- We’ve established many of the baseline technology solutions for cybersecurity, such as firewalls, patching, backup, and more. Have you considered or implemented the more business-oriented cybersecurity practices, such as a risk management, vendor risk management, incident response, or business continuity?
Many clients haven’t established what their maximum tolerable downtime is in the event of an incident. And most MSPs focus on Identify, Protect, and Detect (from the NIST Cybersecurity Framework). The second half of the security framework, Respond and Recover, is more than just restoring backups. It is people-intensive, focused on policies, plans, and roles. We all know a cybersecurity incident is a matter of when, not if. Even the most sophisticated companies can fall victim. Dealing with “when” is incident response, continuity of operations, and more.
- Have you observed your competitors either highlighting their security posture in their marketing or being directly impacted by a cybersecurity incident?
Companies that invest in robust cybersecurity to keep their clients safe want them (and prospects) to know about it. It’s a differentiator that can drive revenue and ROI.
- We take very deliberate steps and make recommendations to you for cybersecurity from an IT perspective. Would it make sense to consider a third-party cybersecurity assessment that not only independently reviews your IT security posture, but also reviews the business practices around cybersecurity, such as policies, procedures, and ROI for risk remediation?
Making recommendations for a third-party security audit not only increases your clients’ security, but reduces your liability by advancing reasonable and prudent recommendations.
Cybersecurity is more than blinking lights and white noise. It’s about considering strategy, ROI, and more. Turning “the conversation” into a business discussion moves you from supplier to trusted adviser. It’s up to your client to act.
MARK KIRSTEIN is vice president of customer success at Cosant Cyber Security, an infosecurity compliance and consulting company.