Where do you start when choosing the best IT Managed Service Provider (MSP) for your business?
Optimal IT systems, cyber security and administration are complicated. It takes planning, expertise and time.
Small businesses and organisations trying to do it themselves typically end up spending time on something that:
- Is probably not in their skillset.
- Takes up precious time that they could be using to grow their business.
- There is no guarantee that they are following best administrative and security practices, meaning that they may not be prepared for a cyber attack.
Outsourcing IT to an MSP can have many benefits.
- This is their day job: they are trained professionals who know how to manage IT.
- They can take over tasks so that the client can focus on building their business.
- They can protect your business better than you can.
On the flip side, there are inherent risks in outsourcing IT to a third party as they will invariably have full administrative access to your IT estate. This means they can potentially damage your business. This is all about assessing the risk of your third-party suppliers. Don’t underestimate this.
MSPs are an attractive target for cybercrime as they manage the IT for all their clients.
If they breach the MSP’s security they are one step closer to breaching all their clients.
- How do you know that they are implementing best security practices?
- Have they segregated your company’s IT environment from their other clients, so a breach of their own system does not infect yours?
How to check your MSP’s security status?
- Ask them for evidence of following best practices.
- What security certification(s) do they hold?
- Is your cloud environment managed by the MSP or do they, in turn, outsource this to a third party? If so what credentials do they possess and do they follow best practices?
- If they are breached, are they obliged to inform you and describe what mitigation they have in place to rectify the breach?
Outsourcing IT to an MSP can bring many practical and financial benefits to an organisation.
But do not assume they are protecting you in the way that you THINK they are.
Ask questions and stay in the know, have a checklist of questions to ask.
This post from the National Cyber Security Centre is a good place to start.