You’ve likely heard in the news about the latest security threat and who has been breached. It seems like a big-name company is in the headlines every single day. The reality of today’s world is that every business is at risk of a security breach and Managed Service Providers (MSPs) are no exception. If anything, MSPs have a bigger target on their backs. You might be thinking “great, that doesn’t apply to me”, but we’re here to tell you that if you work with a Managed Service Provider, this most definitely applies to you.
Now, this doesn’t mean that you should never work with an MSP. We’re an MSP ourselves and that would be silly of us to suggest that. What this means though, is you need to start asking your MSP some tough questions about their own internal security practices.
When it comes to security, not all MSPs are the same.
It is not uncommon for managed service providers to offer some level of cybersecurity protection, which is the problem. Today’s threat landscape requires a deeper level of cybersecurity expertise than what most small MSPs can afford to offer their clients.
Firewalls, spam filters and antivirus are all still needed, but this is the most basic level of protection. What worked in 1990 no longer works today. Even some of the more advanced solutions that many MSPs resell or white label to their customers serve as just a bigger band-aid, but that’s about it. Many cybersecurity solutions are marketed with fancy names that sound sophisticated but do nothing more than alert the company after a hacker has gained access to a network. Let’s be honest, that’s not very helpful. These types of solutions are not proactive or preventative. They are reactionary “solutions” which do not help protect your business from destruction.
Why does this matter?
Whatever solution the MSP resells, they likely also use for themselves. If the solution is not an advanced proactive solution, and the MSP experiences a security breach or cyber-attack then your business is also at risk.
Why MSPs are a target for cyber-attacks.
A cyberattack on an MSP or on a tool that an MSP uses can be devastating to many businesses. Today, MSPs are BIG targets. If a cybercriminal gains access to a tool an MSP uses, it can trigger a snowball effect, creating a security risk for every company network the MSP has access to.
Think about it. MSPs have access to their clients’ networks. They likely have remote access agents on ever device of every user at every business they service. Once a hacker gains access to an MSP’s network or a tool an MSP uses, you can imagine the hacker is about to have one heck of a payday.
It might sound like a rare occasion that a hacker could possibly gain access to an MSP’s network, but it happens more than you think. In fact, it recently happened in July 2021 when a popular IT management software, Kaseya, was hit with ransomware, one of the most intrusive and damaging cyberattacks. Kaseya reported that 1,500 businesses were impacted due to the ransomware attack in a matter of hours. It all happened because the hackers found a vulnerability in the software and took advantage of the open door. Thankfully, Kaseya was able to shut things down before it got too bad, but a very valuable lesson was learned by many businesses: Even their MSPs are at risk.
How to know if your MSP is secure.
As we mentioned, not every MSP is created alike. It’s important for you to vet your MSP and ask them some hard questions about their own cybersecurity practices. If your MSP is pressing you to sign up for cybersecurity protection, press back. Are they encouraging you to buy a service so they can make a profit, or are they genuinely concerned about the welfare of your business, and does it address a specific business need? Does your MSP have a security-first mindset? If so, you’ll find that your MSP has advanced cybersecurity protection in place for their business because they understand the realities of what it means to be in the MSP industry.
To help you have a constructive conversation with your MSP, we’ve put together a list of questions you need to ask. Make sure your MSP is taking cybersecurity seriously. Your business depends on it. If this is something you want help navigating contact us. We can help you understand what it means to be working with a Security First MSP.