Establishing Basic Cyber Hygiene Through a Managed Service Provider

Small and medium enterprises often face the need to outsource their information technology infrastructure and services. Managed Service Providers (MSPs) offer the ideal solution of providing the services at an affordable cost and allow enterprises to focus on other aspects of their operations. Despite the convenience, relying on a third party for all of an organization’s technology needs can leave an organization feeling uncertain, vulnerable, or provide a false sense of security. The current threat landscape indicates a particular cyber threat actor interest in these third-party providers. The providers serve as attractive targets for cyber-attacks due to the level of access they afford actors into the clients’ networks and the ease with which actors can affect multiple victims by compromising one entity. This paper provides an overview of the CIS Controls® v7.1 and provides small and medium enterprises with a guideline questionnaire to ensure their basic cyber hygiene needs are met by their managed service provider.