Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Today we’re digging into one of the most dreaded but potentially most powerful parts of running an MSP compliance.
For many providers, compliance feels like a never-ending checklist, a client headache, or worse, a barrier to growth. But what if you could flip that script? What if regulation became your competitive edge? Our guest today is Dustin Bolander, founder of Beltex Insurance, a commercial insurance provider for professional services.
Dustin’s perspective is clear. Compliance isn’t a part-time gig, but it doesn’t have to be a resource drain either.
In today’s episode, we explore how MSPs can simplify compliance, reduce risk, and turn regulation into a powerful sales tool. We’ll also get Dustin’s take on the frameworks. MSPs often get wrong what to avoid with CMMC and how emerging tools might reshape the way MSPs tackle compliance in the years ahead.
It’s a sharp, practical conversation that every growth-minded MSP should hear. But first, here is Adam with today’s threat briefing.
Threat briefing with Adam Pilton
A. P: Imagine this scenario. It’s 9:00 PM and an attacker is prowling at your client’s network. They spot the Cisco phone server, the unified communications manager box, quietly listening on Port 22. They jump in with a factory-set username and password that Cisco forgot to remove.
Cisco have now disclosed CVE-2025-2039 on the 2nd of July. A hard coded route slit into all unified CM Version 15 engineering special builds shipped before July’s fixed release.
Anyone who knows the credentials gets instant password free route over SSH. Cisco’s patch the July fix build removes the account, but nothing else blocks it.
Here’s how the attack unfolds. The attacker reaches the phone server either across the internet or from a beachhead PC. They log in with the public root credentials, no prompt, no MFA, nothing.
And then with full control, they can:
- reprogram dial plans to siphon calls or rack up toll fraud.
- copy call recordings that contain passwords and MFA codes
- drop web shells or malware to gain persistence
- leverage the trusted voiceover to hop into file shares and databases
The only breadcrumb is a route login entry in a rarely watched log file.
So, here’s what you need to do.
- patch immediately. Upgrade every unified CM server to Cisco’s July fixed build. No other fix exists
- lockdown SSH
- restrict Port 22 to your management subnet block it at the edge
- sweep for compromise
- pull the secure log and look for route logins you didn’t make. If you see one, treat the box as owned. Rebuild it, rotate stored credentials, and check for lateral movement and segregate voice from data
- keep phone servers on their own VLAN
- ensure firewalls are in place
- a voice box should never be a shortcut to the business network. Cyber criminals aren’t hacking in. They’re logging in with a password Cisco left behind.
Patch the server, police your SSH, and quarantine anything that looks suspicious. Let that backdoor account continue to ring and you’ll hand attackers every handset, voicemail, and worse your customers trust. Stay sharp. Catch you in the next for a brief. Back to you Jacob.
Dustin Bolander on Cybersecurity Maturity Model Certification (CMMC) clients
Jacob Hazelbaker: Dustin Bolander, thank you for your time today.
Dustin Bolander: Oh yeah, of course. Thanks for the invitation.
J. H: I’m really excited for today’s conversation. Your expertise, the area in which you focus is one of my weakest points: insurance compliance. So, I think there’s a lot you’ll be able to teach me and hopefully our listeners as well in the MSP space.
D. B: I’m just happy somebody’s excited about insurance.
J. H: Right. It’s what everyone wants for Christmas, insurance. That’s the jam.
So, how did you see the compliance landscape evolve for MSPs, especially over the past few years, and what new trends are you seeing in that space?
D. B: CMMC is the huge Gold Rush right now. Everybody wants to get into it. Just anecdotally, from conversations, is one of the big things I’m telling people ’cause they’ll ask about on insurance, you know, what do you see? What’s insurance soon with CMMC?
The answer is ‘not a lot’. Insurance is yet another framework, sorry, everybody, but they’re not adhering to existing stuff very much.
