Managing the Relationship with Your Outside Cybersecurity Support Firm

04.11.2021 Cyber Readiness Institute
Managing the Relationship with Your Outside Cybersecurity Support Firm

This is the final guide in a five-part series on using outside firms to reduce your cybersecurity risk.

In the previous guide, we reviewed what you should look for in a contract with your outside support firm. Here we provide guidance on how to successfully manage the relationship. Today, almost every business is digitally connected to their customers and to other businesses. Small restaurants have online ordering. Small accounting firms use cloud-based software or file sharing with their clients. Email and texting are ubiquitous for every type of organization.

As a result, the relationship you have with your IT support firm or managed service provider (MSP) is as important to your business as the relationship you have with your accountant or bank. It is in your best interest to treat the relationship as a priority and seek to have the outside support firm become a trusted partner. Technology is rapidly advancing and cybersecurity threats are always evolving. You need to build an open and transparent communication channel with the firm.

The first year is critical for building the foundation of a long-term relationship. Don’t sign the contract and forget about it. Use the contract as the basis for establishing clarity about your respective responsibilities going forward. We recommend that you set up monthly meetings during the first quarter and consider scheduling a check-in call at least once every three months. Use the check-in call to educate yourself about what they are doing for your company and new trends in technology and cybersecurity. Ask them if there are things you should be doing to reduce cyber risk and how they are continuously helping to reduce your cyber risk. Remember though, ultimately you are responsible for the human behavior in your company. By establishing a regular review with cybersecurity on the agenda, you send the message that cybersecurity matters to you. The goal is to create an open, trusted communication channel so your outside support firm becomes a partner with you.

To download the report click HERE.