Demystifying NIST: A De Facto Framework for MSPs
This post is adapted from the Blacksmith Infosec book, Forging Trust. The NIST Cybersecurity Framework (CSF) is widely regarded as the foundational standard for cybersecurity risk management in the United States and internationally. Originally developed to improve critical infrastructure cybersecurity, the framework has evolved to address the needs of organizations of all sizes and sectors, […]
EOS Principles and Operationalizing MSP Security Programs
Many MSPs have embraced the Entrepreneurial Operating System (EOS) to organize and grow their businesses. EOS is lauded for its structured approach to goal setting, team roles, and operational discipline — qualities that have helped countless MSPs reach new levels of performance. But what if you could apply the same proven principles that make EOS […]
SOC 2 and NIST CSF: Forging Trust and Differentiation in a Crowded MSP Market
For MSPs, aligning with SOC 2 and the NIST Cybersecurity Framework (CSF) offers distinct yet complementary advantages. Both frameworks enhance credibility, streamline compliance, and give managed service providers an edge in positioning in competitive markets. As two of the most influential frameworks in this space, SOC 2 and NIST offer distinct but complementary approaches to […]
HIPAA Compliance in 2025: Persistent and Evolving Challenges
It’s been nearly three decades since HIPAA was enacted, yet compliance remains a significant challenge for healthcare providers and other entities handling protected health information (PHI). The regulatory landscape continues tightening. Cyber threats grow more sophisticated. In the wake of it, organizations must address both longstanding and emerging obstacles to avoid costly penalties and protect […]
Third-Party Risk Management: Extending GRC Beyond Your Organization
Third-Party Risk Management (TPRM) has become a critical extension of Governance, Risk, and Compliance (GRC) programs as organizations increasingly rely on vendors, suppliers, and subcontractors for essential operations. With 60% of organizations working with over 1,000 third parties — and many relying on fourth parties (the vendors of vendors) — modern GRC frameworks must address […]
The MSP Cybersecurity Newsletter: Building Client Trust Through Key Updates
As a Managed Service Provider, you face the dual challenge of protecting your clients while demonstrating your ongoing value. One of the most effective (yet underutilized) tools for accomplishing both goals is a well-crafted client newsletter. Even if you’re aware of the potential benefits, determining what content to include in each edition can be daunting […]
Security Awareness Training That Sticks: Microlearning Strategies for Busy Teams
Traditional security awareness training often fails to create a lasting impression on employees, despite the rising awareness of its importance. Enter microlearning: a trending approach that delivers security concepts in brief, focused segments designed specifically for today’s busy (or attention challenged) workforce. By breaking complex security protocols into short modules that employees can access anytime […]
Shadow IT and the Hidden Compliance Threats in the Channel
You’ve heard of it. You’ve thought about it. Shadow IT. While the term conjures images of rogue employees, the reality is far more nuanced — and far more dangerous. Shadow IT refers to the use of unauthorized cloud apps, storage, or services by employees or partners, often in pursuit of productivity or convenience. For MSPs […]
Who’s Driving Compliance? Discussion and Upcoming Webinar
Today, we’ve got a sneak peek at the talking points for this month’s episode of Get NIST-y. We’ll be joined by Liongard’s Michael Cannady as we explore the driving forces behind the compliance trend. What sort of info and insight can you expect from this live chat? The Myth of Rollbacks: Is Deregulation the End […]
HIPAA-Covered Entity Strikes Back With Lawsuit
The MTL vs. Ntirety Lawsuit: Establishing New Precedent for Business Associate Accountability In an unprecedented legal move that could reshape healthcare data protection standards, Molecular Testing Labs (MTL) has filed suit against its MSP following a significant data breach. The Vancouver, Washington-based laboratory specializing in precision diagnostics discovered on March 12, 2025, that patient data […]