Guest Tim Golden, founder and CEO of Compliance Scorecard
Key Points Discussed:
Compliance as a Framework:
- Tim describes compliance as the "referee for cybersecurity" that provides playbooks, rules, and regulations to follow. He emphasizes that multiple compliance frameworks exist because different industries have different needs and requirements.
The Four A's Approach: Tim outlines Compliance Scorecard's methodology:
- Alignment: Following a specific framework or playbook
- Authorization: Getting client buy-in and ownership of their compliance responsibilities
- Adoption: Ensuring end users understand why compliance matters
- Assessment: Regular evaluation to prevent documentation from becoming "shelfware"
Insurance as a Compliance Driver:
- The panel discusses how cyber insurance requirements are forcing businesses to implement security measures. If companies falsely claim to have security measures on insurance forms but don't implement them, claims may be denied when breaches occur.
Essential Security Measures:
- When asked about the most critical first steps, Tim immediately recommends implementing multi-factor authentication everywhere.
Schedule Your Free Security Assessment
Risk Register Importance:
- Tim explains that a risk register helps businesses track identified risks and decide whether to mitigate, accept, defer, transfer, or avoid each risk.
Compliance Culture
- : Instead of punishment-focused approaches, Tim advocates for rewarding good compliance behavior and helping people understand the "why" behind security requirements.
MSP Industry Standards
- : The hosts discuss how MSPs (unlike barbers or other professionals) don't currently have regulatory requirements despite "holding the keys to Fort Knox" for their clients.
About Compliance Scorecard:
- Offers a platform with policy templates based on 20+ years of experience
- Allows MSPs to deploy policies to multiple clients with one click
- Includes tracking for authorization, adoption, and assessment
- Features a leaderboard to positively reinforce good compliance behavior
- Built specifically for MSPs by people with MSP experience
The episode concludes with Justin's three-area framework for business owners to hold their IT providers accountable: protecting technology, protecting data, and protecting people - with cybersecurity insurance covering the remaining gaps.