3. Security Portfolio and Baseline Security

Security Portfolio and Baseline Security

Working within the commercial side of Cyber Security we’re finding that those in the IT department are unfortunately being lumped with the Job of Security. Realistically Security should be a separate job, due to the time investment it takes on top of the “business as usual jobs”. However public opinion is “if it has a plug attached to it, it’s part of IT’s role”. This distinction should be made clear to your clients, or you should be charging more as you will need more employees to keep up with your clients demands, otherwise your Opex will increase and your profits will slim. If it’s not in their contract, then you shouldn't be delivering it.

They should be doing everything they can to benchmark their IT security,If they were compromised it will be their name in the papers not yours.

With baseline Security, A LOT ! are in the dark with what to do. Some don’t even see this as a problem yet. From our side we see it as a case of, “when” you get hacked, it’s not going to be “If” you get hacked anymore. We suggest 4 Pillars for security. Policy's | Testing | Cleansing | Preventing

A good place to start is to find out their security matrix (i.e. what is the risk of a hack to their business and what would the damages be ? From this you would move onto the next question "What policy's do they have in place for security, and are they the right policy's ?". If they're starting a fresh we'd suggest they hire one of our virtual CISOs/Security Managers to implement changes. For a SME with an average risk we would suggest Annual Pen tests of their infrastructure ( depending on how often they change it), followed by quarterly scans. Now that the Network has been tested to protect against external threats, it'd be useful to see if there are any dormant malware that is undetected.We'd suggest a Network Threat Assessment, this would monitor traffic and data on their network and would be manually combed through (you'd be surprised how many large enterprises we've found riddled with Malware). The last process would include prevention, so the likes of social engineering/phishing and even teaching developers how to code securely. From a commercial side, this is the baseline we are told to "sell" and educate our clients about.

But hey if the work gets too much for you, you can always chuck a few leads my way/partner with us haha

/r/msp Thread
Previous
Next

Recently removed from /r/msp

New MSP | Security Stack What brand of network equipment are you using these days? Simple Way to get Windows 10 Enterprise for a client-hosted VM? I'm shopping around all the major RMMs and concerned they all mis-state NIST and ISO27001 compliance. Rewst.io Founder of Datto shares thoughts on Kaseya What would be the best toolset, (PSA, RMM, Documentation, Security) Regarding Kaseya buying Datto Different Domain for remote tools/web applications Hobbyist MSPs MSP hack - just wow; its great until it isnt Sick of clients re-shopping my hardware quotes Can Azure beat private cloud hosting? Mental health of MSP owners and technicians We started poking at selling smart home automation. It's not as far from the MSP wheelhouse as you might think.

More Random Comments

CMV: Not accepting a lot of asylum seekers doesn't have to be inhumane or immoral Ouvy and his daugter mb guys she looked 10 in another pic she prolly like 5 or 6 Advice on my situation? (Trigger warning for those not supporting abortion) Trump supporter who protested against vaccinations dies of COVID-19 Rand Paul seeks “Criminal” Investigation of Dr. Fauci After Senate Tussle What Wolff actually mailed to the stewards came down to this. Mayor-President’s proposed fiscal recovery budget just released… A new take on Hill Giants Peterson Air Force Base, Schriever Air Force Base and Cheyenne Mountain Air Force Station to get new names Can someone more woke than me explain how they got the pronoun's wrong? Did you ever turn down callings as a TBM? "Being Black with anxiety is the worst because every anxious interaction you have gets vilified." CSGO — Valve announces Dreams & Nightmares, A $1,000,000 CS:GO Art Contest Popping confetti under high voltage lines Twitter lets literal Nazis thrive on their platform