Internal vs External IT Support: How do they compare when responding to security incidents?

November 6th, 2019
Internal vs External IT Support: How do they compare when responding to security incidents?

Internal vs External IT Support - How do they compare when responding to security incidents - blog feature image (900x300)

With so many businesses relying on the internet and having staff who work on their own devices from home, a robust IT system is vital - particularly when it comes to security and keeping data safe.

You may

  • be using an external IT support company to help you with data backup and recovery,
  • have a team within your organisation who support employees with a range of issues, or
  • be a small company with just one team member who has responsibility for the system, perhaps even alongside another role.

All businesses are at risk of cyber security breaches or data compromise, and no matter how much protection you have in place, there is always a chance that a hacker is able to get to your data.

If that happens, you want to know that your IT support, whether internal or external, can respond quickly to resolve problems.

There are pros and cons of each of these options...

Internal IT Team – The Cons

  1. There’s a chance that your IT team may be hesitant to report a failure or breach of the system if they think they might get the blame. Of course, if it is their fault, whether because of human error or inadequate security, they might be worried that their job will be at risk or they will receive a formal warning.
  2. Cyber criminals are becoming more sophisticated, both in how they gain access to a system and the damage they can cause. Depending on the severity of an attack, your internal IT team may not be equipped to deal with the impact of the incident. In that case, who can they go to for help? Is there a process for them to escalate problems?
  3. Hackers don’t just work during office hours, and they’re not always in the same country as their victims. An in-house team for a medium-sized business are unlikely to be on call, so what happens if there’s an incident overnight or at the weekend?
  4. One key part of responding effectively to a security incident is to ensure business as usual so that as much of the regular work as possible gets done. This is to limit the damage to existing client work and also the future of the business. The internal IT team have to support the rest of the company with this, so there’s a risk of them being spread too thinly.
  5. Depending on the nature of the breach, it may be necessary to report to the ICO (Information Commissioner’s Office). Is your team equipped to deal with this government body and able to deal with any requests from it?

Internal IT Team – The Pros

  1. The internal team know all the staff, or at least each department. They know what equipment and software is used in each area of the business and what access there is to external tools (e.g. cloud storage).
  2. They also know the business priorities, which will vary depending on what it is your company does and who for. They will be able to secure the most important or sensitive information first and ensure business as usual in those departments.
  3. Communication channels are already in place, so the IT team can liaise with senior management, staff working from home or on the road and any other relevant supplier or partner.
  4. There should be a good disaster recovery process in place for the team to follow in the event of a security incident. This will tell them exactly what to do and who to communicate with. Having a plan like this can also be shared with an external IT partner so they know what the business priorities are.

Internal vs External IT Support - How do they compare when responding to security incidents - blog quote image

External IT Team – The Cons

  1. One disadvantage of relying on an external support partner is that they’re not going to be there in person when a breach or hack happens, so they aren’t able to respond immediately. However, they should have full visibility of your systems and be able to control them as if they are there. There should be full documentation of how to respond to a breach, which the outsourced company will follow along with you.
  2. A big IT company may have several clients to support, all with different needs and priorities. They may find that there are competing demands on their time, and there’s a possibility that your company may be side-lined in favour of a bigger, more ‘important’ client. You should ensure that you have set contracted SLAs, particularly in the event of a security incident, they should have top instant response. Your IT provider should implement a dedicated Security Operations Centre (SOC) to deal with this away from their other teams so there will be no delay.
  3. The external IT company won’t know the business priorities as well as someone working within it, so they may not know what to do first to ensure business as usual. However, a detailed backup and recovery plan should outline the priorities so they can be easily understood by a third party.

External IT Team – The Pros

  1. A company which focuses solely on IT & security will have more experience of threats and current cyber criminal tactics. They will invest in a team who can deal with all kinds of incidents, and they will be proactive about keeping up to date with the latest viruses and phishing scams.
  2. They are usually available 24/7. Your IT partner should be monitoring your systems constantly to look for potential attacks. Wherever possible, they will contain and neutralise the threat.
  3. The IT partner can fix issues remotely and usually very quickly. This means that if something happens overnight, it can be resolved without someone having to get up and go into the office to let the IT team in.
  4. If there is a security incident, or something happens which will take a while to fix, the external team can work to resolve it, allowing the internal staff to concentrate on providing their usual support and helping business as usual.
  5. They will be up to date with the latest legislation and be compliant with it. Using their services will allow your company to do whatever is required and not fall foul of compliance regulations.

Knowing which cyber security solution is right for your business needs is key to being fully protected and can ensure business continuity, should you fall victim to a security breach.

Our team are always on hand to help you discuss these options in more detail.