They’ll look at your client base. So if it’s, you know, I’m really heavy in the defense industrial base, DIB, then at that point, that may kind of change your rates a little bit. But they’re not saying like, ‘oh, Jacob, are you guys CMMC, level one or level two, when was the last time you did a NIST assessment?’
Things like that. So, it’s still kind of adjacent. All that being said, though, a lot of MSPs, MSSPs talking about it and the piece where I’ve been, again, working with smaller MSPs is CMMC is a huge list.
I’ve gone through some of the NIST audits, around like the 180 1 53. It’s been a while. I’m not an expert on it to be clear, but I still have the scars from having to deal with that.
So, I’m familiar with it. And so, my thing to a lot of these smaller MSPs has been, unless you’re going all in on it, or it’s a substantial part of your business, don’t bother. Right? Is the amount that you’re gonna have to spend on that. You cannot price that client high enough.
I was talking to somebody the other day. They said, ‘Hey, Dustin, we’re looking at bringing on this CMMC client.’ I was like, ‘cool, are you guys into that?’ And they’re like ‘No. We normally do vets. I was like ‘walk away, walk away, that’s not something you just right kind of casually learn.’ It’s like, oh, there’s our one CMMC client.
Whenever you look at the MSPs out there that are doing a lot of that kind of work, that’s a large percentage of their clients, or that’s all of it, right? There’s like, Summit 7 one of the big popular ones. That’s pretty much all they do. Sentinel Blue, another one. If you go look at these guys, they live, eat, and breathe CMMC.
So that’s the big scary hairy one, right? But then you have some of the other stuff.
HIPAA’s been around forever. I do feel like on, I’m generally a low regulation, you know, light touch government kind of thing from that perspective. But I do think with HIPAA they need to step it up a little bit more.
I mean, the number of times I go into my dentist’s office, they just upgraded from Windows 7… So, from that perspective, I think that’s starting to get a little bit more aggressive on the HIPAA side of things, which is good. A lot of MSPs deal with those, even in my MSP experience, my second current MSP does law firms.
There’s a lot of law firms that are supposed to be HIPAA compliant. They’re doing family law, for example – you have people’s personal medical records, things like that. And they’re not (HIPAA compliant).
So, from the compliance standpoint, that’s a good opportunity for a lot of MSPs as well. Dig into HIPAA a little bit more and looking at, maybe you don’t do medical, but you do other industries.
There’s a lot of situations where you actually do have HIPAA apply as a business associate.
Compliance as a competitive advantage
J. H: That’s a great point. ’cause intuitively, I don’t know that I would frame it in my mind initially. But that’s so true, even industries that aren’t necessarily neatly categorized as healthcare would still have HIPAA concerns, immediate compliance, like your example with lawyers.
The compliance piece I find really interesting in general because I feel like it’s very similar to cybersecurity.
You often find yourself in cyber having to justify your cost, justify your expense. So, from MSPs looking at compliance as a cost structure, what’s your perspective on turning compliance instead into a competitive advantage?
D. B: Everybody as an MSP wants to be that trusted advisor, right? I know that’s the cliche term, but it’s ‘I wanna be the trusted advisor’. I wanna be sitting at the table with their CPA, with their lawyer, and then me as their MSP, coming in, showing a bunch of patching reports, nerding out about the latest threat actor group that doesn’t get that done.
They’re business owners, their eyes just glaze over, but coming in and saying, ‘Hey man, you’re at risk because you’re not HIPAA compliant, and you guys have all these medical records’, that gets their attention.
I like that as a competitive advantage. Now you’re differentiating yourself because I guarantee you, whenever you know they’re talking to three other potential MSPs, all those other guys are gonna be talking about the same typical stuff.
We have great customer service.
We have automated RMM patching and this, that, and the other.
Just this stuff where they all sound the same. You are coming in and talking about higher level business things, like compliance, is going to get their attention. So, on the front end, on the sales side of it, marketing, that just made you more competitive. That just gave you a huge leg up over everybody else.
