UKIN Tech Update: Customer Security Reviews – Keeping Your End Users Secure

ResourcesTechnical NewsUKI

Our IT estate changes, the threats change, and our protection technologies evolve continuously, but who is ensuring that the policies and settings within our cybersecurity protection measures keep pace?

I visited the dentist the other day, there wasn’t anything wrong, but I was due my regular check-up. The concept of a regular health check is something we’re familiar with as a component of good dental hygiene, but do we always apply the same rigour to cybersecurity?

A regular check-up would certainly seem to make sense, just as my dental check-up did. The problem is, however, that just like a trip to the dental surgery it is easy to overlook, put off till later or downright avoid. Getting a regular check-up booked in is important and a service that our trusted channel partners can help to provide to our mutual customers. It’s a perfect way to maintain a strong relationship with your end-users, to highlight any opportunities to provide new products or services into that account, but above all, to ensure that customers get the very best protection and maximise the return on their cybersecurity investment.

Hopefully, I have convinced you of the benefits of carrying out cyber security reviews with your customers and you are already beginning the process of considering how to go about delivering this. Cybersecurity systems are inherently complex and potentially scattered between multiple management consoles (Sophos central is a great way to reduce this complexity). Any attempt to review the complex settings and configurations without a structured plan is doomed to failure. Whilst we could not hope to be experts in all vendors’ technologies, at Sophos we are of course intimately familiar with our own solutions and as such we have prepared a framework template to allow you to assess your client’s Sophos configuration in a structured way and report back to them along with recommendations.

Key areas of interest include:

  • Licensing Status – What is licensed vs what is actually deployed?
  • Dashboard Alert and Threat Analysis Centre – Are there any active issues?
  • Endpoint / Server Protection Configuration – Use of recommended protection and appropriate deviations
  • Application Control – Use of agent to limit unsuitable application usage and reduce attack surface
  • Peripheral Control – Monitoring or control of external devices and removable media
  • Global Settings – Account access privileges, MFA settings, global exclusion and threat protection settings

To support the EMEA North Sophos partner network, an adapted template has been developed based on the version extensively used and tested by our Sales Engineers with many customers. We hope that you find this useful and that you begin or refine the process of carrying out reviews with your customers, either with this document directly or by using them as inspiration to create your own.

Most importantly of all, we hope you take the opportunity to demonstrate excellent customer service by conducting health checks with your clients and help them maintain the best possible protection.

In order to receive a copy of the template, please contact your local Sophos Representative.