Erick Simpson’s MSP Newsletter | January 2024 | 3 Changes to Cybersecurity Compliance That MSPs Must Understand
3 Changes to Cybersecurity Compliance That MSPs *Must* Understand
Recent key changes in cybersecurity compliance laws and enforcement practices can and should unlock new business opportunities for MSPs in 2024.
MSPs struggle to avoid seeing their services commoditized by customers looking for the best-bargain (but minimally effective) options they can find. Offering compliance expertise and an effective suite of services to check those boxes—and explaining that businesses who skimp on compliance are at significant risk—is an increasingly powerful competitive differentiator for MSPs.
In 2024, MSPs should capitalize on compliance opportunities aligned with these unfolding compliance developments:
1. The FTC Safeguards Rule is now in effect.
Written in 2021, the FTC Safeguards Rule finally went into effect in June 2023. It requires millions of businesses to comply with strict financial data cybersecurity regulations. The FTC Safeguards Rule applies to any business under FTC jurisdiction (and not that of another regulator) that “acts as a financial institution.” In practice, this actually means any business that regularly transfers money to and from customers. Businesses like car dealerships, mortgage lenders, and countless others must now implement comprehensive information security programs to comply.
For MSPs, this means millions of potential new customers who now find themselves requiring more robust cybersecurity tools—along with visibility into (and evidence of) how their security tools directly map to FTC Safeguards mandates. MSPs pursuing these customers will find regulators actively driving them into their waiting arms, with threats of $100,000 fines per violation, additional fines targeting individual business leaders, and risks to business licensing. And, regulators have signaled more active enforcement in 2024.
2. HIPAA is evolving.
HIPAA’s mounting complexity makes it increasingly perilous for small or medium-sized healthcare businesses to ensure compliance on their own. In a departure from previous “do it yourself”-focused guidance, the government’s 405(d) Health Industry Cybersecurity Practices (HICP) guidelines now offer advice for businesses on how to choose an effective cybersecurity MSP partner. MSPs eager for more business would be wise to match that criteria.
Another change—brought on by recent bill H.R.7898—maps HIPAA-compliant practices to modernized cybersecurity standards, such as the NIST Cybersecurity Framework and ISO 27001. With this shift, MSPs have extra latitude in their strategic approaches to protecting clients and ensuring HIPAA compliance, as well as a clearer picture for aligning specific controls with compliant safeguards.
2024 is also bringing changes to HIPAA enforcement. Regulators have reduced fines to fit what businesses can actually afford to pay, while ramping up the frequency of enforcement actions. Businesses now face fines of $35,000-$50,000 per violation that they absolutely must pay if caught out of compliance. MSPs equipped to protect clients from those fines will thrive in 2024.
3. CMMC is becoming CMMC 2.0.
Many businesses are lured to pursue CMMC compliance in order to become eligible for lucrative contracts with Department of Defense contractors and subcontractors. CMMC includes an assessment and certification that a business meets DFARS 7012 compliance, meaning that its cybersecurity can protect controlled data in alignment with NIST 800-171 controls and some additional requirements.
What’s new is that CMMC 2.0 will arrive in 2025, and the details are currently being hammered out. MSPs capable of guiding clients through to CMMC certification—and aligning protections to changes as they emerge—will make the most of the opportunity created by those changes.
2024 is a year of business opportunity for MSPs
Cybersecurity and data safety are such serious concerns that, very soon, there won’t be any type of business allowed to operate without stringent regulations. Particularly as enforcement ramps up in 2024, MSPs that position themselves to support businesses in achieving solid compliance will reap substantial dividends.
Cam Roberson is the Vice President, Channel, at San Jose-based Beachhead Solutions. The company’s MSP platform, BeachheadSecure for MSPs®, provides partners with PC & device encryption, security and access controls necessary for complying with CMMC 1 & 2, FTC Safeguards, HIPAA, ISO 27001, NIST guidance, and more. Cam began his career with Apple Computer, where he held several senior product management roles in the computing and imaging divisions.
Cybersecurity Predictions 2024: Using AI for Sales Emails: The Good and the Bad
This year will be a pivotal moment in the evolution of artificial intelligence, marking a period of significant transformation and emerging challenges. As businesses scramble to find ways to leverage AI, we explore potential challenges and opportunities in the second installment of our AI and Cybersecurity webinar series sponsored by Gen.