And then the other part of it.
Let’s start with the why you must. Around a lot of this stuff, you are liable as an MSP if something happens, right? So, if there’s medical records, HIPAA still applies to you.
You need to have a BAA, the Business Associate Agreement in place, things like that. So, it’s things you have to be doing by law.
But then the other part of it is, let’s be honest, most of us – I always joke there’s kind of two big reasons that everybody got into this industry: I wanna help people or I wanna make money.
Sometimes if I can do both it’s even better.
But, from that perspective of making money, then that’s additional. You can sell virtual CISO services. You can sell virtual CIO services, policy writing, you mentioned security. Okay, let’s run through against HIPAA and make sure we got everything in place that we need.
Things like that.
That’s additional revenue on the table, but it’s also stuff that the company needs, right? Your client has to be HIPAA compliant, they have to have all this stuff in place. So, it’s other than them trying to save money by not doing things and sort of breaking the law, other than that, it’s a win-win.
So, I think it’s a great idea to be bringing that kind of thing up.
Why should your core MSP services be like McDonald’s
J. H: That’s a good way to frame it, because you’re not only providing them the managed services they normally expect and everyone else is providing, but you’re also providing them potential solutions to other problems they might have in regard to compliance, in regard to necessity for HIPAA, for example.
It’s kind of like you’re almost an expanded MSP. You’re expanding the services, you’re expanding the pain points, the problems of your client that you can solve. So yeah, that’s a good way to frame it.
D. B: And there’s nothing wrong with a lot of MSPs. We’re like, man, we just want to do the work.
Everybody takes so much offense at this at first, but I stole this from my buddy Dean Rela, and he says MSPs should be like McDonald’s. And so right away, you know, everybody’s like ‘I don’t want to be like McDonald’s. We’re a, we’re a three-star Michelin restaurant with white tablecloth, the customer service kind of thing.’
But you go to McDonald’s because it’s consistent, right?
You’re gonna get the same thing every time. Is it gonna be the top notch? No, it’s not
But it’s gonna be incredibly consistent that my burger’s gonna taste roughly the same every time. The fries are made the exact same, right? The McDonald’s fries that people love, stuff like that.
So, your core MSP services have to be like McDonald’s.
It doesn’t even matter if you’re great. If you’re consistently good enough, customers are gonna be happy. Because it’s that expectation, that consistent piece that they’re trying to do. So, get that dialed in as McDonald’s. But then, like you just said, it’s
Okay. Now we can go above and beyond. We can start adding this really cool value added services, value added expertise to where not only are we gonna offer you really good, consistent help desk services, but on top of that, we’re not just gonna give you cybersecurity. We’re also gonna help guide you through all the frameworks, the compliance, the industry requirements that you have to deal with.
And so now you just really differentiated yourself.
Common mistakes that MSPs make with compliance
J. H: You got me super curious for the MSPs that do anything that requires any kind of compliance. What normally goes wrong? What are some of the common mistakes that MSPs unfortunately make when compliance is considered, when HIPAA is required, et cetera?
D. B: I think the biggest one is gonna be the same as kind of everything else in the industry. We have a really bad habit of thinking that we’re – whenever I say we just MSP industry in general – that we’re smartest, that we can figure everything out.
Cybersecurity is not quite the area you wanna be doing that figuring it out on the fly, reinventing whenever. That’s how you get popped in a lot of cases, right? Bad best practice or ‘oh yeah, I thought I’m gonna change the port for RDP because I’m so smart.’
And then it’s like ‘no, dude, you still left it exposed to the internet. Here’s your ransomware. Sorry.’
But on the IT side, like traditional help desk, we apply a fix or we do like a new imaging thing, it doesn’t work great. We’re just gonna go take another shot at it. There’s no lasting damage. Compliance is a terrible place to do that.
