Article by Malwarebytes A/NZ Channel Director Vikas Uberoy.
Throughout Australia, small and mid-sized businesses face a challenging situation when it comes to IT security. They are grappling with the same evolving threat landscape as larger firms, but don’t have the resources or dedicated staff numbers required to achieve similar protection.
In many cases, whether they like it or not, an SMB owner or manager becomes the default IT support and security resource. Dubbed the ‘Chief Everything Officer’ they must find and deploy tools to protect everything from central data stores to end-user devices.
Naturally, this all has to be done in addition to their existing heavy workloads. As a result, oversights can occur and gaps in protection go unnoticed. Security patches might be forgotten, firewalls misconfigured, or staff not properly informed of best work practices.
With the volume of security threats showing no sign of slowing, increasing numbers of SMBs are looking for a better approach to their IT security. For many, this is coming in the form of a Managed Security Provider (MSP).
MSPs are specialist firms that can provide security services to an SMB for a pre-agreed monthly fee. Rather than needing to purchase, install and manage a range of different tools, responsibility for overall IT security is outsourced to the chosen MSP.
Different MSPs offer different portfolios of services. Some specialise in IT security while others also offer management of IT infrastructure components such as servers, networks and endpoints. Often, they will become a trusted advisor to the SMB and help guide its overall IT strategy in the longer term.
The first step in establishing an effective MSP relationship is to ascertain what resources are required. The business needs to decide whether it just needs assistance with security, or wants to hand over responsibility for its entire IT infrastructure.
Some firms opt to retain the services of multiple IT partners. They might use one for their security requirements, a second for hardware and software management, and a third for network links.
For many firms, however, having a single point of contact for all IT-related issues is the best option. This can avoid finger pointing and disagreement when any issues arise.
Working with a single partner also means that partner will gain a thorough understanding of the business and be able to provide the most appropriate level of support at all times. This can be particularly helpful when the business is growing rapidly or expanding into new areas.
The partner can also use experience gained from working with other clients to fine tune the business’s security defences. This could involve using new tools or approaching design and deployment projects differently to attain higher levels of protection.
Once an appropriate partner has been selected, the ground rules of the relationship need to be established. Both parties have to be absolutely clear about the scope of work required and the level of support that will be delivered.
A good place to start is by undertaking an audit of the security tools and processes already in place within the business. Working with the MSP, the SMB can determine where weaknesses might exist, how they can be best overcome, and what it will cost to do so.
Next, all data stores within the business need to be carefully checked to determine the impact any loss or access disruption would have on day-to-day activities. Focus can then be placed on protecting the most important data first before moving onto other areas.
For example, a customer database is likely to be critical for the business to function and should be given top priority when it comes to security. Meanwhile, archived copies of old newsletters or expense claim forms are probably less important and can be considered later in the process.
As well as office-based IT assets, the review should also cover all mobile devices in use across the business. If not effectively secured, these can pose a significant risk which must be mitigated as quickly as possible.
Once the MSP is providing ongoing support, the SMB should expect monthly reports of activities completed and any security threats detected. This information will give reassurance that the tools are in place and operating effectively.
By retaining the services of a suitable MSP, an SMB can be confident its security defences are providing the level of protection needed at all times, without this requiring significant extra internal work.
This, in turn, means managers and staff will be free to instead focus their attention on the most important factor of all – delivering first-class customer service.