Being an MSP (Managed Services Provider) is hard work. Between managing your different client needs and keeping up with industry trends, it can seem like a never-ending battle. That’s before you consider the COVID-19 world we are living in today. One of the biggest stresses revolves around securing our clients. With new and evolving risks every day, it can become overwhelming. That’s where a Cybersecurity Baseline can help.

What is a Cybersecurity Baseline?

To define it simply, a Cybersecurity Baseline is a base set of security standards (controls) that must be met to ensure basic security. Defining a baseline can be tough but defining one as an MSP that fits the diversity of your clients can seem impossible. While difficult, it can provide a good starting point for securing your client and grant you an easy entry point into discussions around cybersecurity. Great, now what?

How to Develop an MSP Cybersecurity Baseline?

Unfortunately, there isn’t a template or application that can magically develop a well-rounded Cybersecurity Baseline. It takes time, effort and a good understanding of cybersecurity and your client base. However, we have added the following few items to help you along your way.

  1. Leadership Buy-In: You must get your senior leaders’ support before even considering implementing a baseline. It will add validity and weight to your task as well.
  2. Pick a Cybersecurity Framework: There are several frameworks and controls to choose from. Some examples are the NIST CSF, CIS Controls, NIST SP 800-53, COBIT, ISO 27001 and many more.
  3. Get Others Involved: You will need a diverse team including senior leaders and client specific network/system administrators that understand each client.
  4. Start Small: Set a small goal for the number of controls you plan to start with. This allows you to keep it simple to start and not think to granularly.
  5. Start Simple: Get the “gimme” controls. Simply put, add the controls that you and your client base already conform to.
  6. Meet with the Clients: You must meet with the clients and discuss what a baseline is and its importance as a starting point.
  7. Audit and Implement: The last thing you need to do is audit your client and see where they fall short of the baseline and then implement or plan for the changes to be made.

    But is it Worth it?

    In short, absolutely. There will be pains and there may be conflicting ideas and expectations. But, if you keep your client’s best interest in mind, you will only improve their security stance. Cybersecurity is only becoming a bigger part of the MSP world and will continue to do so as the attack surface area increases with the movement to remote working. Now, let’s get that meeting with your senior leaders!