5 Questions to ask Managed Service Providers

7 months ago | by Chris O'Brien

Questions to ask Managed Service Providers

Choosing a managed service provider (MSP) is a very important business decision. A right choice helps a business grow however likewise, a poor one can leave you exposed to security threats and waste your money.

The right approach is to compare several potential choices and ask the right questions to make an informed decision. We have put together six simple and practical questions that you can ask your managed service provider (MSP), to make sure they’re protecting your system and your data. They are:

1. Are you implementing better practice cyber security?

Managed service providers can demonstrate they are implementing better practice cyber security to protect themselves and their customers by implementing the Australian Cyber Security Centre’s (ACSC) “Essential Eight”. These are: Application control, Patch applications, Configure Microsoft Office macro settings, User application hardening, Restrict administrative privileges, Patch operating systems, Multi-factor authentication and daily backups.

2. Are you securely administering your systems and services?
Managed service providers more often then not, have privileged access to your business systems, and so it is vital they manage them in a secure manner.

3. Are you monitoring activity on your systems and services?
Most business owners and staff have poor visibility when it comes to the usage activity occurring on their systems. Good visibility is critical in detecting and responding cyber attacks.

4. Are you regularly assessing your systems and services?
This one is often missed by managed service providers. We think a good choice managed service provider is one that is aware of, and appropriately risk manage, security vulnerabilities in their own systems and services.

5. Are you prepared for, and able to respond to, cyber security incidents?
Experiencing a cyber security incident is not a question of if but when, and when it happens you need to ensure your managed service provider has the specialists that will be required to contain the incident and remediate any vulnerabilities that were exploited.