Dear Client: Security
The following is a fictitious letter to the "Every Client." That client who trusts their MSP (Managed Service Provider) implicitly. The client that knows that IT Infrastructure is important, but doesn't truly understand how IT supports their business.
Let's talk about security. I know you know it's important. We hear about it in the news all the time. You dread the thought of an incident actually happening to your business. I dread that too.
There are some things that we can do together too help protect your business.
1. Be Aware:
Client, you should be aware of what is happening, security related, with your business. Do you need to be so granular that you have a detailed list of every Firewall rule?
It's my job to understand how your system could be targeted by, for example a Denial of Service attack.......However....... You should be aware that things like that (DOS) are happening. You should know that that Firewall, Intrusion Detection, System, logs exist. You should know that these logs contain the story of what has been going on with your business(security specifically).
2. Ask Questions:
I will do my best with the resources you have made available. This is your business we are talking about and I am here to support it. You should be aware of what the greatest security threat to your organization is. *cough employees.
It is not good enough to just believe your MSP. If I tell you that "...this vendor is really good (Hadware Firewalls)." Ask me why? Understand why some decision is better then the other. Why did I pick this product to protect you? Why did I select a more expensive option? You have hired me because I am an expert, you trust that I know the difference between an apple and an orange when it comes to security. Ask me, and I will tell you. I like it when you are curious. I like it when you want to understand the process of security. I'm here to keep your business safe, you might as well understand how I am doing that.
3. Ignorance is Not an Option:
We no longer live in a time where we can claim ignorance of security. Your clients expect you to keep their data safe. They expect you to support and/or provide a service too them.
The internet is like the wild west, and security events are happening all the time.
Your business could be targeted randomly/intentionally for an attack an any point. Your employee could be lured into clicking on a phishing scam and then all of a sudden someone could be stealing or destroying your data.
If all else fails read tip 1 again ;)
Your IT Security Provider