The Department of Justice uses the False Claims Act to enhance federal cybersecurity – News Couple
MSP

The Department of Justice uses the False Claims Act to enhance federal cybersecurity


The US Department of Justice is looking to encourage more organizations to enhance their cybersecurity by expanding the current False Claims Act (FCA) to pursue cases against government contractors who conceal rather than report a security breach.

In addition, any company that knowingly provides defective cybersecurity products or services, knowingly misrepresents its cybersecurity practices or protocols, or willfully violates its obligations to monitor and report cybersecurity incidents and violations, will be subject to civil action. The Department of Justice also encourages whistleblowers and others to report cybersecurity “failures” as potentially fraudulent behavior.

Possible financial implications of the False Claims Act

The FCA provides civil fines ranging from approximately $12,000 to $24,000 per false claim and up to three times the amount of damages incurred by any government entity.

Not every MSP deals with the federal government, but the law applies to any entity that receives federal funding, which means it can apply to MSPs that provide IT support to another entity that provides a service to a government agency. In fact, MSP could be considered a subcontractor in that case.

Overall, the level of cybersecurity scrutiny applied to MSPs will continue to increase in the wake of a series of high-profile security breaches. Many ISPs have, at the very least, re-evaluated their security practices if the ITSM system they use has not been upgraded or replaced.

Due to the level of scrutiny applied to federal contracts, some mobile operators may also decide to forgo bids on federal contracts. Other MSPs who have invested in cybersecurity best practices might welcome this interpretation of the FCA as a way to spot competitors using low prices to win a contract. After all, the government is generally required to accept the lowest bid in a contract. Of course, this approach does not always lead to the best products and services.

How effective is the Financial Conduct Authority (FCA)?

This FCA interpretation of the test will likely wind up in court whenever the first case is presented, so it remains to be seen how much sting this DOJ ordinance will. However, one way or another, MSPs must assume that whether it is a government agency or an end customer, the amount of audit activity required on their part is about to increase. As such, so does the cost of providing managed services.

It is recommended that MSPs automate as much of this process as possible. The best way to lower the cost of an audit is to be able to produce a report as early as possible to reduce the amount of time an auditor might be tempted to spend asking tougher questions.

Most MSPs are not necessarily big fans of regulations that affect them. However, governments have a long history of setting regulations that often benefit medium and small businesses by creating demand for their services. Like it or not, it sometimes means taking the bad with the good when these rules apply to MSPs themselves.

Photo: Orhan Cam / Shutterstock



Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button