I’m gonna say insurance is, I’ve called it soft compliance before. Or compliance light because it still does impose some requirements on it. You have to know how to navigate it a little bit. So, I’m lumping insurance in this as well.
Going into, let’s say, CMMC again, picking my favorite example, Jacob. I’m gonna go learn CMMC. I just signed this client, like, let’s go.
I see so many MSPs doing that kind of thing. I just landed the – another popular one is around kind of registered investment advisors like wealth retirement companies, right where you can go down the street and they’ll invest your money for you.
There’s a bunch of SEC compliance. There’s a bunch of compliance that comes from the big brokers behind them, the ones that are doing the stock trading and stuff like that, 401k, all that kind of thing.
That is not one that you wanna just sit down and learn from scratch either. So, I meet a lot of MSPs that are… because the calls that we get at Beltex tax a lot of times are ‘something changed in my business I need help.’
Right. Oftentimes it’s just I had a really bad insurance agent. They don’t understand what I’m doing. But we probably have, I guess like a quarter to a third of the calls is
‘I just landed this client, I need to get additional coverage. I heard you guys can help.’
‘All right, cool. Tell me what’s going on.’
‘Oh yeah. We just landed our first CMMC client.’
I’m like,
‘Oh, great. Are you guys, whatever?’
And he is like
‘Yeah, we’re gonna go. I just registered for a training course. We’re gonna get started next week.’
That is super dangerous because whenever that stuff goes wrong, that’s where you end up seeing these huge lawsuits, insurance claims, people going outta business, things like that.
So, what I always recommend is ‘
Okay, if you’re crazy enough, you just went down that path, find somebody to partner with. Find somebody to work, leverage other experts. Don’t sit there and just Google or Chat GPT or geez going on Reddit “how do I CMMC” kind of thing.’
Get help on it. And you’re gonna have to pay for it. It’s the cost of doing business, right? Nothing in life is free. That’s probably the biggest mistake in compliance that I see, especially with the smaller MSPs. It’s
‘How hard can it be? I’m just gonna figure it out.’
Tech E&O is the gold standard of MSP insurance
J. H: That would be very rough. And I have heard also in my calls with MSPs, situations very similar to that. They onboard a new client. Their client has some key compliance requirement that they don’t yet have in their MSP, they don’t yet provide. And then they have to figure it out.
They have to figure out how to provide services to meet their client’s needs there, whether it be HIPAA, CMMC.
So, for MSPs that are under 5 million, and then I’m also curious between 5 to 10 million, what advice would you recommend for them?
Do they need cybersecurity, insurance compliance? And at what stage would you recommend they look into it?
D. B: I’ll give you the quick insurance 101 for MSPs, right?
You have the traditional cyber insurance, which is what your customers should be carrying. So that’s stuff that, first- and third-party risk are the two terms, but it’s kind of first is what happened to your business, right? Let’s use lawyers again.
Your law firm, you have a cyber policy, you get ransomware. That’s a first party risk. You’re covered. Third party would be something, the easiest example that I use, because it affects everybody.
Hackers come in, they steal your HR records, and somebody steals Jacob’s identity. That’s a third party. Because Jacob is not the company itself. Even if he works there.
So that’s the cyber part of it. MSP, you’re slightly different because you would think, ‘oh, third party like my customers’, that’s not how it’s covered. That’s called professional services coverage. Or technology services. There’s a bunch of different names, but basically, it’s like the contracted services you provide to your customers.
So, that’s the kind of policy an MSP should have. That’s called Technology Errors and Omissions. Tech E&O.
So, it covers the cyber. If your MSP gets ransomed, you’re covered. Your employee records get breached, you’re covered, or a client, something happens, or a client sues you, you’re covered as well.
If we go back earlier in the conversation, that’s what you need. Tech E&O is the gold standard. You should have this as an MSP. $5 million MSP, if you don’t have Tech E&O you are rolling the dice. Just too much stuff happens at that size.
