Information security is a hot topic, and one that continues to be the concern of businesses all over the world. As more of our data lives online, and black-hat hackers become more sophisticated, the risk of our data being exposed is higher than ever. Unfortunately, there are many organizations who do not have the necessary skill sets or bandwidth to make information security a priority. Because of this, these organizations will often lean on their trusted managed service providers (MSPs) to assist them with their security objectives. Here are some statistics that show how offering information security as part of your service offering can make a big impact on both your clients, and your bottom line.

[click_to_tweet tweet=”‘Only a third of organizations believe they have adequate resources to manage security effectively.’ #cybersecurity #mssp” quote=”Only a third of organizations believe they have adequate resources to manage security effectively.”]

Source: Ponemon Institute

[click_to_tweet tweet=”‘Worldwide security spending is forecast to reach $96B in 2018, up 8% from 2017.’ #cybersecuirty #infosec #mssp” quote=”Worldwide security spending is forecast to reach $96B in 2018, up 8% from 2017.”]

Source: Gartner

[click_to_tweet tweet=”‘By 2019, total enterprise spending on security outsourcing services will be 75% of the spending on security software and hardware products, up from 63 percent in 2016.’ #cybersecurity #infosec #MSSP” quote=”Gartner predicts that by 2019, total enterprise spending on security outsourcing services will be 75 percent of the spending on security software and hardware products, up from 63 percent in 2016. “]

Source: Gartner

[click_to_tweet tweet=”‘Post data breach response activities include help desk activities, special investigative activities, remediation, legal expenditures, product discounts, identity protection services, etc. In the United States, these costs were $1.56 million per breach on average’ #infosec #databreach #MSSP” quote=”Post data breach response activities include help desk activities, special investigative activities, remediation, legal expenditures, product discounts, identity protection services, etc. In the United States, these costs were $1.56 million per breach on average.”]

Source: Ponemon Institue

[click_to_tweet tweet=”‘Global spending on cybersecurity products and services is expected to exceed $1 trillion cumulatively from 2017-2021, a 12-15% year-over-year increase.’ #infosec #cyberspending #MSSP” quote=”Global spending on cybersecurity products and services is expected to exceed $1 trillion cumulatively from 2017-2021, a 12-15% year-over-year increase.”]

Source: Cybersecurity Ventures

[click_to_tweet tweet=”#Demand for information security jobs is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million employees.’ #cybersecurity #securityjobs #infosec #MSSP” quote=”Demand for information security jobs is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million employees.”]

Source: Forbes

[click_to_tweet tweet=”‘70% of employers around the world want to increase their cybersecurity staff size by 15% this year.’ #infosecjobs #cybersecurity” quote=”70% of employers around the world want to increase their cybersecurity staff size by 15% this year.”]

Source: Global Information Security Workforce Study (GISWS)

[click_to_tweet tweet=”’61 percent of breach victims in 2017 were businesses with under 1,000 employees.’ #databreach #cybersecurity #MSSP” quote=”61 percent of breach victims in 2017 were businesses with under 1,000 employees. “]

Source: Verizon

[click_to_tweet tweet=”‘The U.S. was the most targeted country in the past three years, accounting for 27 percent of all targeted attack activity.’ #infosec #cyberattacks #hacking” quote=”The U.S. was the most targeted country in the past three years, accounting for 27 percent of all targeted attack activity.”]

Source: Symantec

[click_to_tweet tweet=”‘56% say they have made changes to their strategies and plans to take information security into account, but only 4% are confident they have fully considered their current strategy.’ #infosec #mssp” quote=”56% say they have made changes to their strategies and plans to take information security into account, but only 4% are confident they have fully considered their current strategy.”]

Source: EY

Most people are relatively aware of the Health Insurance Portability and Accountability Act (HIPAA). It was created to make sure that medical records of patients remain safe, and that the medical providers accessing them are doing their best to ensure that’s the case. When most people think of HIPAA, they often go right to medical providers and hospitals. It’s important to understand that dental providers are also expected to adhere to HIPAA requirements. However, being HIPAA compliant poses challenges for dental providers. Here are some of those challenges, and what dental providers can do to combat them.

Failure to Identify Your Dental Practice as a HIPAA “Covered Entity”

Covered entities are required to follow HIPAA requirements. A dental practice is considered a covered entity if it transmits an electronic claim, payment, etc. to a dental plan or on behalf of a dental practice. It’s very likely that your dental practice is a covered entity and should be considering HIPAA requirements.

Missing Business Associate Agreements (BAAs)

Outside people or entities often have access to patient records and information. If your dental practice works with third parties of this nature, it’s important that you’re keeping tabs on them. Third parties are often root causes of breaches and data exposure. Continuously review your third parties and be sure you have BAAs for them.

Security Policies and Procedures

Well thought out, written plans are needed to ensure that your practice stays in compliance. Your HIPAA compliance policy should clearly state the responsibilities of your office and each staff member in protecting your patients’ private health information. The policy should clearly outline how your office handles and remediates various kinds of security breaches.

