Every day we hear about another company becoming the victim of a cyberattack. Whether it’s MGM Resorts International, UnitedHealth, or Halliburton – all types of companies get hacked.
That’s why smart managed service providers (MSPs) understand that their customers expect them to offer guidance on developing a cybersecurity strategy that will protect them in the event of an attack – and help them develop a response plan for recovery.
So, before MSPs can detail which tools to purchase, they must explain to customers that what’s really important today is to develop cyber resilience: the ability of an organization to protect and recover from a cyberattack – and then move forward after the fact.
“Companies need the ability to withstand the attack, recover, and then minimize the damage so their principle business functions can continue,” explains David Antonio Green, client strategy and technology officer for cybersecurity at Hitachi Vantara.
Toward that end, Green outlines a five-step plan for cyber resilience:
Take a risk approach to cybersecurity and privacy
Start by making a thorough examination of the company, asking what functions are most important to the business, and which potential risks could have the most negative impact. Then classify them as high, medium, and low. Finally, identify where the team needs to conduct continuous penetration testing, regular vulnerability assessments, and prioritize which systems and applications must get patched regularly.
Evaluate the controls the company has in place
Check to see if the firewalls work properly. Are they up-to-date? Have all the patches been done? Does the company have endpoint security on all workstations and servers? Can the company identify that each employee is exactly who they say they are?
Develop an incident response plan
Interview the staff and make sure that when an incident happens they know exactly what to do. If not, create a clearly-defined plan with clear job responsibilities. Then test it and communicate the plan out to the team because it’s not a plan if the staff doesn’t know about it.
Foster employee training and awareness
Check in with each employee and evaluate where they are with cyber hygiene. Are they are reusing passwords? Are they using strong passwords? And, are they using multi-factor authentication? Or, are they trying to circumvent the security procedures the company wants to put in place?
Create a solid business continuity and disaster recovery plan
Customers need to know that the business can continue if a cybersecurity event occurs, that’s the essence of business continuity. Start by putting in redundancies so if something fails the business can continue. One of the real keys here is to make business continuity and disaster recover an organizational issue. It’s not just the job of the IT department. IT plays a role when it comes to the mechanics of the technology, but compliance, risk management and governance must involve other departments.
Want to learn more? Watch Unbreakable Resilience: Fortifying Your Digital Fortress by Mastering Cyber Resilience in Today’s Threat Landscape
Image Credit: Getty Images