Cyberattack! It’s the word that strikes fear in the heart of every business owner. By now, most business owners are aware of the basic measures needed to help mitigate the threat – training employees to verify email that looks remotely suspicious, disallowing company data to be stored on personal devices – but these actions alone won’t guarantee prevention from malware, hacks and any other variety of cyberattack.
But, like most business owners, they concentrate first on what they need to keep the business running (or so they think): sales, marketing, managing employees and so forth.
Ask any business owner who probably feels they need another five or six hours in a day to accomplish everything how much time they spend thinking about cyber security, and you’re apt to get a response like, “Yes, I know it’s a threat, but we keep our software up-to-date and this stuff usually happens to someone else.”
Highlighting the scope of the problem
That’s where it’s tempting to launch into full sales mode and say something like, “Did you know that every day over 80,000 variants of malware are released, with thousands of hackers leveling tens of thousands of new hacks against businesses daily? And if that hasn’t frightened you enough, consider that it has been determined someone is hacked every 39 seconds.”
Or, “Would you buy a brand new BMW or Cadillac if it didn’t come with a warranty? Think of your business as the car, and your infrastructure protection as the warranty. You hope you never need it, but if you don’t have it and something happens, it’s costly to fix.”
One of the mistakes that companies make is having their IT support team expand their role to include cyber security. Without the right training, and in the absence of a clear understanding of the link between cyber security as an IT risk and a business risk, companies might focus on the wrong cyber security threats. Inasmuch as there are different business contexts, individual cyber security threats or sources may or may not cause financial, compliance and/or reputation issues. Therefore, companies might treat cyber security purely as an IT risk and could prioritize threats incorrectly.
The case for retaining the services of an experienced MSP
Here is where retaining the services of an experienced managed service provider (MSP) comes into the picture.
For us, part of the “sales” process is education. And it should be that way for everyone in this industry. We all know that there are a lot of organizations that promote themselves as MSPs. But, just as no two drops of rain are the same, neither are any two MSPs identical.
Here is where the education kicks in for us, and it should for anyone seeking to either sell or recommend MSP services.
What to look for in selecting an MSP
Elements to look for when selecting an MSP include:
- Technical capabilities and experience working within your industry
- Ability to support complex software infrastructures
- Single point of contact/dedicated manager assignment
- Remote and on-site support
- Globalized service
- Centralized analytics capabilities
- Responsiveness and ability to communicate easily
- Tiered cost system options
The range of security services an MSP can offer is wide, including:
- Cloud security
- Compliance monitoring
- Detection and response services
- Endpoint security, including monitoring for attacks
- Intrusion detection and reporting
- Log management and analysis
- Managing advanced threat defense technologies
- Penetration testing
- Virtual private networks, or VPNs
- Web and email security, such as anti-viral service and spam protection
An MSP should also have a thorough understanding of the compliance regulations that apply not only to their specific industry, but also in the state(s) they operate from. It’s wise to work with a single MSP with the ability to provide security program design and management with comprehensive knowledge of regulatory and standards compliance.
The importance of retaining an MSP that utilizes cutting-edge security management and mitigation tools cannot be overstated. You should look for firms that consistently introduce products designed to detect and alleviate cyber threats.
Many mitigation tools, for example, face challenges with the time and distance between storing and analyzing data. And having an MSP with the tools to meaningfully combat identified threats is an imperative. Many SIEM systems face challenges keeping up with real-time and immediate investigations of threats and acting on them requires a second or third level of effort. An MSP should have the tools to provide real-time monitoring of threats across the entire technological domain, and the ability to analyze large quantities of data to determine where issues/incidents are occurring, as well as the ability to confront and handle threats immediately.
Where cyber threats are concerned, sometimes seconds can make the difference.
IT leaders have a responsibility to educate our clients
As leaders in the field of IT, it is incumbent upon us to educate our prospective clients to make the best and most informed choice when it comes to partnering with an MSP.
A comprehensive portfolio, thorough understanding of industry compliance regulations and an arsenal of leading-edge security management and mitigation tools are the trifecta to look for when choosing a managed service provider. Remember, our prospects and clients have worked far too hard and invested far too much to leave a business vulnerable to cyberattacks. The cost of retaining a well-rounded MSP pales in comparison to the price a business will need to pay if the company is left exposed to threat.
Al Alper is CEO and Founder of Absolute Logic, which since 1991 has been providing Fortune 500-style technical support and technology consulting to businesses of up to 250 employees within Connecticut and New York. He is also the founder and CEO of CyberGuard360, a firm which develops and markets a solution set of products designed to detect and mitigate threats from cyberattacks. Al is a national speaker on IT and security issues and has authored a series of books, Revealed! which addresses cyber security issues.