Risk just naturally goes up as you get bigger.
And then you also have the other part. A lot of people realize that ‘Ooh, you’re a $5 million company, I’m gonna sue you.’
Right? Versus you’re one dude working outta your car. Okay. You know, I’m probably not gonna be as angry and, you know, try to take you out kind of thing.
So, your risk just naturally goes up as you get bigger.
I said earlier around not everybody can afford it. So whenever we have MSPs we’re like ‘Look, here’s Tech E&O, you should have this.’
Generally, you’re looking at $5,000 a year as a starting price for Tech E&O. So, if you’re a one-man MSP ‘Geez, that’s a lot of money, Dustin’.
So, we’ll say the majority of insurance claims that we see end up being around the professional services side.
You know
‘Hey, your backups failed, there was an attack.’
And even if you set expectations right, you’re in security, you know, as I always say, it’s a question of when, not if. Everybody’s gonna get breached.
It’s a crappy part of modern existence, unfortunately. No matter how many times you tell that to the customer, when it happens, they’re gonna be upset. Sometimes they’re gonna come back, they’re gonna demand money, they’re gonna sue you, stuff like that.
So that’s where that professional services coverage comes in. So, if you have to kind of cherry pick your coverage, ’cause you can’t afford the full thing is get the professional services for an MSP. That’s almost always what we end up seeing they need the insurance for.
Build compliance as you go rather than going last minute
J. H: That’s key information.
Looking forward into future, let’s say you started a new MSP, it’s starting to grow, but you wanted to future proof it. You wanted to think ahead as to what you might need one year, 3, 5, 10 years from now. How would you future proof your new MSP to make it easier for you to be compliant later?
D. B: If you’re looking at it through and you’re like, ‘Okay, I want to grow 1 million, 3 million, 5 million,’ just as kind of random numbers. As you hit each phase, figure out what you need to. ‘Hey man, Jacob, we just hit a million dollars. Okay, we’re going to three, is start building those processes now.
So, that helps you not only on the operation side, but from compliance and stuff like that you don’t wanna be rushing all that stuff last minute. So, if you’re setting that stuff up contracts are a great example. I tell MSPs ‘contracts are gonna save your butt. They’re gonna make things black and white with your customers.’
It just makes everything a lot simpler. It’s a good business practice.
So, you know. Okay, I’m starting off. Geez, I’m probably gonna use the Tech Tribe templates because they’re free. They’re out there.
It’s a good starting point. As I get closer to million dollars though, at that point, I’m gonna go out, I’m gonna hire a lawyer, and I’m gonna get good contracts like a $5 million MSP would.
Because I don’t wanna be doing that at 5 million and going, ‘oh geez, I need to get a good lawyer. I need to get all these contracts resigned. ‘
No, do it as all those clients come in as they grow.
And that’s something you’re gonna spend a little bit more. But having that kind of stuff in place, structurally is a huge win for the MSP. Again, if you’re planning on growing.
Going back into the compliance side. You don’t want to be restructuring all your processes suddenly because ‘oh, we’re gonna go after this. We’re gonna do this, that, and the other.’
Let’s pick ISO 27001. We know we want to be compliant. Start building those processes in now, not in 18 months.
Whenever you start actually going through the audit and attestation process, right? You don’t have to do ’em all. It’s not like, sit down this weekend, put it all together, but man, just pick every quarter.
Okay, here’s three different things we’re gonna pull together. As part of that road to compliance, it’s a lot easier to build that stuff as you go than going last minute trying to restructure everything.
Everybody already has these habits they have to break now, things like that.
Back to your original question. What’s the advice on the compliance getting there? Is always be in the process of building the stuff you’ll need at the next kind of stage size-wise.
J. H: Wow. And as they do that, as they systematically.
In a reasonable timeframe, like you said, not over the weekend, but over time. Uh, are there any tools or services or uh, AI use cases, anything that you might find helpful for MSPs as they prepare to be compliant in the future?