Training

Training employees is a critical component to HIPAA compliance, even for dental practices. Once you have your policies and procedures in place, it becomes critical that you train your employees on them. If someone’s job is affected by a change in your HIPAA policies or procedures, provide training on the change within a reasonable time after the change becomes effective. Training employees will limit the risk of breach.

Texting and Email

HIPAA applies to emails and text messages sent to a patient, such as for scheduling or appointment reminders. HIPAA also applies to emails and texts sent to another provider about a referral, with diagnostic images, or to discuss treatment. Here’s the kicker—HIPAA applies when a dentist emails patient records or information from a work email account to a personal email account, even if the dentist is doing so simply to finish up work from home later that evening. While HIPAA doesn’t prohibit using email or text to communicate patient information, it is important it’s done the proper way.

Social Media

A restaurant is very likely to respond to a Yelp, Facebook or Google review to either appreciate what has been said, or try to take corrective action. Dental practices must be a bit more careful. It’s easy to respond in a way that violates HIPAA rules. Ensure you and your employees understand privacy rules before responding to your practice’s reviews.

Other Media

As photos or videos are being taken of a patient there is the possibility that other patients may be included inadvertently. These photos and videos are quite often shared through social media and this can compromise those patients’ privacy. In addition, staff members of the practice might be included in the photo or video and this violates their privacy. Be cognizant of what is going on in the background of your images and videos so you do not compromise patient information.

Reporting Breaches

Breaches happen. It can and will happen to anyone at any time. It’s crucial that you understand what you need to report, and when. Covered dental practices must report all breaches of unsecured protected health information to the Office of Civil Rights, as well as to individuals and, in some cases, to the media. The bottom line is, have a plan for what to do in case an incident does occur, because it certainly can.

How can you get a better understanding of these challenges, so you know how to avoid and face them? A security assessment is a great tool to do that. Security assessments helps you identify where your gaps in security are. Once they’ve been identified, you can also use the assessment to develop action plans for improvement, meeting HIPAA regulations and proving to examiners that you have a strong data protection program. While there are many challenges as a dental provider to being HIPAA compliant and safeguarding patient information, getting a security assessment puts you on the fast track to understanding and preventing your patients’ data being compromised.

Information security demands are increasing at a dramatic rate. Security services are expected to grow to more than $100 billion by the year 2020 and nearly 40% of all contracts will be bundled with other security services and broader IT outsourcing projects. Becoming a managed security service provider (MSSP) and partnering with a security firm allows you to get ahead of this curve, and allows you to provide security services and enhancements to those customers that need and ask for them.

The Right Tools

Security tools are a key benefit of partnering with an information security company. By offering a broad range of products and offerings, you not only improve your customers’ security postures, but you’re also providing your organization the opportunity for strong monthly recurring revenue (MRR) and professional services revenue. This all starts with the assessment. Your customers won’t know how to improve their information security posture without first knowing what needs to be improved.

 

fisascore

SecurityStudio offers the most robust and comprehensive risk assessment tool on the market. Information Security is a complex mastery of many moving parts. To simplify this complexity, we needed a common language around security that anyone could understand. From this need came the FISASCORE. FISASCORE is a numeric scoring system that measures risk by evaluating the Administrative, Physical and Technical Controls of an organization. It’s built on the same scale as a credit score and translates to any organization, which makes it a simple and comprehensive way for anyone to speak to security.

 

VENDEFENSE

Often, when a breach or information security incident occurs, it comes from vendors of the company impacted and not the company itself. Not only do organizations struggle to manage the risk their vendors can bring to their information security, many of them aren’t even aware of who all their vendors are. Vendefense allows you to find, list, categorize and assess your third parties. Utilizing FISASCORE as the risk assessment metric, your customers can easily manage the risk of their vendors.

Understanding Requirements

Your customers may simply want to be more secure. However, there are many lines of business that have security requirements that they need to comply with. An additional benefit of becoming an MSSP by partnering with an information security organization is the knowledge base around audits, compliance and regulatory requirements. Working with security experts gives you training and assistance on these requirements so that you can ensure both you and your customers comply with regulatory requirements for your industry. In turn, you’ll also dramatically improve your customers’ security postures.

Set Up to Succeed

Even with great products, a partnership will not succeed without solid relationships and mutual engagement. It’s important that when you choose a security expert to partner with, you choose one that will continue to work in conjunction with your organization to help you succeed. Good security expert partners give you sales and analyst training, sales and lead generation tools, marketing content and more through a channel partner program. Not only does this put your organization in a position to satisfy all its customers’ needs and wants, but it also allows you to continue to expand your client and customer base. By leveraging techniques, practices and materials of expert partners, your organization quickly becomes a trusted security organization that your customers will continuously look to lean on and build off.

Information security demands are increasing at a dramatic rate. By becoming a partner of a security expert, you can provide your customers and clients with the right products and services to increase their information security, while driving a profit for your own organization simultaneously.

To learn more about how you can become an MSSP for your clients, visit our become a partner page.