The single most important action every organization leader needs to take in regard to cybersecurity is to know what security and monitoring measures they are currently paying for.
Nine of out ten leaders with whom we meet have no idea what cybersecurity measures are deployed on their networks and devices. Furthermore, these leaders cannot easily access any document outlining the specific services for which they are paying!
Some may argue that good leaders delegate and outsource various tasks to ensure key business functions are performed by individuals with expertise in the given task. While I agree in the need to delegate, every leader deserves a high-level understanding of their security posture. It is essential to know the actions being taken to ensure the continuity, profitability, and security of their business.
Many Managed Services Providers (MSPs) and cybersecurity companies across the country use the complex and ever-changing nature of IT to keep clients in the dark about their services.
Today’s world demands a level of transparency not all MSPs are willing to deliver. Transparency in service delivery and price is particularly important for publicly funded entities such as municipalities and schools who must report financial data and compliance to governing bodies. So, how can a leader determine if their current provider is providing adequate service?
First, you should be able to locate a document outlining the services for which you currently pay. These services may be listed on your invoice or detailed in your initial contract/SLA. Second, you should know which devices are being protected. Is cybersecurity deployed on your server only? Is protection extended to workstations? Mobile devices? This is particularly important to businesses operating in heavily regulated industries such as finance, healthcare, and government. Third, you (or another leader in your company) should have a dedicated point of contact at your MSP/IT company beyond the generic helpdesk email address. In today’s virtual world, businesses rely on technology to perform sales, finance, operations, and service delivery tasks. In the event the worst happens, such as your physical building floods or a ransomware attack is attempted, you need a direct point of contact. Many IT support companies leverage helpdesk centers located in other countries and while this can be an efficient means for addressing daily IT issues such as resetting passwords, disaster scenarios require immediate attention from individuals with extensive IT knowledge and capabilities. Finally, you or an identified representative from your company should meet with an account manager or IT specialist at least once a year to review the state of your IT environment.
Just as business leaders possess a working knowledge of a company’s finances, leaders must also acquire an understanding of the company’s IT environment and security posture. As I have mentioned previously, no one wants to attend the early morning emergency meeting after a massive data breach. And no leader wants to have to ask, “How did this happen?”
As we head into Q4 and budget review and preparation, take time to investigate what services your MSP/IT Company is providing.