Tickets not being responded to? Callbacks taking days? Account manager not returning your voicemails? Dropped calls, short-staffed or flat out no one to help? These are just a few signs that your IT Managed Services Provider (MSP) was not prepared to support you during the current pandemic.
We are hearing from quite a few companies that their businesses took a backseat to their IT provider trying to find its own footing during the Pandemic. Companies must understand the risk of working with an underprepared MSP. Your organization can lose tens of thousands of dollars in revenue, opportunities, and suffer reputation damage because of your MSP dropping the ball. The core responsibility of any MSP is being ready to help your business when you need it most.
What’s the Risk?
When dealing with and MSP who is not prepared for a catastrophic event impacting their business as well as their clients, they are violating a fundamental trust between the two organizations. They are creating unnecessary risk to their clients.
There are three major risk areas that directly impact a company when working with an underprepared MSP.
Unprepared MSPs do not have the necessary staff, planning, or processes in place to change the way they work during a disaster without risk to YOUR company. During an unplanned disaster or major incident, MSP work routines will breakdown, and access to the systems they use to support their clients will change. Changes may include quickly building VPNs for their service desk to work from home or giving system access to employees without using a formal process to review and document the security impact of that change. When frantic changes happen, client data and systems are put at risk. Client passwords could be downloadable to personal employee computers. The remote support software used to help clients may be opened up without advanced security. Any number of issues associated with unplanned changes to secure systems could occur.
If your MSP is scrambling to get THEIR OWN systems online during a disaster, how effective can they be ensuring YOUR systems are online? An MSP should see itself as an essential business, with a first responded mentality. Last out- First in. When a business needs to be online during a major business interruption, they should not have to wait on their MSP to figure out how to get online too. An MSP should have a plan and process for working during major issues that impact their region and client base simultaneously.
If your company is unable to provide services to your customers during a major incident, your business reputation will suffer. You may lose clients. During times of crisis, customers will need to rely on their partners and providers. Not only is it critical for your business to be online and available for your clients, but you should consider being available to take market share from your competitors. Find a way to act quickly to support your industry.
What Do Businesses Need to Know?
There are a few simple things businesses should discuss with their MSP regarding Incident Response and Business Continuity:
- Ask your MSP to provide you their written Incident Response Plan (IRP). You should be able to review the plan, ask questions and understand how your company fits into the plan.
- Ask your MSP how often they test their IRP and how do they test it. For the plan to be effective, it has to be periodically tested like a fire drill. The plan should be tested as a “live-fire exercise” often throughout the year. The plan should be reviewed and all employees should be trained on the plan.
- How is YOUR data secured with your MSP? Your business data such as passwords, IT processes, network diagrams, systems configurations, and remote access software are in the hands of your MSP. You have the right to ask how this data is secured. Multi-Factor Authentication (MFA) should be implemented on all systems that store data for your company. Passwords should be stored in a secure password manager with audit trails, user rights assignments and at least 3 levels of authentication.
- Can your MSP work without an office? Your business should know that your MSP is capable of working as a distributed workforce, securely. Your MSP should have encrypted laptops for all employees, cloud based tools for the full support of your business. The use of secure video conferencing software for regular meetings with your account managers and online bill payment options are signs of a mature MSP.
Take the time to ask questions of your MSP and understand that you have options on who you use as a provider. If you feel like you are not getting the answers that will benefit your business, it may be time to make a change to a more mature MSP.
What’s your current MSP doing for you?
Get the transparency you deserve with our Free IT Assessment
Here’s what you get:
- A detailed analysis of your current technology
- An action plan to address operational deficiencies
- A detailed budget plan and scope of work
Get the clarity your business needs to succeed. Completely risk-free, with no-obligation.