D. B: Yeah, um, there’s a lot more free, uh, free content out there than a lot of people realize.
So, uh, I don’t mean this to trigger all the attorneys and compliance consultants. It’s not like go download the free template and use it kind of thing. But from a learning perspective. The amount of stuff that’s out there that you can go watch, download, read, that sort of stuff, you can really educate yourself and all it’s gonna cost you is some time.
Um, and then that’ll give you some ideas to where, again, I’m not saying go grab the free template. Sometimes people are gonna do that. Um, it’s not the end of the world. It’s absolutely better than nothing. But grabbing the, you know, framework documentation. Digging through it, and then at that point, stuff is gonna click right away for you.
We’re gonna go, oh shoot. You know, it’s saying we’re gonna need to do X, Y, and Z. Like we can go tweak this current process we have, and we’re 80% of the way there. Then at that point, the consultants will come in, they’ll say, okay, Jacob, you need to adjust this slightly, but you’re not starting from scratch.
So going out there, you know, find the free materials, the um, you know, the webinars and stuff too, but. A lot of it’s gonna be more dry technical reading of, you know, here’s this white paper on that, or here’s the framework regulations, that kind of thing. But, uh, go and grab that and ba start baking it into your current processes.
This is before you have to bring in a consultant or an auditor or anything, um, that you can get a lot of this stuff done just by educating yourself. And then, I don’t wanna say it’s common sense, but it’s stuff that you said earlier. You know, compliance, cybersecurity, they’re tied pretty close. Um, great.
We just need to formalize this process a little bit more. Um, uh, device hardening is one of my favorite examples, right? So there’s so many compliance frameworks, so many requirements, uh, insurance, there’s a number of carriers that say, you know, do you have a standard device hardening process? I guarantee you 99% MSPs do.
Is it formal and is it written now? No, it’s not. But next time you go to sit, you know, um, speaking as a, you’re a small MSB, maybe it’s the owner and you got like two junior help desk guys. So you’re the owner, you’re still doing firewall deployments. So you go, next time you have a customer, you grab that sonic wall still in the new box, off the shelf, that kind of thing.
Sit down and write down all the stuff you’re doing. It, it’s in your head. The hardening guides up here, right? But sit down, write it down. Okay, cool. Next one. We do great opportunity to teach your help. Best guy, how to configure a SonicWall. Let’s run through. He or she’s gonna ask questions, they’re gonna point stuff out.
Okay, great. Let’s make adjustments. You just made yourself a, now you can say that you do have a written documented hardening guide because you just sat down and you wrote that down. So just stuff like that where it’s, you know, start formalizing a little bit more. I.
J. H: That’s useful, and it really makes me wonder how on earth MSPs ever did this before YouTube and the internet was really a thing.
Last question for you is actually my favorite. So the question for you today from A MSP is, how can we streamline compliance without it feeling like a full-time job or worse a sales blocker.
D. B: Ooh, that’s an interesting one. Um, so the, we talked earlier, you know, being vertical focused, that’s a huge help.
’cause then you’re doing that same thing again. It just, it makes it not just a sales blocker, it’s a sales enabler at that point. Um, that it’s baked in your process. You kind of know it. Um, it’s up and running. Uh, the two other ways though that I see a lot of folks succeeding with it, um, is going to be just having that standardized, um, framework baked into your process.
So like your qbr, right? Don’t go in. Uh, I’m gonna use CIS as an example on this ’cause it’s something that I think works great for everybody. Um, it’s a framework. It’s maybe not direct compliance, but same concept, right? Spiritually it’s compliance. You do your Q Bs as an MSB. Don’t go in and say, Jacob, I need you to do all these CIS controls Right now it’s a, Hey Jacob, here’s the C-I-S-I-G one, right?
