These days, I don’t watch much live TV. The exception is sports. And with football playoffs in full swing, I’ve seen a fair number of commercials along the way.
One that has stood out involves a surgeon:
“How’s doctor so-and-so?”, asks the patient.
“Oh, he’s okay,” says the nurse.
The ad goes on to say that “just okay is not okay.”
I can never remember what the commercial is for, but the point about doctors applies equally well to Managed Service Providers (MSPs) — those companies that deliver outsourced IT services to small and midsize companies.
Here, too, just okay is not okay.
Security is Fundamental to IT
MSPs face a big challenge. They support a lot of different technologies for a range of clients, each of which expects them to know and understand every system, software, laptop technology and piece of networking gear in use.
Expecting your MSP to be a security expert on top of all that is asking a lot – too much, in my opinion. In our daily work in support of clients, my staff and I have seen a range of security weaknesses, including unencrypted backups, improperly configured firewalls, unpatched servers, and more.
The fact is, any time you are “doing IT stuff,” there is the opportunity for significant (sometimes existential) failure.
Help Your MSP Serve You Well
I am not suggesting that you stop outsourcing your IT needs. We collaborate with some good firms and they play an important role until (and if) you grow to the size where you bring everything inhouse.
But you need to think about how your MSP is handling your security and do your best to help them in their support of your network and data.
Specifically:
#1. Hire a dedicated IT person at your company.
This person’s role is not to manage all aspects of your company’s IT (that’s what the MSP is for). Rather, they act as an informed and focused resource and point person who lives within the walls of your company — and whose only concern is its health and safety.
Like a medical general practitioner, they are a first line of defense, dealing with many common difficulties and bringing in the help of an expert specialist as needed.
#2. Schedule quarterly security meetings with your MSP.
The more frequently and explicitly you share the specifics of your IT needs, the more focused and customized will be the solutions your MSP can provide.
If your most important data is on Microsoft Azure, for example, you want to make sure your MSP is managing that capably. If you have compliance requirements specific to your industry, you want your MSP to be aware of that, too.
Again, your MSP has a lot of bases to cover. Let them know which pieces of your particular puzzle matter the most and meet with them regularly to ensure your needs stay top of mind.
#3. Invest in security expertise.
I don’t know how to emphasize this adequately without appearing self-serving (!), so I’ll just say it: Your MSP may have your best interests in mind, but it simply doesn’t have the knowledge or bandwidth to stay on top of all your potential security-related weaknesses.
You need a security expert for that; someone who can work with your internal IT resource and verify the actions that your MSP is taking (or not taking) on your behalf.
Final Thoughts
MSPs, like many other outsourced services, play a vital role in helping small and midsize companies run their businesses efficiently. Just make sure you’re buying what you think you’re buying — these folks are not explicitly in the security business.
Unfortunately, the bad guys are.
Ramp up your awareness and coverage to make sure your doors are locked good and tight in the coming year!
P.S. Do you know which company runs the “mediocre surgeon” ad? See if you can guess before watching for yourself, here.
Next Steps
To receive great cybersecurity content for business leaders, sign up for our monthly newsletter: https://fractionalciso.com/newsletter/
