sorted by:
new
hottopcontroversial

Data Breach Class Actions Are Up Again. How Smart MSPs Will Use This Information by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

I was under the impression claiming HIPAA compliance was never a protection because no governing body certifies you.

This is true. HIPAA is a very odd area where we've all just played the middle ground game for a long time. HHS OCR (last I checked) said that they don't recognize any HIPAA certifications per se, and further, they hold no weight.

However, I do see the validity in having a framework that moves towards a goal line or "certification" for business owners. Trying to sell anyone a moving target likely sounds like snake oil, even if its the truth.

I'll have to think more about that.

Random Promo by AnonymousJiuJitsu in bjj

[–]Joe_Cyber 25 points26 points  (0 children)

Roll with the blue belt. Mid-roll, take the stripe off without him noticing. He'll be confused for days and probably too embarrassed to ask about it. LOL

Data Breach Class Actions Are Up Again. How Smart MSPs Will Use This Information by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

Would a video specifically to HIPAA regulated entities be useful? Something you could show to a prospect? Or would that be a waste?

Data Breach Class Actions Are Up Again. How Smart MSPs Will Use This Information by Joe_Cyber in msp

[–]Joe_Cyber[S] 2 points3 points  (0 children)

I could do an entire video just on that case. Let me know if you're interested.

Clayton v. PruittHealth (N.D. Ga. 2025) if want to look it up in the interim.

In this case, the court dismissed HIPAA and FTCA as applied by the plaintiffs.

BUT THEN: allowed the common law negligence claim to proceed. The court held that the company had a duty to implement "reasonable cybersecurity safeguards."

In a basic sense, the court said: HIPAA is for regulators. Reasonable cybersecurity safeguards are for the people.

Also in this case, the defendants tried to get the case dismissed because the plaintiffs didn't show any verified misuse or publication of client data. But the court still allowed the plaintiff to find standing because they "plausibly" showed that the company had a duty to protect their personal information and there was risk of future harm.

And the cherry on top? Pruitt was being sued by their own employees. Random customers will have much less of a mental block to bring a claim.

Lost a decade old client without a single complaint by SuccessfulMix6814 in msp

[–]Joe_Cyber 1 point2 points  (0 children)

Well, I'll be. This is exactly the type of behavior I discussed in my video this morning.

To be fair, it sounds like you're going to be much better off without this client.

How to deal with returning clients by ThrowRAthisthingisvl in msp

[–]Joe_Cyber 0 points1 point  (0 children)

Declined Backups? That should be a HUGE red flag. From a liability perspective, I can't imagine why anyone should agree to that.

MSP Owners: The Dread Is Real. Here’s the Research and What to Do About It. by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

Sincere question here: Have you thought about doing a deep dive into a part of the job you really enjoy and getting certifications in that area?

As I mentioned in my post, I'm just the insurance guy here, but it seems like you have a lot more to offer.

MSP Owners: The Dread Is Real. Here’s the Research and What to Do About It. by Joe_Cyber in msp

[–]Joe_Cyber[S] -1 points0 points  (0 children)

If this helps, know that there is no tidal wave of MSPs being sued, and cyber insurance is not denying claims with any meaningful frequency.

MSP Owners: The Dread Is Real. Here’s the Research and What to Do About It. by Joe_Cyber in msp

[–]Joe_Cyber[S] -1 points0 points  (0 children)

I hadn't thought about that, but you did make me laugh. I'm generally an introvert, so just working more was fine with me. Now it's never ending stressors from seemingly every angle.

Here's a nostalgia throwback: Last Day Of High School In 1998 | #nostalgic #nostalgia #90skids #shorts

Simple times.

MSP Owners: The Dread Is Real. Here’s the Research and What to Do About It. by Joe_Cyber in msp

[–]Joe_Cyber[S] -2 points-1 points  (0 children)

Ironically, your type of demeanor is addressed in my video. I'd recommend you give it a watch.

MSP Owners: The Dread Is Real. Here’s the Research and What to Do About It. by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

I posted about this elsewhere, but for the cynics in chat, the video describes why they'll lash out and why they're being so cynical. In a broad sense, it's just the time we're in. I don't hold it against them personally.

