “If you have things like patching [or backup] schedules in the agreement and you don’t follow through with them, that can get you in a lot of trouble.”

Dawson also counsels her clients against committing to unrealistic notification deadlines.

For example, some customers may demand notification of an incident the moment the MSP suspects that a breach occurred, which isn’t realistic, she explained.

“It’s hard to comply with that, and also it could expose you to having to work with your client through an incident that turns out to not be an incident.”

Involve Your Insurance Carrier

Bradley Gross, president of the Law Offices of Bradley Gross PA in Weston, FL, urged MSPs to contact their insurance providers soon after a suspected breach occurs.  

This may not result in the services provider making a claim, but it lays the groundwork for them to do so, if necessary, Gross said.  “Notification is usually the first step, and it is a non-delegable prerequisite to filing a claim later.”  

Determine Liability

An MSP is liable to its customers if it has done or failed to do something that led to a breach, Gross said. For example, the MSP may have neglected to apply a security protocol listed in its master service agreement (MSA).

That said, if the MSP lived up to its contractual commitments and standard industry practices, it likely won’t be held responsible, Gross said. “Breaches happen even in the best practice scenario, so not all of them result in liability.”

For MSPs that outsource security services to SOCs, Gross highlighted the importance of differentiating between services directly provided by the MSP and those it resells. This protects the MSP from being liable if its SOC experiences a breach.

“Make it very clear in contracts that there are services we provide, and then some we facilitate,” Gross emphasized.

Bradley Gross

 

Calculating Damages

If an MSP is to blame for a breach, it is exposed to two main categories of damages:

  • Actual damages, those that result from the incident, such as mediation expenses, forensic investigation, and breach notification costs
  • Consequential or indirect damages, such as a client experiencing profit loss

MSPs may protect themselves from having to pay out consequential damages by waiving them in their MSAs, Gross noted. “That is something every MSP should be doing.”

Set Clear Expectations

Customers, too, share responsibility in following security best practices, and Gross advises MSPs to spell this out in their documentation.

“It’s important for MSPs to allocate responsibility between what the MSP will handle from a security perspective, and what the customer will handle,” he said.

For example, if the client circumvented a security protocol implemented by the MSP, the latter shouldn’t be held responsible for a breach, he said.

“Allocations of responsibilities should be very clear. [That way], responsibilities are laid out so there is no question about who did what, or who should be doing what, at any given moment.”


 Image: iStock

Return to ChannelPro Special Report Q1, 2024

Editor’s Choice

Introducing ChannelPro’s Top 20 MSPs for 2024

June 18, 2024 |

These companies lead the way in building up the IT channel, as well as ensuring that their clients run thriving businesses.

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

AI-as-a-Service Takes Shape for 3 MSPs

June 4, 2024 |

AvTek Solutions, LAN Infotech, and PCH Technologies share how they are working with the new AI-as-a-Service platform in their day-to-day business.


Related News & Articles

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience