Is Your Practice Prepared for Cybersecurity Regulations?

Many have heard about Facebook’s consistently irresponsible data sharing practices, starting with the controversy surrounding their involvement with Cambridge Analytica and Mark Zuckerberg’s testimony in front of the EU in order to address these major cybersecurity concerns. Shortly afterward came the passing and implementation of the GDPR (General Data Protection Regulation), which took effect in Europe in late May 2018. So what does that have to do with you?

Some of the brightest minds in corporate America spotted this trend before it reached home. GDPR demands transparency and responsible data practices on the behalf of all enterprises that do business with anyone located within the EU. While many organizations primarily interact with U.S.-based companies, the implications of this new regulation are quite dramatic. Is your business using software or cloud-computing apps from a European company? Hiring virtual assistants from Eastern Europe in order to streamline your operations? Sending out email marketing blasts to clients who now live in Stockholm? Those all require GDPR compliance.

While each requires its own level of compliance, some examples of GDPR in effect are

1) Requiring all subscribers to opt-in again to receiving all newsletters/marketing emails/etc. and

2) Requiring companies to report any major data breaches to all of their customers within 72 hours of the breach occurring.

There are infinite variations to the regulation; the penalties for not adhering to these standards are in the millions of dollars, even for SMBs.

Cybersecurity has reached a turning point. We’ve transitioned from the era where an enterprise could “play dumb,” expect a slap on the wrist, pay minor fines and resume business as usual. Cybersecurity is now a central pillar of any organization’s success or demise, and with the stakes as high as they are now, SMBs need to address their data policies and practices immediately. However, just as each new regulation creates a shift in the industry, it also presents new opportunities for managed IT service providers to expand their businesses. For example, managed services providers can now offer GDPR compliance packages to their customers, who need to act immediately to safeguard their organizations from these hefty fines. Forward-thinking MSPs have already developed cybersecurity solutions designed to protect their customers today as well as to prepare SMBs for regulations that are on the horizon.

While most business owners dread the idea of spending time, energy and money on becoming experts at cybersecurity compliance, the opportunity is ripe for managed IT service providers, in addition to those who are expanding their business to encompass this aspect as well.

Managed services providers are born in moments like these. While the competition may be choosing to ignore this issue, since the regulations haven’t hit the U.S. yet, the most sophisticated companies are using this change to secure an early competitive advantage. If any organizations are looking for an opportunity to break into the managed IT services industry, this is their opportunity.

Brian Suerth is President of Technology Assurance Group (TAG).