Does Your IT Provider Practice Good Cyberhygiene?

I have a confession to make: it’s actually a pretty trying time to be in the IT business right now. A year ago, the Department of Homeland Security issued a statement for IT and Managed Service Providers (MSPs) about an increased risk of being targeted by cybercriminals.

Since then, there has been a recent trend of cybersecurity attacks targeting IT companies and managed service providers. These attacks not only end up doing harm to the IT company, but they can also leave that IT company’s customers wide open. 

It’s now time to take a good hard look at your IT provider to prevent data breaches for your own business. The first question you need to ask your provider is if they practice proper cyberhygiene.

What is Cyberhygiene?

Simply put, cyberhygiene is the process in which an MSP - or any business - ensures they are using best practices to keep their data (including customer data) secure. Like personal hygiene, cyberhygiene is something that you have learned to routinely do, without needing to be prompted. It’s difficult to maintain good hygiene without the right tools and the right attitude. If you don’t feel that your IT provider is taking a “security-first” stance, it could be a red flag.

Why is Cyberhygiene Important?

So far this year there have been at least 3 major ransomware attacks where the source of the compromise was a managed service provider. Keep in mind, these instances were big enough to get major coverage - it is well known that IT companies are being targeted, but it will be a while before we start seeing how often they get compromised. In at least one of the cases we know about, a hacker accessed the MSP’s remote access software using stolen credentials and delivered the ransomware payload to their clients.

Should Businesses Even Hire MSPs?

I wouldn’t blame you for thinking that way, especially when you are deeply invested in your business. Fortunately, not all IT companies work the same way. Just like how there is a difference between a slice of pizza at Tino’s and a slice of pizza at Sal’s, one IT provider can vary a whole lot from the next.

I’ll admit, this topic has been hard to touch on, because I’d never want our clients to feel like their business is at risk because of something we’ve done (or neglected to do). At Directive, we’ve always taken a security-first approach. Always take a backup, always use strong passwords, always document everything, etc.

There are always going to be risks, but if you are working with a computer company that is overly lax or neglectful of security, you are also putting yourself at risk.

Remember the old adage; the shoe cobbler’s children don’t have shoes or the mechanic’s car is always in the shop? Often today these phrases are used to sound industrious. “Look how hard that shoe cobbler works for his customers! His own kids are running around barefoot!” It’s time to look at it like a serious problem. If your IT provider doesn’t have the most secure network in town, it’s time to look elsewhere.

Good Cyberhygiene Practices

Before you seal the deal with your provider, here are some cyberhygiene questions you should ask them about before they start serving your business.

• Do they enforce 2-factor/multi-factor authorization (2FA/MFA) in all possible instances?
• Do they have a strong internal password policy? What is it?
• Do they keep all of their software and hardware updated?
• What industry compliances have they worked with/been audited for? Do they audit their vendors regularly?
• Do they ensure routers, UTM and firewalls are properly configured?
• Do they train internal staff members as security best practices change?
• Have they conducted internal vulnerability assessments? Was the last one within the last few months?

Don’t be self-conscious about asking a provider you’re considering hiring how they handle their own cyberhygiene. It’s your business, your reputation, and you have the right and responsibility to ensure your provider is operating within best practices. 

Don’t Panic

Despite these incidents, the truth of the matter is an experienced MSP is your best defense against cybercriminals and other risks to your technology. In today’s competitive market, your technology’s security and stability isn’t something you should try to ‘wing’; you need a professional.

How MSPs Benefit Your Business

On average, MSPs are less expensive than an in-house IT department, and have a wide range of experience with a variety of technology environments. This grants them the ability to quickly find solutions to your technology issues.

Next, MSPs provide financial stability to your business by eliminating unexpected expenses that can stress your resources. Moreover, their 24/7 support means you reduce downtime which can cost you business due to customer dissatisfaction. Don’t think you’re ready for fully managed services? That’s ok, your business can still benefit from personalized IT solutions.

If you’re interested in having a free network assessment or IT consultation, call us today. We offer a risk-free 90-day guarantee. If you’re not satisfied with our service, we will refund 100% of our service fees.