Best Practices for SMBs: Questions to Ask Before Hiring a Security Service Provider

Getting ready to purchase managed services to help support or augment your security team? You’re not alone: ​​62% of organizations said they plan to outsource some or all of their IT security functions in 2022, according to the Foundry 2021 Security Priorities Study.

Before going down that path, it’s wise to gather your requirements and think about the services you want from a managed security service provider (MSSP).

There are several basic considerations when choosing your service provider, including: the experience of the MSSP, the types of support and services they offer, and how their service level agreements are structured. You’ll also want to learn about the MSSP’s specific domains of expertise and how they correlate to your needs.

Additionally, small and medium-sized businesses (SMBs) in particular need to pay attention to several factors when evaluating their potential partner. When you’re short on IT staff, you’ll need to trust that the MSSP is able to adequately address:

  • Business continuity: How well does the service provider protect you from different types of business interruptions? Servers, software, and cloud services are subject to outages and humans make mistakes. Ask the MSSP if they have a disaster recovery site and strategy for infrastructure failure or human error. Also find out if they have insurance to cover potential liabilities.
  • Self-protection: The security of third parties and suppliers is critical, especially in light of cyber attacks affecting the entire supply chain. How does the MSSP protect itself and its data from being compromised, stolen or encrypted? What best practices or solutions do they use to protect their own infrastructure? Do they have data encryption mechanisms on the storage and transfer side? How do you handle access control and multi-factor authentication?
  • Data accessibility: You need to be able to get your data quickly when you need it. Find out how access to your data is regulated and what level of control you will have over your data. Also ask if there are self-service capabilities that give you more control and faster.

The steps that SMEs must follow to prepare internally

Data is the lifeblood of your organization, so in addition to being accessible, make sure you and your MSSP plan sufficiently for data protection.

“We recommend five vectors around data protection,” said Alex Ruslyakov, Acronis Channel Manager. “The first is that organizations should always keep a copy of their data for recovery in the event of a security incident.”

The other four:

  • Data accessibility anywhere, anytime
  • Data control with visibility into its location and usage
  • Data authenticity: proof that a copy is an exact replica of the original
  • Multiple layers of security for airtight data protection against bad actors

Although no vendor or service provider can claim 100% protection against cyberattacks, the right MSSP has a plan for when an incident occurs, Ruslyakov said. Ask about their recovery strategy and how they ensure the data being recovered is not compromised/infected.

Finally, it’s important to have visibility into exactly what you’re paying for. What level of detail can you expect on your bill? Can the MSSP validate the usage for which it is being charged?

A service provider’s proven track record and use of best-in-class technology goes a long way toward establishing confidence that the MSSP can meet your security needs. However, SMBs must also delve into the details to ensure their data and business are protected.

From applications to infrastructure, click here to see how Acronis can help your organization fill security gaps and protect your business.

Copyright © 2022 IDG Communications, Inc.

Leave a Comment