If it was Easy as Fishing
How sure are you that your Managed Services Provider (MSP) has what it takes to qualify as an MSSP (Managed Security Services Provider)? To paraphrase a line from Taking Care of Business by Bachman Turner Overdrive, if it was “easy as fishing, everyone would be a magician.”
When it comes to the security of your data, you certainly don’t want someone learning “on the job,” and amateurs need not apply! In the wake of the recent Ransomware attacks, every business in the world is scrambling to maintain control over their information technology and everybody wants to go fishing in the lucrative waters of information security.
Suddenly every MSP in the world thinks they can buy a little more software and hardware, hire a few more people and “voila”, overnight they are an MSSP. Simply adding another letter and hiring a few people does not qualify IT providers to become Information Security Experts.
Question to Ask Your MSSP
With that thought in mind, we respectfully suggest you ask your prospective Information Security provider the following questions:
- How long have you been in the Information Security Business – not just how long have you been in business, but very specifically how long have you been an MSSP?
- Please provide the contact information for three companies you have provided Information Security Services for for over three years.
- How many members of your staff have been trained in Information Security and are certified Information Security Analysts?
- What degrees and what level of experience to these Information Security Analysts have individually and as a group?
- How long have you been working with the hardware and software platforms you are currently deploying on behalf of your customers?
- Specifically how are you configured to protect yourself and your clients from security breaches like Wannacry and Petya?
- What is your Patch Management Strategy? It used to be that companies routinely added bug patches and upgraded their software with new enhancements. In today’s world of viruses, Trojans and Ransomware, patch management is a full time endeavor.
- What is their direct experience with HIPAA and PCI compliance and who are their clients?
Purchasing the Latest Antivirus Software Does Not Cut It!
Information Security is constantly evolving, and your program should not be built on just having the latest anti-virus solution. It also is not about just buying a product to say you have it – it is a culture that is defined by people, policies, and controls.
Where to Go for Help
Intrinium has been in the Information Security business since January of 2007 and believe that security is a state of mind, not a collection of products. Contact us today to learn how we can help you secure your information and give you the peace of mind you need to combat the hackers and information criminals.