(Image by Gerd Altmann from Pixabay)
Is using an MSP such as Weston Technology Solutions a risk to my business? Yes.
But it may be a much bigger risk not partnering with one.
In recent news you can find reports of companies being infiltrated by “hackers” through techniques such as “Email compromise” and “Ransomware”. Some of these reports also include that these attacks were made possible through the company’s outsourced IT company, normally referred to as a Managed Service Provider (MSP). This brings up the question of whether your company is more at risk using an MSP than it would be trying to do IT internally.
The answer to that question relies on a variety of other factors, but first we need to understand risk: Risk is a function of the likelihood of something bad happening and the impact to your company if it did. This is nothing new and has been around since businesses started. It used to be your catastrophic risks as a business were someone stealing your valuable goods or a fire burning down your building.
Today your business has to be connected with your clients and your vendors in order to survive. This is done through the Internet. This creates a huge new set of risks and opportunities for thieves to damage your business. You can greatly reduce this risk to your business by just unplugging your company from the Internet — except that’s obviously not an ideal solution. You have to take a risk and be joined to the Internet and everything that comes with it.
If you are connected to the Internet, there is no 100 percent failsafe protection you can implement to prevent electronic damage or theft. This may not be what you wanted to hear, but it is the reality.
What you are faced with is how to minimize your risk. To do this, you have to be aware of the likelihood of the risk and the impact on your business. Most business owners’ best use of time is not evaluating electronic threats to their business. Instead, hiring and vetting a subject-matter expert is far more productive.
Just like you would pay a lawyer for legal matters, you want to hire professionals to manage your IT (and it’s frequently less expensive to outsource). An expert should focus first on the most likely bad things that could happen that have the worst impact to a business. Sometimes these are also the easiest to fix.
Based on compromises currently occurring in the media, Weston has found the following to be the biggest risk areas to many businesses’ electronic data:
- No electronic controls or policies in place around each person having access to only what they need to for their job role
- Lack of enforcing good password strength and rotation policies
- Lack of a multi-factor authentication (MFA) to identify someone is who they say they are when accessing company resources (which according to Microsoft, will stop over 99 percent of all email breaches)
- Lack of keeping software up to date
- Lack of filtering of dangerous emails
- Lack of training company team members on what “good” and “bad” looks like for email and web
- Lack of blocking access to dangerous websites
- Lack of controls which results in anyone being able to install any software
- Lack of separating “public” and “confidential” wireless networks
- Lack of ensuring anything added to their electronic environment is properly configured and does not introduce a security risk
Having an MSP on your side, they should properly monitor and take care of issues like these that will put your business at risk.
But your MSP also has other clients whose networks they access. Some of the compromises in the media today come from the bad guys figuring out that by compromising an MSP, they can also then have a way into many other companies’ networks. How an MSP protects itself is important to minimize risk to itself but also to its clients.
When you discuss partnering with an MSP, you’ll want to talk to them about their security practices and ask them about how they secure access to their clients’ networks. Do they require MFA? Do they have outside security audits and monitoring? Do they have role-based access restrictions? What is their incident response plan? How is their team tested and trained? How often are those security best practices policies and training plans updated?
While there is no way to 100 percent eliminate risk and still be on the Internet today, there are practical items that can be implemented to best minimize the risk. Partnering with a security-conscious MSP like Weston will allow you to implement these best practices and let you to focus on running your business.
Brock McFarlane is the CEO and Founder at Weston Technology Solutions. Weston Technology Solutions has been serving the Pacific Northwest since 1994, providing people-friendly managed IT services to small and medium-sized businesses with offices in Bend, Anchorage and Spokane.
weston-tech.com • bmcfarlane@weston-tech.com • 541-383-2340
