What is a Managed Services Provider & How Do You Find the Perfect One?
8 Tips to Identify the Right MSP for Your Business
Managed Services Providers (MSP) take the challenge of technology and handle it so you don’t have to. You should be running your business, not fixing email, patching computers, and checking for malware. You have more important things to do.
How much income is lost due to time spent fixing and securing your technology? Have you adopted a Cybersecurity Framework yet? Do you know what that is? Hint, if you attended some of our webinars you might.
An MSP (Managed Services Provider) takes care of all your IT (information technology) proactively. It’s what we call Proactive IT. A good MSP goes beyond that. A good MSP understands a business’s specific needs and takes care of all the technology related to those needs. A good MSP understands the human side of cybersecurity and trains businesses on what to look out for.
Managed Services Providers identify risks in your business and offer suggestions to resolve them. Those risks aren’t always technical in nature. Sometimes it could be upgrading your locks or tinting windows.
MSPs can help your business grow. They should become a partner in your growth suggesting changes, upgrades, and practices to create efficiency, improve productivity, and protect your data.
Managed Services Providers are third-party businesses that take care of all your technology and the related. You have accountants for taxes, lawyers for legal, and plumbers and electricians for the related problems in your office. MSPs do the same for your technology, cybersecurity, compliance, and training.
How Do You Select the Right MSP? 8 Tips
I would say ask them what CSF they follow and if they struggle to answer that question then walk away. The truth is you should expect a lot more than naming a cybersecurity framework. Here’s a list of some of what you should be asking or checking.
- Do they have any experience supporting your vertical? This is especially critical for businesses that have compliance needs like healthcare, legal, and financial. I run into this a lot in healthcare. Covered entities, that is healthcare providers, do not have a Business Associate Agreement with their IT support company.
This means that both the healthcare provider and the IT support company do not have a good understanding of HIPAA. This could lead to very expensive problems in the future.
A lot of businesses must abide by PCI compliance (Payment Card Industry) but don’t understand how to ensure they are compliant. And neither does their IT. If you accept Credit Cards you have to be PCI compliant.
Law firms have requirements for data retention (and are often targeted by cyber attackers). Financial firms have special requirements.
All businesses have industry-specific needs. Minimally an IT service provider should be able to learn what those needs are to be able to provide a higher level of support.
- What is their track record? Do they have positive reviews? Can they supply references? I am asked for references probably about 50% of the time. To be fair a lot of our new clients come from referrals. The rate of clients that come to us from the website or other method, not a referral that asks for references is probably 75-80%. This is a good practice and should be part of the process of bringing on an MSP.Check for reviews on Google and Facebook. Do they have a positive rating? Do they measure NPS? If so, what is their score?
Have they had to handle ransomware attacks or data breaches before? How did they do?
- What type of support do they offer? Do they only work 9-5? What about weekends? We live in an always-on world and while I certainly understand the importance of downtime, I also understand that some businesses need support before 9 or after 5, or on Saturdays.
Do they have after-hours support?
What about contacting support? Would you be pigeonholed to one method of requesting support? Do they have multiple channels of support? Are there self-help options? - Do they offer cybersecurity-related training? Training all stakeholders on phishing and social engineering should be a requirement. Without helping the business’s employees understand the risks and how to recognize them every one is at a disadvantage.
Take it a step further and include phishing simulation. This can be a fun way to educate your clients. Our clients enjoy the challenge and have gotten pretty good at recognizing a phishing email. I get emails forwarded to me all the time asking if they are phishing. - What kind of response time do they offer? Do they answer the phone? Do they return calls within a reasonable amount of time?
We have a tiered level of response time. That means our response time is determined by the criticality of the request. What if I told you that almost every request is responded to within the time frame created for critical issues?
- Do they offer backup solutions? If your business doesn’t have a backup solution in place you’re heading for a disaster. I can’t tell you how many times a backup has saved a client from a lot of pain and agony. Not because of a complete data loss or ransomware attack but a corrupted file, or accidentally deleted email.
- What does their cybersecurity stack look like? Is Zero Trust included? Zero Trust is a must now. The federal government is requiring it for all agencies. It should also be a business requirement. Zero Trust prevents unwanted software & scripts from running and unauthorized privilege escalation.
The security stack should include next-generation malware protection (Norton and McAfee don’t cut it anymore, and Avast & AVG shouldn’t even qualify as anti-malware), DNS Filtering, Phishing Mitigation, System Modification Monitoring (is something messing with Microsoft Core files?) at the bare minimum.
Other things like Data Loss Prevention can be added. This will monitor for the unauthorized transfer of data to outside the network. Access monitoring, log monitoring, and more can also be added for larger businesses.
- How are their people skills? If they don’t know how to talk to people or handle stressful scenarios the relationship between your business and the Managed Services Provider won’t last long. Your business has choices and poor customer service will lead to the demise of the business relationship faster than you can say fix my computer.
Sometimes businesses walk a fine line between poor customer service and mediocre customer service. Mediocre shouldn’t be accepted either but often is.
Look for an MSP that provides outstanding customer service and works hard to foster a strong relationship between their business and yours.
You have choices when it comes to selecting a managed services provider. It’s certainly understandable to consider price as a factor but it shouldn’t be a deciding factor. Expertise, adaptability, training, customer experience, and support model should all be part of the equation.
Whoever you choose as your MSP it’s also important to check on how they’re doing. While this list isn’t meant to be an extensive list it’s a good starting point. You should also confirm insurance, ask how they will communicate what was done and what needs to be done, and how much support should be expected.
Selecting a managed services provider that aligns with your business and provides the right support and protection is an important decision but hiring the wrong MSP can be detrimental to your business’s success and growth.
If you would like to review your current IT click here.
Free Vulnerability Assessment