The Ultimate MSP Incident Response Guide
A new survey of 2,400 IT and security professionals conducted by The Ponemon Institute on behalf of IBM finds 66 percent of respondents say their organization is not prepared to recover from cyberattacks and other critical incidents. A growing trend is to let MSPs handle cyberattacks and other critical incidents. Those with experience have an incident response plan in place to cope with any disruption to their business.
As an MSP do you have an incident response plan in place? Here are some ideas on perfecting your incident response plan with ConnectWise Manage and critical alerting:
Setting up alerts
The beginning of an incident is perhaps the point where you have the most control. Most systems that are under your care will send off an alarm if something is not right. Most of these notifications are in the form of email. Emails, however, are not effective as most inboxes bury important alerts. Emails tend to be easily ignored because they don’t come with a blaring audible alarm that draws your attention. Any system that sends off an email notification should be integrated with a monitoring tool or an alerting app that can be accessed using any smartphone, anywhere.
Be smart – use a smartphone
A smartphone equipped with an app that functions as a pager is the ideal solution for on call techs. While there are a lot of pager apps out there, the key is to get one that continues to broadcast the alert until it is read so that a response is ensured. Moreover, if the recipient of the smartphone message is unavailable when the page is originally sent, smartphone applications can ensure that the notification is escalated and continues until read.
Catalog and map everything
The first thing you need to do is inventory your prospect’s business processes. Ask your prospect to describe the company’s overall business model. Then assess the contribution of each IT application to the model. This will tell you what kind of protection you need to provide and expose any related applications that will need to be protected in kind.
To protect your prospective customer’s business, it’s vital that you take a high-level, business view of these operations. A seasoned MSP draws a lot of information on how to deal with incidents from past experiences. In order to have a catalog of all your clients’ past incidents, you need to document them. The best way to do this is by using a ticketing system like ConnectWise that tracks the progress of the incident and everything that happens to it until it’s resolved. No Incident response plan is complete without clear documentation of the policies and procedures—and personnel (including you) — charged with carrying them out. It’s crucial to get customer buy-in during this phase, including provisions you’ll include for testing in the near term and auditing at regular intervals.
To read more download the white paper: