Does your Managed Service Provider (MSP) protect your data? A recent survey shows most small- and medium-sized businesses believe their IT support company is actively managing all of their security. In reality, managed security is a separate contract, and the MSP provides basic block and tackle. So, if you want to ensure your data is safe, you need to ask the right questions.
What is Basic Block and Tackle?
Basic Block and Tackle Security is locking the most obvious hacker entry points. Like putting locks and security alarm on your house, it does not provide analysis, context, or guidance on what to do next. Examples of basic Block and Tackle Security include:
- Firewalls – content and web filtering
- Antivirus Software – consistently updated for new malicious viruses.
- Updates and Patches – performed on server operating systems, not applications.
- Backups -final defense for ransomware. Allows the IT support provider to reset before the actual breach takes place.
Unfortunately, essential Block and Tackle security measures have a minimal impact on the overall cybersecurity health of your system. Cyber investigators have determined that hackers typically occupy the network for nine months before they are discovered and cause significant damage to the network. For this reason, your should review your cybersecurity prevention program before it’s too late.
INSI Managed Security Services
Innovative Network Systems, Inc. Managed Security Service monitors your network for breaches, hacks, and risks every second of the day. It is a full line of protection similar to adding motion detectors, security guards, infrared scanning, and biometric locks on your house. In addition, we have more services to actively monitor and analyze known and new security threats to protect your data.
There are two motivations for addressing cybersecurity; compliance and risk.
Regulations and Managed Security Services
Regulatory compliance has been a significant driver until recent events. Popular examples include HIPAA, PCI, and Sarbanes- Oxley. However, cybersecurity is a well-known risk that forces supply chains to insist contractors meet specific standards.
Unfortunately, regulatory compliance often entices companies to check off boxes and move on. However, doing the “bare minimum” will get you bad results. For this reason, you should lock down your systems as much as possible to avoid breaches, fines, and public scandal. After all, you do not want to be that company known for causing major security breaches.
Risk Protection and Managed Security
On the other hand, companies that want to avoid risk take a completely different approach and take action to monitor, analyze, and respond to attacks as quickly as possible. Additionally, they hold their vendors and partners accountable for sensitive client data they share with them. An excellent example includes a client list shared with telemarketers or direct mailing companies.
Find Out What Your MSP is Doing
Most small- and medium-sized businesses believe their MSPs completely protect them. That assumption has cost a lot of businesses hundreds to thousands of dollars. Appriver, a well-known spam and encryption company, states that the average cost of a data breach is $149,000! That’s 149,000 reasons to take cybersecurity seriously.
Questions to Ask Your MSP
So, how is your MSP providing complete protection? Ask these three questions.
- Do they have a Security Operations Center (SOC)?
- How many security analysts do they employ? Operating an actual 24/7 SOC will require a minimum of 12 full-time security analysts, not network engineers.
- Ask them about their service level agreements and how they respond to alerts. For example, ask them about their incident response practice.
The majority of IT Support companies act as human alert routers. When an alert occurs, they notify their clients by email. They do not provide analysis, context, or guidance on how to respond. You must ensure they provide the analysis, solution, and pathway to resolve the issue.
INSI is Atlanta’s Premier Cybersecurity Provider
INSI has partnered with Cybriant to provide a full suite of cybersecurity services. Cybriant reduces the probability of a breach and limits the damage if an event occurs. They operate a fully staffed SOC 24x7x365, and when an event occurs, they inform our clients and us of the breach. Most importantly, Cybriant analyzes the alert, grades its importance, and provides guidance on what to do next.
If you would like a full IT security solution, contact INSI in Atlanta, top MSP: 770-387-2424, option 2.
About the Author
Deborah Frazier is the author of IT Outsourcing Secrets – A Small Business Guide to Compare IT Support Companies. With nearly 20 years of experience consulting small and medium-sized businesses on their IT support needs, she brings a wealth of knowledge to INSI as Head of Marketing and Sales. If you like this article and want to be notified when a new article is posted, click here.
