Your security tools often have built-in reports to help you understand the day-to-day information and help with your overall security posture. In particular, a good endpoint detection and response (EDR) tool, like SolarWinds® EDR, will offer reports and attack timelines to help with forensic analysis. This will be extremely useful as part of understanding the nature of an attack as mentioned in the previous step. However, it’s also useful for demonstrating how your defenses worked to stop an active attack.
Run regular vulnerability assessments
We’ve mentioned this in other posts as well, but try to use a vulnerability scanner on a semi-regular basis to uncover potential areas for improvement. A simple scan can often reveal unpatched software, misconfigurations, or default passwords lurking somewhere within your customers’ IT infrastructure. You can often fix these issues quickly, which not only helps reduce their security risk, but also demonstrates the value of your work.
Try penetration testing
Penetration testing involves more active work than a vulnerability scan, but it may be worth going the extra mile, particularly for higher-risk clients. While vulnerability scans can be automated, pen testing will require more in-depth security knowledge and skills to execute effectively. It may be worth partnering with an outside firm to perform pen tests on an as-needed basis.
While most of our tips have focused on your customers, don’t forget that as a business partner, your own internal security is a crucial link in the chain of your customers’ security postures. So make sure you’re consistently running your own vulnerability scans and practicing good cyberhygiene. Plus, if you don’t pen test for customers, it’s at least worth hiring penetration testing services for your own MSP since a compromise could lead to a successful attack on your entire customer base.
Share your findings
Finally, make sure to share reports and analysis with your customers on a regular basis. This is most important and urgent after a security incident occurs, but you should also add a security review portion to a quarterly business review update with your customers. Your quarterly meetings should both demonstrate the work you’ve done over the previous quarters—including before-and-after snapshots on vulnerability or penetration tests—as well as recommendations on additional security steps they should take. This can be a perfect opportunity to use data to persuade customers to take on new security steps to further reduce their security risks. This not only helps your bottom line, but ultimately, helps them stay up-to-date with the latest security threats.
Where do you stand?
With National Cybersecurity Awareness Month ending soon, it’s worth making time to take stock of your own internal security and the security postures of your customers. But remember, just because NCSAM is almost over, cybersecurity work never ends. Cybercriminals continue to evolve their threats and often find new angles to compromise systems or steal or encrypt data. Cybercriminals don’t take holidays—neither can your cybersecurity programs. However, if you keep the principles and overall framework we covered in the past few weeks in mind, you should have a good foundational process for staying ahead of the cybercriminals.
Over the past few weeks, we covered four important steps in the process of securing your customers. We also put these steps together into an easy-to-digest infographic with some important stats that could be useful in your sales conversation. Get the infographic wrapping up the tips and steps for free—download it now.