Managed Service Providers (MSPs) are trusted with securing organisation’s networks. However, many do not fully understand their own customers’ priorities when it comes to security. There are many potential risks that all MSPs should raise with their clients to help understand the best steps for securing their networks.
According to a recent report by the Center for Strategic and International Studies (CSIS) and McAfee, part of Intel Security, cybercrime costs businesses across the globe an estimated £265bn a year, wiping out up to 20% of all the value created by the internet.
The trick for MSPs, of course, is to eliminate surprises from the equation. Therefore the first step for MSPs should be to raise the question with clients and potential customers: What is truly important to your business?
This should be followed by asking the customer what’s important to them from a security standpoint. Until the MSP understands the customers’ mindset – and assess their savviness when it comes to cybersecurity – how can they possibly offer an effective solution?
Here are five more tips that every IT service provider should consider when it comes to assessing customers cybersecurity. This includes the importance of having a strong business process, writing a clear security policy and becoming an industry authority to develop a deep understanding of the effect new products and services such as M2M will have across all industries.
1. Build a sound business process
Can IT service providers clearly define the services they actually provide? On that note, do their customers know them too? Whatever the strategy, companies need to make sure it is repeatable and auditable. If they’re ever required to explain why it took a certain approach, they should be able to clearly articulate how and why it’s part of the plan.
2. Familiarise with one firewall
Work with one firewall product, learn it well, and standardise it across the customer base. It will make a world of difference when providing customers with network access. Having a broad knowledge of multiple products (and trying to run them all) may backfire. Even if they avoid catastrophe, juggling is a time-consuming and challenging act.
3. Log data analysis
A lot of companies don’t even notice, or notice only too late, that they have been a victim of cyber crime. Effective security strategies therefore need to involve an aspect of real-time monitoring of log data. The regular analysis of security-related event logs is also essential. Only then can critical incidents, suspicious activities and risk trends be detected early and corrective measures taken immediately. This involves monitoring policies, access controls and specific activities and applications (e.g. IDS, IPS, firewalls) that are significant to the security of the network.
4. Become authoritative
The introduction of the "Internet of Things" – the interconnectivity of web-enabled computing devices – has made networks ever-changing entities. It is therefore imperative that companies routinely research how the latest products and services work, and develop a deep understanding of the effect it will have on various industries. There’s plenty of misunderstanding in the marketplace about which systems and services should – and should not – be internet accessible.
5. Pen the policy
MSPs should offer to assist customers with writing a computer-usage policy. After all, who is going to enforce it? Offering their knowledge in this capacity strengthens the bond between them and their customers. It demonstrates their commitment to security and it also serves as valuable security awareness training. This is the best line of defence and an excellent return on investment.
There’s a common thread that runs through these tips – education. This is essential, not just for MSPs, but for their customers too. The technology landscape is changing so rapidly, there’s always something to learn.
Ian Trump is Security Lead at LogicNow, a global provider of cloud-based IT security and management solutions for the world’s largest community of MSPs.