Establish Basic Cyber Hygiene Through a Managed Service Provider (MSP)
Small and medium-sized organizations often grapple with IT challenges such as limited funding, evolving technologies, legal compliance, and a shortage of skilled IT staff. They frequently turn to Managed Service Providers (MSPs) like SnyderOne to handle their IT infrastructure, allowing them to focus on core operations.
The Center for Internet Security (CIS) has released guidance to help enterprises with this challenge. The new guide, Establishing Basic Cyber Hygiene Controls Through a Managed Service Provider, can help small and medium enterprises ensure their basic cyber hygiene needs are met by their service provider.
CIS Controls utilize Implementation Groups to prioritize cybersecurity initiatives. By identifying the right Implementation Group and CIS Controls for your organization, you can better integrate an MSP like SnyderOne into your strategy.
CIS Controls
The CIS Controls are internationally recognized for bringing together expert insights about threats, business technologies, and defensive options into an effective, coherent, and simple way to manage an organization’s security improvement program. They are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks. The CIS Controls are comprised of 20 Controls that are supported by 171 Sub-Controls, or Safeguards.
In CIS Controls V7.1, CIS introduced a new prioritization scheme called Implementation Groups (IGs):
- IG1 is the definition of basic cyber hygiene and represents an emerging minimum standard of information security for all enterprises.
- IG2 prescribes what has to be done for more sensitive components of an organization depending upon the services and information they handle.
- IG3 is the highest level of cyber hygiene. These are steps fully mature organizations should take to protect the most sensitive parts of their missions.
MSP Services and Solutions
MSPs like SnyderOne, from a security perspective, can help enterprises reduce the risk of understaffed and underfunded in-house solutions. Due to their offerings, MSPs are highly attractive to potential clients. They offer a wide range of solutions and services that include, but are not limited to, those listed below:
- Anti-virus, anti-spam, anti-phishing, and anti-malware services
- Data backup services
- Network monitoring services
- Software configuration and provisioning services
- Cloud computing services (applications, services, resources, management)
- Hardware configuration and implementation services
- Network infrastructure configuration, implementation, and enhancement services
- Patch, repair, and update management services
- On-demand augmentation of incumbent staff/expertise
Ensuring Basic Cyber Hygiene with MSPs
How can small and medium enterprises protect themselves while taking advantages of some of the benefits of working with an MSP like SnyderOne? Asking the right questions when shopping for a provider can help inform an enterprise’s decisions.
The new guide from CIS considers the issue from the perspective of the CIS Controls and provides a baseline of questions to ask MSPs. It is especially important to know:
- The types of controls that are implemented at the MSP for their own security
- Which CIS Controls are implemented by the MSP on behalf of its clients
The guide contains a questionnaire that can be modified to address an enterprise’s specific concerns before it is provided to the MSP.
The 43 Safeguards in CIS Controls IG1 provide a guideline for basic cyber hygiene for all enterprises. In particular, IG1 can be easily implemented by small and medium enterprises, potentially with support from an MSP. These Safeguards will help organizations protect their IT infrastructure, systems, and data from most cyber-attacks.
The new guide, Establishing Basic Cyber Hygiene Controls Through a Managed Service Provider, is an effective way for organizations to ensure their basic cyber hygiene needs are met when contracting with an MSP. Our team is more than ready to assist you in implementing Cyber Hygeine Controls in your enterprise - use the contact form on this page to set up a time for us to discuss a custom security solution today.