If you’re working with a Managed Services Provider, you should know exactly what areas of your IT are being looked after – especially when it comes to security. Rather than having to spend time reading your managed services agreement’s terms and conditions, we’ll just save you the time and let you know…
There is a strong chance your MSP is not responsible for managing your cyber security.
In this article, we cover:
- The importance of business security
- What traditional MSPs do cover
- What managed security solutions compromise of
- ‘The Essential Eight’
- What to do if your business security is not being managed
Having a Strong Cyber Security Stance is No Longer an Option
With the number of cyber-attacks rapidly increasing and showing no signs of slowing down, security for businesses has never been more important. Organisations are placing a higher value on their cyber security posture, where 69% of tech decision-makers are increasing their cyber security budgets in 2022.
This shift in priorities has also been stressed at a higher level. The Australian Cyber Security Centre has produced a series of business cyber security mitigation strategies, the ‘Essential Eight’ (more on this later). This framework is a series of bare-minimum requirements that a business needs to take in order to secure its people and data.
What Do MSPs Cover?
Traditional MSPs look after your managed services, which do not include your cyber security. So, what do managed services involve?
- IT help desk or on-call remote help
- Endpoint management
- Managed infrastructure and office hardware
- Managed backups
- Managed applications
- Managed networks and firewalls
- Cloud storage
- IT project management
- …and more!
This is all essential to keep any business running, however, with new cyber threats emerging in today’s world, your business now requires Managed Security Services.
Managed Security to the Rescue
Traditional Managed Service Providers do not offer a separately managed security solution, however, some MSPs are seeing how important a strong security posture is to businesses so are moving in that direction.
These critical services include:
- Application control
- Vulnerability scanning
- IT environment hardening
- Device compliance management
- Behavioural analytics
- Cybersecurity awareness training
Check with your current MSP to see if they offer this service. If they do, they should be adhering to the Essential Eight best practices.
Cyber Security Best Practices
The Essential Eight framework includes different cyber maturity levels that can help businesses understand, detect, and assess where their vulnerable areas are. This allows them to strengthen these areas and over cyber security posture.
The three ‘tiers’ include:
- Partly aligned with mitigation strategy
- Mostly aligned with mitigation strategy
- Fully aligned with mitigation strategy
The famous eight components include:
1. Application Control
Block or restrict unauthorised applications and their malicious code from running on your devices and systems.
2. Restricting Administrative Privileges
Authorise accounts that require access to your data. Review and remove unauthorised administrative accounts.
3. Configuring Microsoft Office Macros
Review and remove macros (repetitive series of keyboard and mouse shortcuts) that have come from the internet or have not been identified as trusted.
4. User Application Hardening
Block or remove common software used to download or run malicious software, preventing it from running on your computer systems.
5. Patch Applications
Install improvements on your applications (e.g., updating applications) to mitigate known security vulnerabilities.
6. Patch Operating Systems
Apply the latest security updates to your computer’s operating system.
7. Enabling Multi-Factor Authentication (MFA)
Enabling MFA requires users to present 2+ separate pieces of evidence when signing into their account.
8. Performing Daily Backups
Restore important files, applications, devices, and servers, preventing critical data loss.
Where to From Here?
If you haven’t spoken to your MSP about whether or not they offer a cyber security solution, now’s the time to have that conversation. If they do, make sure they are fully aligned with the Essential Eight framework.
On the other hand, if your MSP does not offer a cyber security solution, talk to us. We’re an experienced MSP with expertise in cyber security and keep up to date with the ever-evolving tech landscape.
Talk to us today to start protecting your business.