The Real Chief Security Officer – You
You might be surprised to learn that you are your company’s chief security officer. After all, you hired a managed service provider (MSP) to handle all the technology stuff for you. You have other more important things to do like running a business. If only things were so simple! At least, you’re lucky enough to have an MSP.
When you signed the contract with your MSP, you might have thought that they would handle all the cybersecurity tasks for you behind the scenes. But if you haven’t held a security conversation with your MSP in over a year, it’s long overdue.
The really bothersome challenge to keeping your business and your clients’ data safe is that what was working for you a couple of years ago might not be as effective now. Many changes in the tech world happen often and quickly.
These changes often involve patches and updates to software and major applications. Of course, many software vendors make minor changes automatically to keep things running smoothly. But often, authorized permission must be granted for major updates (like updates to operating systems). Sometimes, installing those updates might temporarily disrupt business services or cost more money. This is why only you can authorize such changes.
Why can’t your MSP handle all of this for you behind the scenes? If the patches and updates are so necessary, why doesn’t your MSP simply proceed to install them? Well, because they can’t.
Your MSP can’t authorize payment for things you didn’t agree to. If installation of new software or moving data to a new platform requires disrupting your business for a short time, your MSP can’t proceed without your authorization to do so. And before you grant authorization, you need to understand fully why such action is necessary to keep your business safe.
What to Do
As Chief Security Officer, the most important thing you can do is to schedule a security analysis with your MSP. If it’s been more than a year since you’ve had such a conversation, do it now.
Going forward, mark your calendar for a subsequent conversation every year. In fact, you might want to do it more often (perhaps quarterly), especially if your business handles sensitive information.
Let’s be clear. You don’t need to do the actual work. Think of your MSP as your technology guide or advisor. You simply need to understand what your MSP recommends doing and why.
More questions? Get in touch with us at Now IT Works so that we can help.