Join Massimo Rapparini and me as we share how MS(S)Ps can use AI for sales lead generation emails that stand out to deliver results, and how to help protect your customers from business email compromise attacks that utilize AI.
Register and get my custom Email AI Prompts Cheat Sheet FREE!
Key Takeaways:
- Innovative AI-driven sales email strategies
- Best practices for AI implementation
- Understand the AI-generated cyber-threat landscape
- Proactive cybersecurity measures for MSPs
- Future cybersecurity trends and predictions
- Maximizing MSP value through AI adoption
Register even if you can't attend and we'll send you a link to the Recording!
Tune In to our Weekly MSP Chat Podcast!
Transform Your Business Into a
Best In Class MSP/MSSP
2024 Live Channel Event Calendar - One Calendar to Rule Them All!
We’ve scoured every source in the industry to bring you the most comprehensive live channel event calendar for MSPs we can. Attending the right events with the right strategy helps you and your staff meet with peers, vendors and attend valuable sessions to overcome business growth challenges to stay ahead of the competition. We’ll be adding more events as they are announced, so check back often!
Catch Up With Me On The Road!
I’ll be on the road a lot in 2024, so let’s catch up for a chat, coffee, beer or to share a meal together! Here’s Where I’ll Be This Year (So Far):
- Feb 8-9: SMB TechFest
- Feb 27-29: CharTec Academy
- Mar 11: CPExpo / MSP Summit
- Mar 12-14: CompTIA CCF
- Mar 27: MSP Rescue
- Apr 29- May 2: Kaseya Connect Global
- May 9-10: SMB TechFest
- Jul 30-Aug 1: CompTIA ChannelCon
- Oct 17-18: SMB TechFest
- Oct 22-24: CharTec Academy
- Oct 28-30: Kaseya DattoCon
- Nov 6-8: ConnectWise IT Nation
- Nov 12-13: ChannelPro LIVE
MSP Mastered® Peer Group Applications
Now Being Accepted
Apply Now - It's The Easiest Decision You'll Make All Day!
Are you ready to catapult your MSP Practice to new heights? We’re not accepting applications for our new MSP Mastered® Business Improvement Peer Groups, a unique platform designed to empower entrepreneurs like you to overcome challenges and enhance profitability.
We believe in the transformative power of collective wisdom and are committed to helping each member achieve their business aspirations. Don’t miss this opportunity to be a member of a group of your peers that could change the trajectory of your business. Apply now and take the first step towards unlocking your business’s full potential. We look forward to seeing you in the group!
Collaborative Learning: Engage with like-minded MSP business owners, sharing insights and strategies to foster collective growth.
Expert Guidance: Benefit from the wisdom and experience of industry leaders who have navigated the path to success.
Tailored Solutions: Tackle your specific business challenges through personalized advice and support.
Networking Opportunities: Expand your professional network, unlocking new business opportunities and partnerships.
Accountability and Support: Stay motivated and on track with the encouragement of a supportive group that understands your journey.
Erick Simpson
MSP Expert | Influencer | Thought Leader
MSPMastered.com | [email protected]
(800) 414-1441
2271 W. Malvern Ave. #169, Fullerton, CA 92833
About Erick Simpson: MSP Expert | Influencer | Thought Leader
A pioneer and leader in the managed services industry, Erick Simpson is internationally recognized as the #1 source MSPs seek for advice on running their businesses in North America. He built and sold one of the first MSPs in the industry and grew and coached thousands of IT Solution Providers through their MSP transformation with his MSP Mastered® Methodology for managed services business performance improvement.
Erick is an MSP business & channel growth expert, influencer, thought leader, speaker, and author of four best-selling books and over 50 white papers. His strategies and programs help MSPs overcome business challenges to realize consistent, profitable, managed services recurring revenue growth. His M&A expertise has helped dozens of MSPs sell their businesses at the highest valuation or expand through acquisition. He delivers strategic market analysis services, builds and improves channel programs for IT vendors and distributors, and helps recruit and enable their channel partners through his thought leadership podcasts, webinars, workshops, and event keynotes and breakouts.
Erick’s industry recognition includes Channel Futures’ 7 Thought Leaders Defining the MSP Market, Jay McBain’s 100 Most Visible Channel Leaders, 2 Time ChannelPro 20/20 Visionaries, 2 Time MSP Mentor 250 and SMB Nation’s SMB 150 award recipient.
