No, tools are not enough!
The majority of the messaging that we see related to cybersecurity portray “locking things down” and raising end-user awareness. While we agree that these are both critical our Secure Outcomes initiative starts with the foundation before instructing you on building the rest of the house. By doing so, our members are in a better position to lead by example and ensure that they are in the best position possible when it comes to breach liability.
By following our plan of building detailed internal policies, tied to CIS standards, our MSPs have control documents to not only establish their security posture but to defend it when questioned. From Controlled Use of Administrative Privileges to Malware Defenses and Inventory of Authorized and Unauthorized devices and more our members are guided through the modification of the policies to suit their needs. We set each group up in CyberHoot so that we can all track the required yearly policy reviews that are required to avoid liability. No matter how good you think your Cybersecurity insurance is, the future of our industry is dependent on solid policies, strong documentation of policies, yearly documented review, sound tool selection, appropriate insurance and a reliable place to discuss and compare best practices.