Avoiding a false sense of security

Recently, there’s been a lot of news coming from the MSP space regarding malware and ransomware outbreaks which have impacted their direct clients. You can read about it here. How could this be? If IT providers are also managing your security, shouldn’t this be avoidable?

MSPs Selling Cybersecurity

We’ve been spending a lot of time on the road at conferences and hosting exhibition booths. There’s a noticeable trend at these conferences where we see MSPs advertising cybersecurity capabilities in their banners, marketing content, and sales pushes. As a curious set of cybersecurity professionals, we tend to investigate these MSPs to determine exactly what cybersecurity capabilities are offered. In almost all cases, our research has determined that the offered service capabilities are missing the mark. In reality, MSPs marketing themselves as also providers of Cybersecurity solutions are often creating a false sense of security.

How can you avoid this problem?

So, what can your business do to ensure you are actually receiving proper cybersecurity solutions from your provider or internal IT team? Simple. Ask yourself this question:

Have we identified cybersecurity risks and reduced those risks with the right cybersecurity best practices?

If your team has not conducted exercises in identifying and categorizing risks, then chances are you may be operating under a false sense of security.

We’re Similar but Different

Although there is some overlap, MSPs and cybersecurity professionals do focus on different tasks.

MSPs tend to focus on the following:

  • System uptime and health
  • Connectivity and continued operations
  • Email, user access, desktops, servers, telephony
  • Specific training and education in IT

Conversely, working with a cybersecurity company like Rigid Bits, we focus on different topics:

  • Risk identification and reduction exercises
  • Proactive and reactive cybersecurity services
  • Risk assessments, documentation, technical security testing
  • Specific training and education in cybersecurity

Questions to Ask Your MSP

If you currently have an MSP or IT provider addressing your cybersecurity concerns, here’s a few qualifying questions to ask them.

  • What framework are you following to implement cybersecurity best practices?
  • Have you identified key areas of risk and prioritized those items first?
  • Can you provide us with the most recent vulnerability scan results?
    • Can you tell us about your vulnerability management process?
  • What alerting and monitoring capabilities are in place to detect malicious network traffic, malware, or phishing attempts?

We can supplement your IT providers efforts by approaching your cybersecurity needs from a risk-based approach. Let us help identify your risks through a risk assessment exercise. Next, reduce your identified risks by implementing cybersecurity best practices. Rigid Bits offers assistance in documenting policies and procedures, technical testing like penetration testing, and remediation services through computer forensics. Have additional questions? Contact us!

Let’s Discuss Your Needs

Our experience with hundreds of businesses across diverse industries provides us with the expertise to understand your unique challenges.