The cybersecurity landscape continues to rapidly evolve. Even before the COVID-19 pandemic hit, bad actors were ramping up the sophistication of their attacks by subverting a target’s supply chain to gain access their ultimate target. A recent Department of Homeland Security alert cited managed IT service providers (MSP) are among those in the supply chain that hackers are attempting to penetrate.
Does your MSP represent a threat to your cybersecurity?
Just like your company, MSPs could be subject to hackers, phishing attacks and ransomware. Your MSP may already be providing security services to your business but are they taking even greater responsibility for their own security?
Here are the 13 key things you should know about your MSP’s security:
- Dedicated security function – does your MSP have trained, certified subject matter experts in cybersecurity?
- Sophisticated security toolsets – are they using best-of-breed tools to monitor their systems and yours?
- Least privilege model – do they reasonably limit access of their personnel to only those tasks they are required to complete?
- Patch management – do they continuously monitor and patch their tools to the latest versions so hackers cannot exploit security holes?
- Multi-Factor Authentication – do they implement MFA across their entire network?
- Layered security – does their internal security provide for multiple layers so hackers who may penetrate one layer are thwarted by another?
- Isolation – do they create enough isolation of their systems so a compromised system cannot affect others?
- Response plans – do they have a formal process in place should an incident occur?
- Employee training – do they have a security training program for their own personnel?
- Regulated industries – do they work for clients that require compliance under HIPAA, NIST/CMMC, SOX, GDPR and PCI?
- Penetration testing – do they have an accredited third party test their security from outside and inside attack?
- Certification – have they achieved a security accreditation by an organization like CompTIA for their Security Trustmark + rating?
- Communications – do they provide you with some documentation of their own cybersecurity practices to provide you with a high level of assurance?
Security threats are a constant in an ever-evolving environment of risk mitigation. Remember, security of your business is a shared responsibility. You have your part to play as does your MSP. They should be able to answer these questions and provide you the level of confidence you need to know your business is secure.
Complete the form below to get our checklist you can use to assess your MSP’s security. For more information about Applied Tech’s security capabilities, click here.