It’s easy to assume that your cybersecurity requirements are being met by your Managed Services Provider (MSP), however, contrary to this assumption, your MSP or IT support company is not automatically responsible for this and may not actually provide these types of services automatically.
What Your MSP is Likely Providing
When we consider the base level of services generally offered under a standard Managed Services Provider Agreement, there are a few services MSPs generally provide:
Anti-Virus and Firewall: These are standard items on the list of deliverables when engaging with an MSP. Whilst a very important components, they don’t always provide the level of pro-active protection that you need.
Software Patching: When the latest version or updates for software are released, the patch will generally be rolled out across your relevant devices automatically. For instance, Microsoft regularly release security patches for their software.
Monitoring: As a staple in their services, Managed IT Providers supply device monitoring which can keep an eye on the health and wellbeing of your devices.
Multifactor Authentication (MFA): Multifactor Authentication is becoming more common as a tool implemented by MSPs today and it’s highly encouraged that all companies use this service as it’s pretty much a failsafe should someone try and hack one or more of your accounts.
High Level Cyber Security Advice: Things like best practice password policies, account lockouts, general things to look out for etc are quite often provided as a value-add service when engaging with a Managed IT provider which is great to set up a basic level of protection for an organisation.
Why the Basic’s Aren’t Enough
When we consider the requirements around Cyber Security in today’s world, the abovementioned items only scratch the surface. For example, we are now faced with a multitude of changes to our work environments with working from home now being the norm, alongside the usage of staff personal devices to access your company data. Couple that with the addition of privacy laws now mandating the protection of personally identifiable information (PII) and we have so many different considerations to fully identify and manage an acceptable level of risk in any business. And this is just one example! There is a considerable list of things that should be considered when evaluating your security needs including:
- Ongoing staff training
- Regular systems assessments
- Current alignment with security best practices
- Policies and procedures around data handling and breach notifications
- Requirements around 24 x 7 monitoring
- Legislative and compliance requirements
- The risk of cost and reputation damage if you suffer from an attack
- + much more
The Difference Between an IT Engineer and a Cyber Security Engineer
It is commonplace in IT providers to recruit specialised resources to be able to deliver a Cyber Security Offering and this really comes down to the two different worlds of ‘day to day’ IT systems management and Cyber Security management. Whilst the two roles have very similar fundamentals at their core, alongside quite a few transferable skills, they do heavily deviate when talking about specialising in Cyber Security vs day to day management. As an example, consider the trades that are required to build a house; this scenario could be like comparing a plumber to an electrician. Whilst they are both likely very capable at using a hammer or a saw, their overall role is to provide independent specialised services to contribute to the build process (I.E. water and electricity). If you expect your plumber to deliver the electrical framework to a build, it simply won’t be to the same result as the electrician. The same can be said if expecting your day-today IT support team, to provide your Cyber Security solutions.
Why These Services Aren’t Automatically Included in Your Managed IT Services
To provide a broader level of Cybersecurity services an MSP must either partner with a third party that can provide the breadth of services required, or create a dedicated department in their business solely for this purpose. There are also several other overheads that an MSP bears to deliver these types of services including requiring additional specialised staff, increased insurance requirements, additional tools, and resources to deliver the solutions to market.
It’s important to understand your engagement with your Managed Service Provider as there may be further services you need.
Our Director, Steve Dawson, was recently interviewed by CRN about Managed Service Providers and the regular assumptions that are flagged with MSP providers around the inclusion of Cyber Security Services, which you can watch below:
Where To Start
At ONGC, we have expanded our security services and now provide Managed Security Services which are aimed to bridge the gap when it comes to implementing and managing a Cyber Security Strategy in your business. We can also provide a comprehensive, in-depth security assessment complete with a detailed report so you can clearly understand your risks and make an informed decision around an acceptable level of risk for your business.
Our team are here to help, even if just for a second opinion. If you would like to know more about managing Cyber Security in your business reach out to us on 1800 664 248.