7 Essential Steps for Building a Robust Cybersecurity Practice

Build systems with a security-first mindset and have ongoing security conversations.

October 25, 2021

6 Min Read
Build
Shutterstock

By Jay Ryerse

Ryerse-Jay_Connectwise-author-150x150.jpg

Jay Ryerse

Small and medium-sized businesses worldwide are concluding that cybersecurity is a top priority. In a recent Vanson Bourne study, 92% of respondents said they would consider using or moving to a new IT service provider if they offered the “right” cybersecurity solution, and more than three-quarters of respondents said they were worried they would experience an attack sometime in the next six months.

Cybersecurity needs to be more than just a pledge — it needs to be a priority. This issue requires time, investment and talent to ensure that clients are receiving the service and protection they expect and is required in our current cybersecurity landscape. Ensuring that your organization is providing mission-critical services and consistently adding value to your platform is a daunting, but necessary, task.

A Path Forward

The good news for technology solution providers (TSPs) is that there’s hope and a path forward. The following seven steps are crucial to building a cybersecurity foundation that will ensure your organization is prepared to grow, invest and protect. Cybercriminals should no longer be able to freely devastate our landscape if TSPs follow these essential steps to counteract cyber threats.

Step 1: Evaluate your risk and consequences of a breach. Ransomware, data breaches, phishing scams and more have been running rampant since the beginning of the pandemic and are only expected to increase over time as the technology sector continues to grow. Organizations should conduct an internal assessment to highlight potential security gaps that create risks for themselves and their customers. Investing in the right cybersecurity tools is essential to finding risks that could not previously be detected. This practice requires regular upkeep and maintenance.

Step 2: Beef up your archaic security systems. Platforms and systems need to be re-architected with a security-first mindset. Regularly sending out cybersecurity hygiene tips to employees and customers can ensure that you are doing what you can to keep both your business and your assets safe. Many organizations wait for the next breach before implementing cybersecurity initiatives, or simply hope they are passed over. Security needs to come first. Do not put it off.

Step 3: Define a go-to-market strategy. Clients want to ensure their cloud servers, users, devices and connectivity are always available, secure and supported. Foundational cybersecurity services such as firewalls and antivirus will easily be within the capabilities of TSPs. But when it comes to providing robust network-level defense, security operations center (SOC) / security information and event management (SIEM ) is becoming a must have, as is the addition of extended detection and response (XDR) / managed detection and response (MDR) / endpoint detection and response (EDR) layered tools.

TSPs can now tap into “defense in depth” tools and easy-to-deploy managed solutions that feature …

… dark web scanning and monitoring, threat detection and response for Microsoft and Azure AD, advanced endpoint protection, 24/7 SOC support and cybersecurity risk assessments. These features make it easy for TSPs to jump-start the delivery of advanced cybersecurity solutions to customers, allowing them to scale up their offerings as their cybersecurity practice matures.

Step 4: Have honest conversations on security. It is important for security to be an ongoing conversation and objective that refreshes three to four times per year. Initiating open and transparent conversation about increased reliance on online services and BYOD (bring your own device) means everything from network and backup capacities to how secure devices and services all need to be evaluated regularly. Cybersecurity expectations need to be addressed to all parties involved because the threat grows stronger with every technology advancement made. Honest communication between TSPs and their SMB customers allows both parties to better understand their responsibilities and improve their security posture.

Step 5: Educate with security plans for remote/hybrid work. With 79% of SMBs planning to make hybrid or remote working policies a permanent fixture, according to an Hitachi survey, TSPs have an opportunity to demonstrate the value of working with a proactive partner that is dedicated to putting customer interests first. Creating a security plan of action and educating clients on their security risks is crucial to improving their security posture for 2022. That plan should consist of everything that is essential for hybrid and remote working, including endpoint detection, password policies, multifactor authentication and mobile device security.

Step 6: Reinforce your frontline response. Ensuring that your organization is prepared with threat detection and response services is essential to helping clients prevent and remediate cyberattacks. Core detection and response services should include monitoring, analyzing logs, SIEM management, customizing alerts for individual users and devices as well as scanning of the dark web to detect stolen credentials and DNS protection. Offering these services as a holistic IT security solution will help proactively identify actions that can boost technical defenses ahead of impending threats.

Step 7: Stabilize growth with a navigation plan. You cannot manage something you cannot measure. Regularly reviewing your processes and reporting on key performance metrics and statistics can assist with upgrading and managing your cybersecurity practice. Additionally, this allows your organization to identify opportunities for growth and articulate both your near- and long-term vision in ways that executives and investors wish to see.

TSPs Can No Longer Remain Bystanders

TSPs will need to get out of their comfort zone fast if they’re going to capture this significant market opportunity. TSPs can fast track their ambitions and build a practice utilizing a methodical step-by-step approach by partnering with the right vendors that can support TSPs in their mission and offer a cybersecurity practice framework that gives them access to the tools, managed services, funding and sales resources they will need. Though the landscape has changed significantly and cyber criminals are seemingly growing in numbers, if we stand strong and re-invest in our own protection, then TSPs and MSPs can grow their profits and customer base securely and confidently.

Jay Ryerse, CISSP, is the vice president of cybersecurity initiatives for ConnectWise, where he works closely with IT service providers and MSPs to provide insight and best practices for securing business networks. He’s the previous owner of a successful Atlanta-based MSP and was the CEO of Carvir, a cybersecurity company acquired by Continuum in 2018. Jay is the author of “Technology 101 For Business Owners” and was the “2015 Better Your Best” winner from Technology Marketing Toolkit. You may follow him on LinkedIn or @ConnectWise on Twitter.

Read more about:

MSPsChannel Research
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like