When it comes to security, not all Managed Service Providers (MSPs) are created alike. Why you should care and what you should know.
In the shady world of cybercrime, highprofile corporate breaches often make headlines, but what about attacks on Managed Service Providers (MSPs)? As the gateway to large vaults of data, MSPs are targets. The most cunning hackers will attack MSPs, because they can access multiple networks across industries with just one point of entry.
MSPs, which often remotely manage their customers’ IT and user systems, have the “keys to the kingdom.” In addition to direct, privileged access to client networks, they may also house a large amount of customer data, sometimes sensitive or confidential, on their own internal infrastructure.
This can be tantalizing to attackers. Why cast a dark net for a single company when you can reel in an MSP that manages multiple clients?
If you are looking for an MSP or want to know how your MSP stacks up, don’t be complacent about security. Here are some essential questions you should ask every MSP about their security practices.
- Do you have a trained security officer? What certifications does the security officer have? Trained security officers manage and maintain an MSP’s security program. An MSP should have a security officer who is, at a minimum, a Certified Information Systems Security Professional (CISSP). Outsourcing is absolutely acceptable.
- Does your staff have security certifications? Please identify specific security certifications. Training and education is critical. Look for an MSP with at least one CISSP certified officer on staff or a Virtual Security Officer who provides a similar level of guidance.
- Is your staff trained in compliance, phishing education and general best practice? Please indicate how frequently training takes place. This indicates that an MSP is keeping up with compliance and security standards.
- Do you keep current on security trends? Do you have an internal security committee? How often do they meet? Can we see your last two agendas? This reveals whether the MSP takes a proactive, security-first approach to staying current.
- Is your MSP in compliance? Please identify specific compliance certifications. In addition, an MSP should have certifications that meet the compliance requirements of their customer. Look for the following certifications if your company must meet certain compliance standards (this is a growing trend):
- Professional Services Automation (PSA) (e.g. ConnectWise)
- Remote monitoring and management (RMM) (e.g. Kaseya)
- Password vault
- Documentation (e.g. IT Glue)
- Backup management (e.g. Datto)
- Email / cloud storage (e.g. 365)