What has your IT provider done for you lately?
Here are 10 things your IT provider should do to protect your business from cyberattacks:
- Respond to communication promptly, keep you updated on ticket progress, and monitor your systems to prevent issues before they affect your business.
- Follow a globally accepted cybersecurity framework like NIST or CISA when protecting your business.
- Deliver Quarterly Business Reviews (QBRs) so your technology and security are aligned with your business goals.
- Backup your data following the 3-2-1 model:
3 copies of your data on
2 different types of storage media
with 1 copy stored offsite. - Run simulated attacks, tabletop drills and authorized penetration tests
- Make sure you meet all the requirements stipulated in your cyber insurance policy.
- Keep you compliant and up-to-date with government regulations that apply to your industry (e.g. HIPAA, CMMC, SOX).
- Regular cybersecurity risk assessments.
- Proactively educate and advise you on the newest and emerging cybersecurity threats.
- Assist you wit cybersecurity awareness and education to create a security-conscious culture in your organization.
There’s more they should be doing, but if they’re falling short on any of the above, it’s time to have a serious conversation with them.
I’m putting together a short video training to send out to businesses like yours.
It’s called Choosing Your Cybersecurity Provider: A 3-Part Framework.
Let me know if you want a copy and I’ll send it over when it’s ready.