Support Center

Contact Us

When It Comes to Cybersecurity, Does Your MSP Have Your Back?

emerge-does-your-msp-have-your-back-blog-image

Managed Service Providers (MSPs) pledge to keep their customers cyber-safe. This requires that they do all they reasonably can to protect themselves. After all, bad actors, like the Play ransomware group, target MSPs to infiltrate their customers. If this has you wondering just how secure your MSP is, here are five questions that Jeff Aiken, one of our cybersecurity experts, suggests you ask and why:

How will you manage and protect our account’s passwords? It’s not uncommon for some MSPs to let the passwords to their customers’ accounts remain unchanged for months, even years. At Emerge, we change our customer account passwords daily. In the event of an incident, we can change them within mere minutes. Some MSPs use the same passwords for different customers or do not bother to change passwords when an employee leaves their company. This kind of MSP complacency and risk-taking should never be tolerated.

What security frameworks do you follow? Any MSP worth its salt will strictly adhere to an established and proven security framework. Following these takes about 80% of potential vulnerabilities right off the table. So, you’ll want to ask your MSP which one or ones they embrace. At Emerge, we dutifully follow the NIST (National Institute of Standards and Technology) Cyber Security Framework and the CIS (Center for Internet Security) framework.

Will you share your CSEP? A CSEP, a customer security event plan, describes what an MSP will do should a customer experience a security event. Buttoned-down MSPs, like Emerge, have detailed CSEPs for each and every customer. Ask your MSP to see what they have prepared for you. If they don’t have one tailored to your specific situation, it may be time to consider a new MSP.

Can I see your Incident Response Plan? All MSPs should have an incident response plan (IRP) that dictates what they’ll do should they come under attack. In other words, a CSEP details what will happen if you experience a security incident, while an IRP details what will happen if your MSP is the target. Ask your MSP to review their IRP. After all, a cyber-attack isn’t so much a matter of if but when. If your MSP doesn’t have an IRP, it should give you pause. Serious pause.

Do you have a “runbook”? A runbook is insurance terminology referring to the steps an MSP and its customers will take should they find themselves the target of a ransomware attack. It covers reporting, containment, recovery, post-action review, and more. When your MSP has a runbook, as we do at Emerge, it goes a long way to establishing confidence (and better rates) with an insurance firm.

Your security is tied to your MSP’s security. How your MSP answers the questions above will shed light on just how secure you are. Or aren’t.

Share: