Cybersecurity, Regulation, Liability, & Best Practices in Managed IT Services w/ Steven Cook

Host Dave Sobel engages in a thought-provoking conversation with Steven Cook, the owner of Strategic IT Services, a managed service provider (MSP) specializing in cybersecurity. Steven shares insights into the diverse range of services his organization offers, from general technical support to cybersecurity and disaster recovery. With a focus on co-managed IT, Steven explains how his company assists businesses of varying sizes, from solopreneurs to larger organizations in regulated sectors like finance and energy.

The discussion delves into the impact of regulations on customer needs, particularly in the energy sector, where recent political changes have significantly affected income streams. Steven highlights the challenges faced by small businesses in maintaining IT services, often opting for minimal or no support, which raises concerns about cybersecurity risks. He emphasizes the importance of having a baseline level of security measures in place, such as endpoint detection and response, to protect sensitive information and maintain operational continuity.

As the conversation progresses, the topic shifts to the evolving landscape of cybersecurity regulations, including the rollout of CMMC 2.0 and the implications of FedRAMP certification for software vendors. Steven expresses his expectation that demand for compliance with these standards will increase, particularly as more MSPs and MSSPs serve defense-related industries. He notes that while some vendors have yet to prioritize FedRAMP certification, there is a growing need for businesses to adopt security measures that meet regulatory requirements.

Finally, Steven shares his perspective on the liability of software providers in the context of cybersecurity incidents. He argues that while vendors like CrowdStrike bear some responsibility for their products, the onus also falls on businesses and IT implementers to follow best practices in deploying technology. This includes implementing phased rollouts and testing updates in controlled environments. The episode concludes with a call for clearer regulations and standards to protect businesses and their customers from the increasing threat of cyberattacks.

All our Sponsors:   https://businessof.tech/sponsors/

Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/

Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/

Support the show on Patreon: https://patreon.com/mspradio/

Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech

Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com

Follow us on:

LinkedIn: https://www.linkedin.com/company/28908079/

YouTube: https://youtube.com/mspradio/

Facebook: https://www.facebook.com/mspradionews/

Instagram: https://www.instagram.com/mspradio/

TikTok: https://www.tiktok.com/@businessoftech

Bluesky: https://bsky.app/profile/businessoftech.bsky.social