themselves at risk for massive penalties should an incident occur , be it an actual breach or a customer complaint to a regulatory body .
Either of these events can trigger an audit , and the first thing the auditor does is request documentation that the business has taken the expected steps to harden their network , protect private information , assess threats , and mitigate those threats as needed . If the business hasn ’ t taken those preventative actions ( or doesn ’ t have proof that they were performed ), the fees for these violations will soar even higher than their already steep minimums , which can start at $ 15,000 per compromised record .
Ignorance of the rules is not a defense in these cases , so SMBs must be proactive in protecting their systems . MSPs can convince SMBs to invest in these security solutions , illustrating that the upfront expense is nothing compared to the consequences of having thousands of records compromised if they are negligent .
Compliance Is A Differentiator For MSPs
MSP services haven ’ t quite reached commodity status , but standing out from the pack is becoming more difficult as additional players enter the market . Compliance offers an opportunity to stand out from
the crowd , as only 25 % of MSPs currently offer these services .
Many have stayed on the sidelines because they don ’ t have the expertise required to sell and deliver comprehensive compliance solutions . Each standard has very different reporting requirements , and the landscape continues to evolve .
However , MSPs don ’ t have to figure this out themselves . Some vendors have already done the homework and worked with subject-matter experts to offer tools and best practices that support the various compliance standards , which are all focused on hardening the networks .
To start , a viable vendor solution should start with letting the MSP leverage a set of “ best practices ,” called a Policy and Procedures document , that gives the MSP a cookie-cutter , repeatable approach to compliance . The solution should be highly automated , collecting various data points across the network to detect compliance issues . Further , the solution should automatically produce the mandatory documentation required under the standard , such as a risk analysis , a management plan , and supporting evidence of compliance . Armed with these tools , MSPs can ensure their clients have made a reasonable attempt to address each component of the compliance standard that they are subject to . By providing the required documentation that auditors will seek after an incident , companies will face far less trouble .
Now Is The Time To Add Compliance Services
Compliance is in the news and on people ’ s minds . Offering a solution to this challenge facing the MSP customer base lets MSPs capitalize on the attention compliance is receiving and prevent their clients from ending up in the headlines for the wrong reasons .
It ’ s a smart play for MSPs from a revenue perspective , as well . The incremental revenue opportunity is significant , and an extra 20 % in monthly recurring revenue can make a massive impact on the profitability and growth potential for any MSP business . Compliance services can also reduce client churn , since regulated customers will be forced to look elsewhere if their current MSP can ’ t provide them with adequate protection .
On top of making more from existing clients , offering compliance services can open the door to many potential customers that would otherwise remain closed . HIPAA alone covers nearly 10 % of potential MSP targets , and anyone doing business in Europe is now subject to GDPR . Strong compliance messaging can break through the noise and carve out a niche for enterprising MSPs .
Don ’ t get intimidated by the acronyms and legalese ; compliance is here to stay . MSPs must make compliance services a top priority today to address the threats and customer demands of tomorrow . n
VOLUME 2 • MSPSUCCESSMAGAZINE . COM | 7