Think you need a cyber security consultant? Check what your IT company is doing

By Matt Taylor, Technical Director

I attended an event recently where a speaker on a panel session told the audience of small / medium business owners that they needed to engage the services of a specialist cyber security company as well as their IT Managed Service Provider (IT provider).

Their argument was that this would save you money in the long run because your IT provider is telling you that you need to spend large amounts of money upgrading this system or that system when all you might need to do is apply the latest patches to older systems to remain secure. He happens to own a specialist cyber security company so I guess he would say that!

My counter argument to that point of view is this:

• A good IT provider will be patching all your systems properly and ensuring you have a decent minimum level of cyber security already.
• A good IT provider will have implemented systems to monitor your infrastructure and devices for breaches.
• A good IT provider will have advised you to get your systems independently verified by a 3^rd party such as IASME with their Cyber Essentials & Cyber Essentials Plus assessments or ISO 27001.
• A good IT provider will have advised you to look at Information Security assessments such as IASME Cyber Assurance to increase your cyber resilience (the ability to recover from a breach).
• A good IT provider will work with their clients to create technology roadmaps and budgets so that large expenditures are planned for in advance and the business goals are supported by the technology.
• A good IT provider will continuously review your systems to make sure they are aligned with current best practices.

You don’t need a specialist cyber security company and an IT provider– you just need a good IT provider that’s doing what they should be doing.

The only time a small business might need a 3^rd party cyber security specialist is in the event of a significant breach that needs investigating. If you have a competent IT provider doing all the things outlined above the chances of this happening are low but not zero – people are human and mistakes will happen.

Should your systems suffer a significant breach your cyber insurance policy will kick into action and cover engaging the services of a specialist legal team and a specialist cyber security team for you. Your IT provider should do the initial breach investigation and then hand over the control of the investigation to the specialist teams and support them in their job.

On that point – you do have cyber insurance, don’t you?

We speak to many small and medium business about their cyber security. Some of these businesses have an in-house team (or person!) looking after their IT and some of them engage the services of an IT provider. Some do engage a dedicated cyber security company as well. All of them could improve their cyber security in some way or another. If you take away anything from reading this article it should be this:

• Make sure you have a good IT provider doing all of the points above.
• Make sure you have a good Cyber Security insurance policy that will be there for you when you need it.

If you want to know more about cyber resilience join our webinar on 26^th June or register to attend our in-person events in July & September. All events are on our website here: Pro Drive IT Ltd – Events

If you don’t think your IT provider is doing all of the above, get in touch with us and we can help you audit your security – at no cost! Contact Us | Pro Drive IT