skip navigation
skip mega-menu

What Cyber Security Questions should you ask your Managed Service Provider?

Cybercrime isn't an if it happens to me for companies; it's when.

If you're paying a Managed Support Provider, you want to be assured that you're working with someone who understands your business's threats and caters to those needs.

Before signing your contract, ask your IT support provider about cybersecurity solutions relevant to your business. Whilst IT solutions look different for every business, the questions below will help you determine whether you need custom solutions.

How can I reduce the number of phishing emails and other social engineering attacks on my business? And how do I train staff to detect phishing emails better?

A simulated phishing exercise helps to raise your staff's awareness of phishing emails and guards your business against the growing trend of social-engineering threats. Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

An MSP should provide comprehensive training programs and resources that help educate employees about phishing techniques and social engineering tactics. By raising awareness and promoting a security-conscious mindset, your businesses can reduce the chances of falling victim to phishing attacks.

MSPs should also employ security monitoring tools and proactive threat intelligence feeds to identify and respond to emerging phishing threats in your business.

Does your MSP conduct Simulated Phishing Campaigns to keep your staff alert and aware? The Cyber Resilience Centre offers a Simulated Phishing Exercise (often coupled with our Security Awareness Training). A Simulated Phishing Campaign helps to educate your staff about the latest phishing techniques and shows them the newest phishing email examples and what to look out for.

Do I need to perform a comprehensive cybersecurity risk assessment of my business before getting Security Awareness Training?

It is best practice to conduct regular cybersecurity risk assessments of your business. The assessment's complexity and the frequency with which they should be completed depend on a business's size and potential for future growth. For some, an annual assessment will suffice; however, for others who are growing significantly, it is advised to conduct assessments more frequently every 3 or 6 months.

Risk assessments will not only allow your company to track its hardware and software assets, update management, password policies/usage, security awareness training programs, and network topology (layout). But it will also provide you with a wealth of evidence and documentation which can be used to apply for and pass government-backed cyber security schemes such as Cyber Essentials. 

We offer a Business Premium Membership, which includes a Cyber Risk Assessment. Our assessment is closely linked to an industry-standard framework and methodology and assesses risks over three fundamental categories; Basic Controls, Foundational Controls, and Organisational Controls.

Once completed, the assessment findings are compiled into an easy-to-read report detailing your business's strengths and weaknesses, along with remediation steps and strategies that could be implemented to improve defences.

City with Cyber Lock

How do you protect our network from unauthorised access and ensure that our data is encrypted during transmission?

Remember that security is an ongoing process in your business, and it's essential to regularly assess and update your security measures as new threats emerge. Engaging with your MSP and staying updated with industry best practices can also help enhance your ability to protect your networks.

An MSP can help protect your network by protecting against unauthorised access, ensuring data is encrypted during transmission, and fortifying the overall security posture of your business network.

An MSP can assist with the following key measures to protect a business network: Network Security, Encryption, Data Protection, Access Controls and Authentication.

MSPs should be working to ensure firewalls are implemented, intrusion prevention systems (IPS), and network segmentation to establish substantial barriers against unauthorised access.

MSPs should ensure that data transmitted over your company network is encrypted using protocols like Transport Layer Security (TLS) or Secure Sockets Layer (SSL). They can set up virtual private networks (VPNs) to create secure connections for remote employees and the business network. Additionally, MSPs should be looking to ensure businesses have data backups and disaster recovery plans to safeguard critical information.

MSPs should ensure that your business enforces robust authentication mechanisms, such as two-factor authentication (2FA), to prevent unauthorised access. They should also implement strict access controls, limiting user privileges and ensuring that only authorised personnel can access sensitive data and systems.

We can offer your business a Network Vulnerability Assessment; this can be remote or internal. A Remote Network Vulnerability Assessment remotely reviews how your business is connected to the internet like an attacker. An Internal Network Vulnerability Assessment requires access to your internal network and systems. You are simulating someone who has gained access to the internet or is an insider threat. 

Subscribe to our newsletter

Sign up here