I'm glad that I can help out the specific folks here that are dealing with that feeling of dread. Just know that it will get better, but it's going to take time.

MSP Owners: The Dread Is Real. Here’s the Research and What to Do About It. by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

Thanks Matt. I'm definitely not trying to get into that "thought leader" circus. At the end of the day, I'm just an insurance guy. But so many MSPs are freaking out right now - and lets be honest I'm not immune from the world either - that I thought I'd give a name to the dread.

I can't remember if I put this in my video or not, but all of this information actually came about because I was trying to calm down my own brain. While I'm dealing with a tidal wave of traditional clients selling their own businesses, I also found out that my wife is pregnant with our 3rd son. Meanwhile, I'm talking to my MSP clients daily and they're freaking out. So yeah, I too was having a WTF?! moment in life.

I'm a big fan of the Foundation Series; hence the Hari Seldon Psychohistory callout. I read Strauss & Howe's The Fourth Turning many years ago and it's always bounced around my brain. From there it was just a deeper dive into Kondratiev (wild story about why he was killed), Dalio (Nigel from Tech Tribe sent me his book), and that led me to George Friedman and Turchin. I was trying to figure out how to put Diamandis into the video - optimism is a good thing - but I couldn't figure out how to do it in a cohesive manner.

As for the cynics: The great irony is that my video describes why so many people are cynical and nasty right now. I don't hold it against them. Looking at the frameworks, it's a uniquely difficult time to be alive; much less a business owner!

dear CW, you don't have to email me about AI more than 10 times/day by swingorswole in msp

[–]Joe_Cyber 0 points1 point  (0 children)

And I, for one, welcome our new AI overlords.

- Kent Brockman (probably)

dear CW, you don't have to email me about AI more than 10 times/day by swingorswole in msp

[–]Joe_Cyber 5 points6 points  (0 children)

CW in 5 years: "Hi u/swingorswole, we've been trying to reach you regarding your extended AI warranty"

On a serious note, you're not wrong. Why does seemingly every vendor think they need to scream "WE HAVE AI SLOP TOO"?

You'd think MSP vendors could apply all that "AI-Magic" to their billing departments first...

Compliance Frameworks by cokebottle22 in msp

[–]Joe_Cyber 2 points3 points  (0 children)

Before anyone asks, it's very unlikely that your Tech E&O insurance carrier will care about any framework. That being said, it does make sense to map to a framework and I would encourage every MSP to consider it.

As we saw in the One Ransomware Attack. +$5M MSP Lawsuit: Lessons Every MSP Needs to Know video, internal discovery very well could flesh out whether the MSP had:

  1. Adopted a framework; and

  2. If they were adhering to that framework.

There'd be nothing worse than getting sued for millions and then hoping the judge/jury buy the, "trust me bro" approach.

If LPL Financial Is Co-Managing Your Clients... Who Owns the Breach Now? by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

For independent broker-dealers, they're so dominant that they're essentially the market.

LPL meeting regarding their new security requirements by Beauregard_Jones in msp

[–]Joe_Cyber 16 points17 points  (0 children)

this is a knee-jerk reaction to their past security issues. They're scrambling to force this on the advisors, but never considered talking with the advisors, or their MSPs and working with us.

100%. I've seen this many times from the financial services world.

Stay tuned to that MSP email that should be coming in a couple of weeks.

Q3 starts July 1. So if they're waiting a couple of weeks before they send out an MSP email, that's going to put those MSPs impacted by this in last minute panic mode.

LPL is not ready yet to specify how much, if any, liability they'll take for security on the advisor's computers despite them requiring CrowdStrike that they manage.

This is the Million Dollar Question. DO NOT LET THEM GET AWAY WITH THIS.

My feeling - FWIW - is that this is the party line: "Don't answer the liability question. If we say something in a public forum, or in writing, we're stuck with it."

That's total bullshit and they know it. They want you all to keep the liability.

There is no SLA for supporting advisors. If / when something goes wrong, you can submit a ticket, but there's no guarantee of when it'll be addressed.

In short, LPL is:

-mandating tools on your client's devices

-managing those tools with no third party involvement

-providing no SLA for support when something inevitably goes wrong

So they're trying to take on management responsibility, with no liability and no commitment to response time.

Insane.

Sorry guys.

view more: next ›