Louisiana Legislation Signs Louisiana Act 117 – Senate Bill 273, Requiring MSP Registration
Louisiana Act 117 – Senate Bill 273 was recently signed into law, and requires MSPs that manage infrastructure or end-user systems for “public bodies” to register with the state. This bill further builds on extant breach notification laws as well, requiring MSPs to disclose cyber incidents (including ransomware payments) to the state, putting the onus on them instead of the victim business.
This bill was undoubtedly brought about for two key reasons:
- The ongoing series of cybercrime attacks that have targeted businesses across the country, including public bodies like local governments. In July of last year, four Louisiana school districts were hit with ransomware; in November, Louisiana’s DMV offices were taken offline in another ransomware attack. The bottom line is that if an MSP were responsible for these organization’s cybersecurity defenses, this new legislation would have that info tracked through registration, and the details of the event logged through disclosure.
- The MSP market is enormous, and it’s still growing – IT budgets have grown in recent years, with 44% of businesses planning to increase IT spending in 2020, up from 38% in 2019. Furthermore, the global managed services market is expected to double over the course of 2017-2023, from USD 155.91 billion to USD 296.38. The result is that there are so many MSPs operating in the US, all with varying degrees of capabilities – registration will help further legitimize the sector (while not technically regulating it, yet).
What Does This Legislation Mean For MSPs And Their Clients?
Even if you’re not operating in Louisiana, MSPs and their clients need to see the writing on the wall – this type of legislation is likely to show up in other states too. It suggests that MSPs need to step up and offer a high quality of service, and clients need to seek it out – especially when it comes to cybersecurity.
User awareness is a fundamental part of effective cybersecurity. It can protect your organization from a range of threats. The fact is that a majority of cybersecurity services offered today include the best in vital technologies, from firewalls to anti-malware to data encryption and more. However, as important as this technology is, on its own, it simply isn’t enough.
Much of cybersecurity is dependent on the user, and as such, it’s vital that you properly educate your employees and volunteers in safe conduct. The more your workforce knows about the security measures you have in place, the more confidently they can use the technology is a secure manner.
This is especially important when it comes to phishing attacks and ransomware. Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources to get recipients to reveal sensitive information or download dangerous malware.
With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors to persuade employees to give them money, data, or crucial information.
The fact is that businesses aren’t learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years. The average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents is that you get desensitized to the whole thing.
Cybersecurity training is by far the most effective way to defend your organization from phishing and ransomware, which is why MSPs need to offer it. This approach recognizes how important the user is in your cybersecurity efforts.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.