By now, it’s well established that small and midsized businesses need to take cybersecurity seriously.

Unfortunately, the latest Verizon Data Breach Investigation shows that 61% of those businesses experienced a cyberattack last year. Despite the increased year-on-year risk, 43% of them still don’t have a comprehensive security plan in place.

The enormous cost and complexity of managing cybersecurity as an in-house function means that most businesses quickly realize that an external partner, such as a managed security services provider (MSSP), is the best way to meet their security goals.

By providing the full range of cybersecurity skillsets, the latest defensive technologies, and 24-hour monitoring, MSSPs provide a level of security vigilance that most businesses could never achieve on their own.

But how do you choose the right MSSP to work with? Let’s look at some questions you can ask to find the right MSSP partner.

 

How Can You Help Me Clarify My Cybersecurity Goals?

The MSSP market is large and diverse. On one end of the market, boutique firms specialize in providing niche services like penetration testing to enterprises. On the other end of the market, budget providers offer cheap solutions without any customization or hands-on support.

Most growing businesses that want to maximize their cybersecurity confidences should look for providers that fall in between these two extremes. That means an MSSP with strong ties and reputation in their local community, preferably with a track record of helping businesses in your industry.

To help narrow down the list of prospective MSSPs, you can start by asking them questions such as:

  • Can you help me secure my work from home employees?
  • How can you help me meet my regulatory compliance requirements?
  • How will you evaluate the effectiveness of my cybersecurity protections?
  • Is cybersecurity awareness training part of your solutions?
  • Can you help with legacy hardware or software that’s creating security vulnerabilities?

The answers to these questions will help you approach the MSSP vendor evaluation process with a clearer sense of what you need, so you can eliminate a potential partner who isn’t a good fit for your business.

According to the IBM Cost of a Data Breach Report, the average data breach cost hit a 17-year high of $4.2 million in 2021.

 

Can You Tell Me About Your Staff Security Experience and Credentials?

An MSSP is only as strong as its people, so the next step to finding the right security partner is to dig into who the MSSP is.

Start with senior leadership. How long have they been working in the cybersecurity field? Do they have experience working in your industry vertical? While technology challenges are similar across all industries, a leadership team with expertise in your field means they’ll be able to understand your goals and speak in your language, which makes collaboration more efficient and comfortable.

After that, it’s time to start evaluating their staff. Cybersecurity engineers have unique specializations and credentials. Things to look for include:

  • Years of experience

How long have their security engineers been in the field? A reputable MSSP will have a mix of senior and junior staff, along with clear communication paths between each level of the company, so that people with the right expertise respond to each security incident quickly.

  • Credentials and specializations

All MSSPs claim to have cybersecurity expertise, but what exactly does that mean? In the fast-evolving cybersecurity landscape, engineers should have updated certifications from recognized bodies, such as Certified Systems Security Professionals (CISSPs), Certified Information Systems Auditor (CISA), or other industry-standard bodies.

 

Can We Review Your Security Policies and Procedures?

Next, you’ll want to dig into the how of an MSSP’s work. Documented policies are critical to the success of an MSSP. They’re not only a requirement of some regulatory compliance standards, but they’re crucial to ensuring that security incidents are identified, analyzed, and responded to with efficiency.

Some of the questions to ask when exploring how your MSSP works include:

  • How will they maintain your firewalls, VPNs, and network devices?
  • Who is your interface with on their team?
  • How does that person share intelligence and collaborate with other members of the MSSPs staff?
  • How will they respond if disaster strikes?
  • Are backup, disaster recovery, or business continuity plans in place to get you back on your feet?
  • What kind of reporting can your team expect?

The question of a good process goes deep into the MSSP, though, beyond how they interact with you. It goes to how they interact with their own security. For example, does the MSSP run background checks on their own people? Are they securing their systems with multi-factor authentication and hardening their infrastructure against physical infiltration?

While many businesses overlook the question of internal security when selecting a technology service provider, a recent spate of high-profile ransomware attacks has highlighted the importance of having vendors who provide security services and secure themselves.

 

Dig Deep into the Service Level Agreements

A service level agreement (SLA) is a contract that outlines the level of service you can expect from an IT service provider. While you should aim to build a long-term, consultative relationship with your MSSP, having a clearly written SLA helps further clarify responsibilities. This means examining:

  • How they classify and notify you about events
  • When/if they hand off any security duties to a 3rd party
  • Which KPIs and metrics they use to define cybersecurity success
  • Outline enforceable SLA penalties if SLA violations occur

The global cybersecurity talent pool would have to be 65% larger than it is now to adequately defend all organizations, according to the 2021 (ISC)2 Cybersecurity Workforce Study.

 

How Can My Business Help Nurture the MSSP Relationship?

While MSSPs can be an invaluable partner in achieving better security, they just provide steadfast cybersecurity on demand. Instead, the MSSP-client relationship prospers only when both parties are investing time and energy to make it a success.

This means being frank about your security challenges, communicating with your MSSP proactively throughout the relationship, being open-minded to their suggestions. View them as a long-term strategic partner in general, not just another vendor or line item in your technology budget.

 

20 Years of Managed Security and Technology Service

For decades, the Complete Network team has supported businesses in Charlotte, North Carolina, Albany, NY, Bluffton, South Carolina, and Savannah, Georgia. If you’re interested in learning more about the MSSP model and how vigilant 24/7 protection benefits business, the Complete Network team would be happy to help.

Reach us any time at 877-877-1840 or [email protected].

Downloadable IT Resources

How To Supplement Your Internal IT Team.

In an ideal world, technology would be a consistent source of competitive advantage and benefit for small and midsized businesses. The reality is that many fail to realize that confidence.

Without the right resources and support, even a highly skilled technology team can become overwhelmed by the growing list of technology management duties. When important tasks get neglected, it creates ripple effects throughout an organization that damage productivity and efficiency.

The co-managed IT services model solves these problems by providing your existing IT team with all the support and resources they need to successfully plan, manage, and defend your network technology.

This guide covers:

  • • Aligning technology with business goals
  • • Reducing churn while preserving institutional knowledge
  • • Empowering your staff to maximize productivity
  • • Achieving the highest level of cybersecurity defense

Download it for free by filling out the form here.