Defining minimum standards of service is also a possibility for Ardoin, who was disturbed to learn that MSPs serving some of the victims of last year’s attacks weren’t using multifactor authentication.
“MFA is just a basic level of protection that everybody should have,” he observes. “If MSPs weren’t utilizing something as simple as multifactor authentication to protect themselves, then they certainly weren’t giving a level of protection to their clients, because that’s how they were infiltrated.”
Rather than enforce adoption of basic defensive tools like MFA through legislation, however, Ardoin is hoping channel pros will make security best practices compulsory themselves. “I would like to see the industry regulate itself and educate itself and the customers before government gets involved and screws it all up,” he says.
ConnectWise Vice President of Cybersecurity Initiatives Jay Ryerse, who conducted the interview with Ardoin, would like to see that too, which is why he included this session in IT Nation Secure’s agenda. The only question is whether or not leaders in the industry are ready to take on that task.
“If we can get the top three or four names to the table to talk about what we can do to align and self-police and self-regulate on security, how much better would we be?” he said in a recent conversation with ChannelPro. And make no mistake, he continued, what began in Louisiana is coming for the rest of the country before long.
“23 states have implemented privacy laws now, and many others are just working through COVID issues within their states before they get back to those types of legislation,” he notes. “What’s that going to mean for our industry?”