Is your current MSP a risk to your security? 7 Essential questions to ask to reduce your risk exposure.

August 25, 2021
|
Pouya Koushandehfar
|
Cybersecurity
,
Managed Services
,
Microsoft
,
New Technology
,



You are only as strong as your weakest link. In today's uncertain and risky times of cyber security, it's essential to check whether your Managed Services Provider's(MSP) security standards are up to scratch or risk them being your weak link.


Your MSP can be a back door entry to any threats if they are not following the strictest security standards. That's why we have compiled a list of questions you can ask your MSP about their security credentials. If you don't have an MSP but are considering using one, this is also an excellent list to have to and to check if they are addressing their security issues adequately. 

1. What security frameworks or standards are you using? 

There are quite a few, but some of the main ones include:

  • ISO 27001 - Widely known standard providing requirements for an Information Security Management System (ISMS) which enables organisations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties. In addition, ensure businesses following specific policies and procedures to detect, prevent, respond and recover from security incidents. 
  • The ACSC Essential 8 - The Essential Eight is a series of baseline mitigation strategies taken from the Strategies to Mitigate Cyber Security Incidents recommended for organisations.  Implementing these strategies as a minimum makes it much harder for adversaries to compromise systems.
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework - The Framework integrates industry standards and best practices to help organisations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organisation to develop a shared understanding of their cybersecurity risks and reduce them with customised measures.

2. What measures do you take to prioritise cyber security? 

  • Are security measures implemented during all stages of ICT system and network development, deployment, and maintenance?
  • After implementing recommended risk mitigations, how do you assess cyber security risks before moving to production environments?
  • Do they have a method to record, review and approve all changes to ICT systems before implementation? Who reviews them? What are their security considerations?
  • How do they ensure cyber security is a core requirement for procuring and acquiring software, hardware, and services, including cloud services?



3. How do you keep data safe? 

  • Do they segregate your networks logically and physically from other customers and the MSP network?
  • Do they have multi-factor authentication (MFA) to customer systems?
  • How upfront and transparent are they with you about cyber security? Have they raised this proactively?
  • What is the security patching timelines?
  • What is the policy of reporting confirmed cyber security incidents and data breaches to impacted customers and other parties?


4. How do you educate your staff about cyber security?

  • What cyber security awareness training do you provide for new and existing staff?
  • How frequently do you run your cyber awareness training courses for staff?
  • Do you provide tailored cyber security awareness training for staff, including senior managers, system administrators, and finance and HR personnel?

5. How do you practice secure administration with your systems and your customer's systems?

  • Do you restrict administrative privileges using role-based access, just-in-time access with multi-factor authentication challenge?
  • Do you use hardened jump boxes and dedicated privileged user workstations exclusively for privileged tasks?
  • What is your password policy? How do you store passwords? Are they encrypted with proper security protocols?
  • How do you log usage, including access and modifications to data and systems? Who reviews those logs? What is their cyber security qualifications?


6. How do you prepare for cyber security incidents?

  • Do you have an Incident Response Plan? How often do you exercise it?
  • How do you log security events? Do you use a secure, centralised logging solution such as a Security Information and Event Management (SIEM)?
  • How long do you retain event logs? Have you defined the retention in your organisation policies? 
  • How often do you review event logs for unusual activity?
  • What is your training plan to prepare staff to respond to a cyber security incident

7. What steps do you take to regularly review and improve your cyber security?

  • How regularly do you assess the cyber security of ICT systems, services and networks?
  • How often do you monitor your cyber security risks and posture
  • Is there someone responsible for this? What are their cyber security qualifications?

What to do next

During your conversations with your MSP, you may not hear all of these areas being addressed to your satisfaction. If you don't get the answers you need, maybe it's time to pick up the phone to us!


Byte is certified to ISO 27001 and is a Microsoft Gold Security Partner as well as an Innovative Platinum Partner with Palo Alto.  Byte is a security focused organisation and runs one of the most secure MSPs in the country, tailored for SMBs.

Contact Byte for a Secure Managed Services Solution today!


Recent Posts

Social Media in Digital Customer Service: A Strategy for Building Brand Loyalty and Resolving Issues
Measuring Success in AI-Driven Customer Experience: Key Indicators for Impact Assessment
Ensuring Compliance with the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 in IT Companies
Unveiling the Power of Data Analytics in Digital Customer Service: Personalising Customer Experiences
Predictive Analytics in AI-Driven CX: Anticipating Customer Needs for Enhanced Experiences
Optimising Collaboration Tools for Effective Communication in Hybrid Teams
Safeguarding Customer Data in Digital Customer Service: Addressing Security and Privacy Concerns
Preparing for and Responding to Regulatory Audits in IT Security and Data Protection in Australia
Navigating Technical Issues in Digital Customer Service: Strategies for Swift Resolution and Effective Communication
Embracing Zero Trust with SASE: Practical Examples and Aligning Principles

Categories

Attracting new customers
Retaining staff
Returning to work
Optimising technology spend
Working from home
Device Management
Autopilot
ChatGPT
SASE
Optimising Networks
Data Breach
Compliance
Tech Strategy
AI for CX
Digital Customer Service
Energy
Bots
FSI
Accounting
Genesys
Case Study
Women in IT
Contact Centre
Managed Services
Working for Byte
Windows
Uncategorized
Team Building
OneSpace
News
New Technology
Microsoft
Disaster Recovery
Data Protections
Cybersecurity
Customer Service
Cloud Data
Microsoft Azure

Follow us

Dive behind the scenes and keep up to date on the latest people centred tech.

Find out how we can support your business

Talk to us today