More Than 98% of MSPs Operate Without Any Cybersecurity Certification. Why This Should Terrify You.


It’s common for many professional services firms to outsource their IT to Managed Service Providers (MSPs). These technology experts become important partners in streamlining operations and day-to-day activities as well as putting security and compliance protocols in place to keep your data safe and aligned with regulatory standards. But how safe is your MSP? These days, MSPs are vulnerable to cyberattacks, and even more alarming, they can serve as the launching platform for attacks into their clients’ systems.

Strategic Technology Solutions always goes above and beyond to safeguard our clients. Recently, we underwent an extensive audit in order to operate under the Statement on Standards for Attestation Engagements (SSAE) No. 19 with controls be brought to follow CIS 20 certified critical security controls. Recognized as the gold standard for security, organizations must exhibit a methodical and continued approach to handling restricted information if they want to acquire this certification. STS is currently one of the first MSP and private cloud providers with expertise in working with the legal community to receive such a certification. 

Endorsed by leading IT security vendors, governing bodies, laws, and regulation authorities, the CIS20 Critical Security Controls and CIS Benchmarks are global industry best practices implemented by enterprise-level corporations and Fortune 500 companies. SSAE-19 cybersecurity certification reports are the benchmark compliance report for MSPs, and organizations impacted by cybersecurity compliance and regulations, including CCPA, HIPAA, PCI, and SOX. At STS, we utilize SSAE-19 cybersecurity certification reports in conjunction with the CIS20 
Controls to properly establish protections for our business and our 
service delivery systems, safeguarding access to our client’s systems

Notably, less than 2% of MSPs ever achieve the operational maturity to get SSAE 19 certified. It is rare for MSPs to gain this certification, and many have been operating unchecked for decades. This is due to several MSPs who originally opened their businesses as conventional product resellers and transitioned into an MSP role because that’s how the market evolved. Others started out as the technical guy who could fix computers. They eventually built a business around this skill and sold themselves as MSPs. But neither of these entities ever truly developed into an authentic MSP with a strategic, effective delivery model, and hardly any have gone through the rigors of obtaining the Statement on Standards for Attestation Engagements (SSAE) No. 19 with CIS 20 certified critical security controls. It takes the average MSP at least one year to prepare and the management to maintain the certification is demanding and never-ending. As a consequence, other MSPs are usually ill-equipped to handle complex security issues, and they leave their customers open to a lot of risk.

As an MSP offering end-user systems and IT infrastructure, our clients trust us with their sensitive data, intellectual property, and valuable assets. We are some of your firm’s most relied upon advisors who have the advantage of access to your entire business—in essence, the keys to the kingdom. And even if your firm has the most secure system in the world, hackers will always seek out the path of least resistance. If the weak link is your MSP, attackers can target them, compromising their networks, which can potentially allow them access to multiple firms, including yours. At this point, a cybercriminal can then move into your critical systems, steal money or valuable information, and cause technical shutdowns, costly lawsuits, and damage to your reputation.

STS is currently one of the first MSP and private cloud providers with expertise in working with the legal community to receive SSAE19 Certification. 

That’s why at STS, we believe our network, infrastructure, and systems must not only be robust and secure, they must be a thousand times more so in order for us to be more alert, more proactive, and more effective than any other provider. This includes continuously monitoring our own protocols, identifying risks, and using next generation threat protection, as well as best practices and global industry-wide audits such as the continuous, annual Statement on Standards for Attestation Engagements (SSAE) No. 19 with CIS 20 certified critical security controls. 

Need an MSP who is meticulous about security? Talk to us. With more than 20 years of experience, our experts have a deep understanding of the professional services industries, and consequently, we have a clear insight into the technology, system requirements, and specialized software needed to help your firm realize success like never before. And because security and compliance are our specialty, we ensure your IT is strong, seamless, and safe with environments that work and scale with your firm’s growth while proactively heading off issues before they become problems.To learn how STS enhances your security maturity levels, while mitigating risk and protecting your firm against cyber threats, contact us today at 1(800)377-1648.

Ready to leverage technology to increase your productivity, protection and profitability?