We’re gonna do these controls, we’re gonna do more in the next 18 months. So what do we want to tackle this quarter? Right? You just made it a little bit, it’s more bite-sized with the customer. We can start working through it. You can do it with anything else. If they have a deadline, obviously that affects things more, but it’s like, we wanna become ISO compliant.
Well great, let’s break it down. Uh, if we do this over 12 months, it should be more digestible. But you’re putting a standard process in place and you’re also putting a cadence in place. I think that’s what a lot of MSPs miss is like, man, you can’t. You gotta have a regular touchpoint, you gotta have kind of expectations, break it down into smaller chunks, and then have regular check-ins on that.
So that helps a lot there too. Um, and then the other option is, again, bring in outside help. So you know, hey, we are, we have to be blah, blah, blah. We have to be CMMC compliant. Um, you’re ambitious MSP, you’re gonna take these guys on, but it’s your first one. Go find a company to partner with because then now it’s also, you can, you can do the sell through, but you can also do the side by side, like co-sell, I guess is the term for it.
Hey, here is Jacob, my CMMC partner. They do the compliance part. We’re gonna keep your business running day to day and you just made it. Now it’s like, cool, your MSP is helping them. You didn’t just sell them something else. You brought in a third party. That’s an authority. So indirectly, you kind of did, but the customer’s not seeing it.
It’s like, oh, they gave, they just gave me another tool in my toolbox. Um. So, you know, again, that that’ll help you, um, not just focus on what you’re good at, but then also bring somebody in who knows the parts that you are and gives the customer a great experience.
J. H: I love that answer, especially that you came up with a way to use compliance as a method for staying in touch with your client.
Basically, you described it as a cadence, that regular kind of bite-size, incremental progress. So that keeps them going for the next one, the next meeting with you to see, okay, what? What’s the next little piece that we can realistically solve?
D. B: Now you’re providing value. You’re not going in there and talking about patch reports and ticket counts and stuff.
It’s like real topical of like, oh yeah, we gotta be, we gotta be HIPAA compliant, right? We have patient records. Cool. What should we be doing next? So it’s a, it’s a more engagement. It’s more that trusted advisor that everybody wants. I.
J. H: Dustin Bolander, I really appreciate your time today. I learned a lot. I think our viewers will get a little nugget here and there as well.
That’s super useful and a topic that most of us avoid. Most of us need compliance insurance. It’s, it’s a very difficult piece for a lot of us, so I really appreciate your time today, sir.
D. B: Yeah, thanks again, Jacob.
That was a fantastic, insightful conversation with Dustin Bolander. Compliance is one of my weakest points, and that’s why I think for MSPs, a lot of them have told me that’s one of their weakest points as well. So focusing on that and the insights he gave me really stuck with me, one of which was he described.
The compliance conversations with his clients as a way to stay in touch with him. He described it as a cadence, as a routine thing. They chat about, perhaps they want to make a little bit more progress on HIPAA compliance, for example. He schedules these monthly conversations with his clients to make a little bit more progress with that.
And so what normally is seen by people as a burden, as a cost. Compliance legal frameworks he is using as a tool for maintaining client loyalty, client engagement by having those monthly conversations about how to make more progress on hipaa. So I hope you enjoyed today’s conversation with Dustin Bolander.
I found it to be really insightful and I, I hope you gained some good, useful insights for your business as well.
That’s a wrap on this episode of MSP Security Playbook. Thanks for spending part of your day with us. If you found today’s insights helpful, be sure to follow the show on your favorite podcast. Platform and leave us a review. It helps other MSPs find the playbook and level up their security game. Got a question you want us to tackle in the MSP hot seat or a topic you’d like to hear more about?
Drop us a line. We’d love to hear from you. Until next time, stay sharp, stay secure, and keep building the future of your MSP business.
Find all previous MSP Security Playbook episode here.
If you liked this article, follow us on LinkedIn, Reddit, X, Facebook, and Youtube.
