Small and medium-sized businesses (SMBs) are the biggest targets of cybercriminals, and they often don’t have the necessary budgets, people, processes, and products to protect themselves. Because of this, SMBs are increasingly turning their cybersecurity protection over to managed service providers (MSPs). 

There are a number of elements to consider before you hand off all or selected portions of your 24/7/365 cybersecurity management and monitoring requirements to an MSP. Those elements include your network, perimeter and device protection, patching, identity and access management, and application and data security. In addition to that - one of the most important considerations is what kind of reports does the MSP offer to ensure you’re getting the protection you’re paying for?

Ensure you are getting enough value from your MSP

Making sure that you are getting value from your MSP is a big challenge. According to a recent survey, most SMBs (61%) don’t rely on an MSP, and 38% of the respondents based their aversion for ‘reasons surrounding cost, trust, or execution’.

Reports can at least partially address all three of these reservations, and can vary as much as your cybersecurity requirements. Your protection needs can range from hacking, viruses, and ransomware to phishing and denial of service attacks.

The MSP services can include prevention, detection, and resolution services, as well as disaster recovery. The reports should start with what have you done for us during this reporting period, an update of the status of antivirus, patching and backup functions, where are we at risk, and what could we be doing different and/or better.

A network audit and assessment report should be the first step of an MSP engagement. This report will identify the devices, software and networking assets and vulnerabilities, and provide the basis for determining what services will be required. As your environment - and the internal and external threat environment - are constantly changing, reviews should be performed on an ongoing basis.

The typical SMB is not interested in detailed analysis of every bit and byte when it comes to cybersecurity, so the regular reports, either weekly or monthly, should provide an easy-to-understand summary of the services provided during that period. It lets you know what you’re paying for, and why it is an important part of your business portfolio. For those looking for more information, technical diagnostic reports can provide a more detailed view of your networks and devices, and proactively identify issues and trends that should be addressed.