Why choose The Silver Cloud Business as your managed service provider?

Why choose us?

This week we were asked to provide a presentation to a management consultant on what we did for one of our clients under management and it got me thinking, why should you choose The Silver Cloud Business as your MSP?

When ever we take on a client, the first thing we do is to build a solid IT foundation.  The foundation we use for our clients is to ensure each complies with Cyber Essentials.

This doesn't mean each client will automatically be taken through the accreditation, it just means we follow the guidelines IASME has set out to make our client's environments compliant so should they wish to get the accreditation, it would be a straight forward process.

The reason we do this is because these are solid foundations that we can then build on, knowing that the underlying infrastructure is secure from cyber attack and everything running on it is in a supported state from the manufacturers.

Why is it important to have everything in support?

Cyber threats to businesses are increasing each day, bad actors, hackers use technology to exploit any weaknesses and one of the main weaknesses in IT infrastructure is equipment that is running out of date software, firmware or drivers that have known exploits.

Manufacturers often update their software because a third party has found a weakness and has notified them for a bounty.  It is in the interest for manufacturers to run bounty schemes like this because it is far cheaper to fix a problem and roll out the update than to allow customers using their product to run code that can be compromised.

BUT... the manufacturer releasing an update is like an arms race.  By announcing the update, they are also letting the world know about the potential exploit, so all hackers know to target this exploit and they go hunting for unpatched, out of date devices running the old software that has the exploit, allowing them to get in.

"They won't bother with my business, its small"

This is often an excuse used by smaller businesses thinking they are off the radar owing to their size, but this is not the case. 

Yes larger, higher profile organisations are often targeted for attack, but exploiting vulnerabilities is just a numbers game, where the hackers will set off an an automated attack that just probes anything and everything for vulnerabilities and it is just a matter of pot luck which businesses are included in these bulk attacks. 

They don't care, they just want to impact as many vulnerable systems as possible.

What do we do to protect our clients?

Cyber Essentials is built on five areas of technical control which are:

1. Firewalls - Firewall is the generic name for a piece of software or a hardware device which provides technical protection between your network devices and the Internet.  We make sure these are enabled and secure. 
2. Secure Configuration - Computers and cloud services are often not secure upon default installation or setup. An ‘out-of-the-box’ set-up can often include an administrative account with a standard, publicly known default password, one or more unnecessary user accounts enabled.  We make sure default accounts are either removed, disabled or have their security reset to prevent their usage. 
3. Security Update Management - To protect your organisation, you should ensure that all your software is always up to date with the latest security updates.  We do this but can take it one step further.  We have a patch management service that does more than just patch the operating system, we can patch 3rd party applications as well adhering to IASME standards, not as a snapshot in time, but in real time, all the time. 
4. User Access - It is important to only give users access to the resources and data necessary for their roles, and no more.  We work with clients to introduce roll based access and remove elevated rights from day to day user accounts, reducing the risk of exploitation.
5. Malware Protection -Malware (such as computer viruses) is generally used to steal or damage information. Malware is often used in conjunction with other kinds of attack such as ‘phishing’ (obtaining information by confidence trickery) and social network sites (which can be mined for information useful to a hacker) to provide a focussed attack on an organisation.  We use a layered security approach, running multiple layers of protection for our clients to prevent the various threat vectors, such as email, internet and portable data storage (such as pen drives).  The layered approach means that it is far harder for threats to get through the layers and exploit the device.  We use solutions that are found in the Gartner Magic Quadrant leaders quarter, who are the best at delivering solutions and leaders in their field.

This is our baseline for customers under management, it is just the foundations we then work from with our clients, it is not limited to the five areas of technical control, it is just where we start and build from, providing our clients under management with a very secure foundation to develop their IT services from. 

The best part is that it doesn't impact our clients, it just makes their working environment a lot more secure, and a lot less likely to be exploited and it means that if they want or need to get the Cyber Essentials accreditation, it can be obtained without the need to change anything, because our baseline is to get all our clients under management to this baseline already.

If you want more information about our services or would like to become Cyber Essentials certified, call us on 01722 411 999 and we can help you achieve this, quickly and with little fuss.