Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

The Good, the Bad, and the Ugly Managed Service Provider

published on 2022-08-23 14:26:20 UTC by
Content:

We recently spoke with WMCRC Advisory Group Member Helen Barge, Managing Director of Risk Evolves on how important it is to work with the right suppliers and partners. In our latest blog, we look at what makes a good service provider and how businesses can ensure they're receiving the service they pay for.

Let’s be honest, running a small business isn’t always a bed of roses. Whether it be a lack of staff, a delay in receiving goods, late payment from customers and clients, not to mention the disruption caused by covid and the departure from the EU, there is always plenty to keep the small business owner occupied.

We all look to ensure that we have the right partners around us to support us; people and companies that we can rely upon for good advice and service. It could be an outsourced payroll service, an external HR Partner, or legal or accountancy services – there is no end to the list of organisations that want to help you continue to be successful.

One such group is the MSP – the Managed Service Provider, the external IT Partner. According to the 2022 government survey on cybercrime, 57% of small businesses and 36% of micro businesses will use an MSP.

The challenge though in a world of ever-shifting technology and terminology, is how to find the right one. Should you continue to support your own IT? Or ask your neighbours' 17-year-old son who does IT at college to help? Buy a service from a third party, and if so which one?

Unlike outsourcing your cleaning it’s hard to know the good, from the bad, and to be frank, the downright ugly ones. If your cleaner doesn’t do a good job you know – the bins remain full, the desk is dusty, and the kitchen still has the remnants of yesterday’s lunch. But it’s much harder with the IT provider. And worse still, unlike with other professional services organisations, there is little to no guidance available to support you in finding one.

Over the last 12 months, I have been privileged to work with three other members of the West Mids CRC to tackle this position. Myself, Andy Tasker (Zenzero), Tim Pinnell (NQA) and Ian Vickers (MetCloud) had grown tired of meeting new clients for whom their previous or incumbent IT Provider was failing to deliver good service to their customer. In at least one case, the IT provider was jeopardising the security and stability of their client's business.

We were clear on our objective. How could we help our peer business owners assess a potential partner without being subjected to a response to a tender that was littered with TLA’s (three-letter acronyms) that the recipient would have little chance of understanding? We wanted something that went beyond the technology, the sale of hardware and software, and looked at what businesses really needed. We wanted to arm decision-makers with some guidance on the type of answer that they should hear. We wanted to highlight a minimum acceptable standard of service which we believe this, as yet, the unregulated industry should be delivering.

We spent a lot of time reviewing the bad. The IT providers who failed to meet the basics. The providers whose service would not meet the minimum criteria outlined by the National Cyber Security Centre as part of the Cyber Essentials scheme. Worryingly, the same government cyber security survey quoted above, identified that for the majority of small businesses, cyber security was not deemed to be an important factor when selecting their IT partner. That said, almost one in three businesses (28%) cite a lack of information from suppliers as something that inhibits their ability to manage cybersecurity threats.

We looked at behaviour. A well-managed service provider should be delivering more than just a service. Like your outsourced HR / Payroll / Accountant / Legal team, they should be updating you on trends in the industry. They should be explaining to you how you can ensure that your business is resilient to a cyber attack, without you needing to pull out a cheque book every time they email you. They should be able to show you the status of what’s happening within your business. You expect to know which of your customers haven’t paid you, why shouldn’t you know which of your staff have failed to apply the latest software updates?

We wanted to reassure business owners. This is a complex area and there is no shame in not knowing all the answers. It is your right to ask for clarification. If the response is loaded with jargon, ask again. And again. And again. And if the IT provider still can’t explain, then they aren’t right for you. If you’re Accountant presented you with a set of accounts that didn’t make sense, you’d challenge. Do the same with the IT provider.

You should also know how they can help if the worst happens and you are a victim of a cyber attack. Do they back up your systems? How do you know if the backup will actually work? How do they prove it? And if something goes wrong, will they answer the phone when you call? Do they have the right skills in place? How many are on the team? What happens if someone leaves? A good partner will be able to reply confidently, to explain (and hopefully show) the processes that they have.

This led to us developing a questionnaire that comprises just 26 questions covering 8 key areas. It has been piloted on a small number of organisations, with the initial results being positive. The questionnaire will shortly be shared via the West Mids CRC to pilot with a wider group of organisations. More details will be made available soon.

In the meantime, take the opportunity to reflect on how your provider supports you. I’ve only been able to share a small selection of the areas that are covered in this questionnaire, but if anything resonates, then I would be interested in your feedback.

Finally, if you are a service provider reading this article, ask yourself – how do you perform against each of the sections mentioned above? If you’re one of the good guys, then ‘thank you - keep doing what you’re doing. However, if there are some gaps, then now is the time to address them. Don’t let your clients down.

Article: The Good, the Bad, and the Ugly Managed Service Provider - published about 2 years ago.

https://www.wmcrc.co.uk/post/the-good-the-bad-and-the-ugly-msp   
Published: 2022 08 23 14:26:20
Received: 2022 09 08 10:53:03
Feed: The Cyber Resilience Centre for the West Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor