Is your IT support doing the right things to protect your business?

by

May 30, 2018

There’s security and then there’s security. The first encompasses the usual protections: firewalls, antivirus software and the like. The other gets a little more in depth, including high-level monitoring, training, planning and incident response—essentially, the tools you need to cover all your security bases.

The truth is, any managed services provider (MSP) can set up a firewall or install AV software. What separates the wheat from the chaff is an IT service provider’s ability to offer soft services: IT security planning, consulting, training and advice. A good MSP will do a lot more than install software or set up equipment; it will be willing to act like a partner, giving you advice when the chips are down and your IT security is on the line.

Let’s take a look at some of the IT services on offer from full-service MSPs—and how you can get the most out of your provider.

Protections that go beyond a firewall

If a firewall were all that was necessary for complete cybersecurity, you might not need an MSP. Unfortunately, many hackers can and do get around firewalls. Hackers may find loopholes in out-of-date software or devices, or they may strike when your employees are working outside of your network (i.e. where firewalls don’t reach).

A full-service IT support package should include protections to prevent attacks where firewalls fall short—for instance, patch installation and software updates, or virtual private networks (VPNs) that protect users when hackers attempt to go around firewalls.

At MyITpros, for instance, we feature a triple-layer protection plan for our security clients. This includes OpenDNS, a cloud content filtering and phishing protection system; Webroot, a multi-vector threat intelligence tool; and Malwarebytes, a well-respected anti-malware software. That’s in addition to other IT services like VPN, data encryption and security patching.

Securing a network is a bit like plugging up the holes in a sieve—there are numerous different entry points for hackers to exploit. The multi-layer approach ensures that you’re protected across all areas of your network. There’s a lot more to it than firewalls!

 

Training and other “soft” services offered by a quality MSP

There’s no “set-it-and-forget-it” cybersecurity—at least not if you want truly responsive protection. Companies tend to rely too heavily on security equipment, like firewalls or antivirus software, and to overlook the human element.

However, some 90% of cybercrimes originate from human error, which is what makes them difficult to stop without soft IT services like training and planning. Every day, unsuspecting users fall for phishing emails and social engineering attacks. In fact, phishing emails were to blame in 2014’s Sony hack and, more recently, in Russian attacks on the U.S.  

Sometimes, though, hacking techniques aren’t even all that sophisticated. For instance, a major attack leveraged on Target’s point-of-sale systems started because the company accidentally gave high-level network access to an HVAC vendor.

Stories like these ones show just how heavily employee decision-making factors into attacks. For this reason, a thorough cybersecurity program should include team training to help employees understand the real risk of hacking and their role in preventing an attack. Your MSP should be willing to lead regular training sessions to educate and empower team members, and if it’s good, it will also offer consulting so you can reinforce your network security plan as you grow.

Response planning and support

Proactive protections are obviously your first line of defense against cybercrime, but no attack is 100% preventable. After all, hackers spend all day looking for chinks in the armor, so it stands to reason that even the tightest IT security plan is vulnerable.

One of the more important roles of an MSP is to provide support during a security event. Ideally, your MSP should be able to pick up on potential breaches before you’re even aware of them by using intrusion detection systems and monitoring, and it should have an incident response plan laid out for security events. You can also expect your IT service provider to be at your side during an attack, offering advice to contain the intrusion and limit damage. For instance, an IT service provider might tell you not to hand over the ransom demanded by ransomware attackers and instead help you clean ransomware off your devices and recover deleted files.

This level of IT support is instrumental, as it will help you identify compromised systems and triage the damage. In essence, it’s a way to isolate the impact of a IT security event, which can literally translate to thousands of dollars saved.

Once the immediate threat is taken care of, your MSP will re-evaluate protections afterward, helping you bulk up IT security practices to prevent future attacks. It’s this type of advice that differentiates an average MSP from a next-level one through the provision of comprehensive support that puts the “service” in managed services provider.

Want to find an MSP that fits the bill? Read our e-book “How to Hire the Right IT Services Provider” to gain more insight. You deserve the best IT services, and doing your homework will ensure that you get them!

We're Integris. We're always working to empower people through technology.

Keep reading

Top 10 IT Best Practices To Adopt Right Now

Top 10 IT Best Practices To Adopt Right Now

Welcome to the Top 10 IT Best Practices To Adopt Right Now. This simple, non-technical “listicle” (slightly updated since December of 2021) covers some of the most valuable technology tips we can assemble into a five-minute read. Some of the recommendations are a...

Strengthen Your Corporate Culture with Identity Theft Protection

Strengthen Your Corporate Culture with Identity Theft Protection

Offering identity theft protection to your team is a quick win to strengthen corporate culture. This HR benefit also cultivates empathy, peace of mind, and increased productivity. When you consider the following identity theft statistics, the time for HR to implement...

The Three Social Engineering Hacks your Company Should Prevent Now

The Three Social Engineering Hacks your Company Should Prevent Now

Since 2020, Google has identified and delisted 2 million websites for launching phishing attacks—an army of nefarious websites that Cisco says have hit 86 percent of all global companies. But it’s the social engineering behind those attacks that’s the scary part,...