5 Questions to Ask Your IT Provider To Minimize Your Risks of Cyber Security Attacks
Outsourcing all or parts of your business IT often comes with concerns for the security of the critical data. Fortunately, the right IT managed service provider can reinforce small business’s defenses against cyber crime, instead of compromising them.
It is tempting to assume that small businesses are of less interest to hackers than large corporations; after all, the latter are responsible for much larger volumes of data. Still, statistics show that 43% of all cyber-attacks are aimed at small businesses and in 2017 alone cost businesses £19.4 Billion. What is particularly striking is that regardless of the size, it takes companies on average six months to detect a data breach.
It takes businesses on average six months to detect a data breach
Whether you already work with an IT provider or are currently looking for one, their approach to defending your business against cyber threats should be one of the pillars of your successful relationship. So, next time you speak with the provider, ask them the following five questions to determine if they are up to the task.
Which cyber-attacks should I be worried about, and what are your defense protocols for them?
You want your IT provider to have an expert command of the various types of online threats and their potential implications for your business. An important protocol to look out for is the “Assume breach” policy that covers what happens when you are breached. Only an inexperienced provider will attempt to advertise complete breach protection; an experienced one would proactively monitor for attacks and breaches and have the procedures to mitigate their effects as fast as possible.
With over a dozen types of various cyber threats, including DDoS attacks, malware, ransomware, viruses, and more and their permanent evolution, you are looking for at least several years of experience successfully protecting businesses in your industry. And because each type of cyber threat comes with its implications, those should be brought forward and addressed by the provider as well. For example, they should have a procedure for minimizing the effects of ransomware, preventing it from spreading, and reducing the financial damage. If you have data in any cloud environment, you are looking for a clear understanding and control over who has access to it and how it is backed up.
How do you back up and recover my data—and how soon after the attack should I expect to get it back?
The speed of data recovery always depends on the scope of the attack and the types of data loss. What truly matters here are the strict protocols for data backup and recovery procedures that are regularly (and successfully) tested.
For every managed IT client, Spicy Support dedicated experts start by categorizing business data to determine how often to run the backup, how often different data segments are being changed, and how long can the business function without the data. For instance, if the recovery requires a server restart, which takes more than an hour, but business continuity is critical, Spicy Support implements a real-time live backup.
The next essential step is data restoration. You want your provider to proactively test your data recovery on at least a quarterly, or even monthly basis.
How can we secure our business emails?
85% of all attachments emailed daily are harmful to their intended recipients. Let this information sink in: the absolute majority of attachments circulating the web contain a cyber threat. One of the most widespread examples happens in Microsoft Office 365. Without the two-step authentication, any reasonably determined hacker can obtain your password or access your email externally. They can then set up an unnoticeable rule that will track your emails, copy addresses from your address book, and can even act on your behalf. It is, therefore, critical that your IT provider recognizes these threats and stays up to date on the most recent advancements in email security.
Many protocols establish the appropriate level of email security for businesses of all sizes. The anti-spoofing protocol Mimecast and external email warning protocol are some of them. Another good idea is to set up the attachment monitoring that opens every URL and email attachment in a sandbox first to make sure it is safe and clean. Only after security is established is it released into the business network.
How do you work with industry-specific compliance requirements?
Businesses in many industries, from healthcare to finance, are subject to additional compliance requirements such as GDPR and others. These requirements dictate the security protocols in place.
As a business owner, it is vital to understand if your business falls under any of these compliances. Your IT provider should then be willing and capable of auditing around them. Most frequently, compliance requirements affect passwords policies and delineation of data—distinguishing confidential and non-confidential data and treating it accordingly. Over the past 12 years, Spicy Support has worked with multiple clients from the industries majorly affected by cybersecurity regulations, such as finance, healthcare, retail, defense, insurance, and consumer. As a result, we have developed compliant IT cybersecurity procedures for each of these industries and now deploy them with the majority of clients for precise protection.
How do you adapt your security to the new known attacks?
Your business is accelerating, and your managed service provider should stay ahead of the cyberthreat curve to keep it that way. Innovative security protocols paired with proactive preventative IT management, give your business a competitive edge. One such protocol is FIM. It provides a centralized location for monitoring everything that is happening on the network at any given moment and can proactively shut down parts where the unusual activity is detected. For example, if a user normally transfers 10 Mb of data per day for six consecutive months and suddenly sends 50 Mb, this user’s access will be blocked, and the alert will be issued. Some other advancements in security include geolocation by IP, blockchain, and cloud technology. Still, proactive management by your provider remains key.
In 2018, Cisco released a cybersecurity report specifically on the state of cybersecurity in small and medium-sized businesses. This report unveiled an alarming gap in the relationships between the business owners and their outsourced IT providers. According to the report, small and medium companies expect their IT partners to deliver outsourced advice and consulting services (57%), incident response (54%), and security monitoring (51%). Now to the striking part. Only 24% of business owners expected their IT partners to ensure business continuity and disaster recovery, and only 39% of them relied on their IT providers for their expertise in threat intelligence.
These numbers mean that the standard for managed IT is still to respond and not to be proactive, which is yet another reason to vet your outsourced IT partner on cybersecurity and beyond. Spicy Support experts are committed to changing the paradigm and giving small and medium businesses the confidence and peace of mind to get the work done. Contact Spicy Support today to develop a cost-effective IT solution to enable your business success.
Call us on 0161 660 9762 or email email@example.com