Managed Services Providers should be inching their way into more focused security consulting for their clients, but unless you are a high value target for hackers; a full blown MSSP is probably not necessary and implementing the following list of best practices will help you sleep better at night.
- Upgrade to the latest endpoint protection platform offering, with file less malware detection, memory injection protection, machine learning, and other features
- Remove administrative rights from Windows users where possible
- Implement a strict Onboarding and Off board process for users
- Perform regular patch management; automated would be ideal like using SolarwindsRMM
- Implement network segmentation for critical systems, general employee resources v. guest access.
- Implement robust anti-spam technical controls, like Securence for email filtering.
- Use some form of SIEM/log monitoring solution (basic detection and response), this would be for medium valued targets handling large amounts of personal data.
- Use backup and restore for ransomware protection – SolarwindsBackup
- Conduct basic security awareness training at least quarterly on latest threats
- Consider some basic phishing emails to test, educate and raise awareness among users. There is good chance this will happen in the course of doing business, but a little more effort in this category can really assist in avoiding real phishing scams.
Please do be aware of industry required regulations for your specific business and as we move into the future; most small businesses will begin to see more attacks as the larger ones shore up their defenses, making them not worth a hackers time to hack.