When you’re selecting a managed IT service provider, security should always be a major focus. But how can you tell if an MSP has the knowledge and expertise you need?
By knowing and asking the right questions, you can ensure your potential MSP speaks fluent security before you’re locked into a contract. Here are four critical security questions to ask before signup, as well as what our service team members think the answers should be:
Q: What is IT security?
A: IT security, sometimes called computer security, is the protection of your system’s hardware, software or information. Typically, a multi-layered computer security approach is best to protect against theft, damage and any harm that may come via network access, code injection and malpractice by operators. Components such as antivirus software, multi-factor authentication and encryption are critical to any business looking to prolong its ability to prevent intrusions from harmful sources.
When you work remotely, the virtual private network (VPN) connection created between your computer and your company’s onsite server should adhere to specific policies for secure communication over a private network. You should also think about establishing companywide policies on password security, email phishing and disaster recovery.
Q: How do you manage backups?
A: “Backing up” refers to the process of copying and archiving computer data for restorative use after a data loss event. Data should always be backed up locally (for quickest access to archived data) and also replicated offsite in case something happens to your physical location.
Offsite backups are critical for continuity, so they should be validated, checked for consistency and run throughout the day to capture multiple revisions of a single file. After all, backups run only at night won’t be useful if disaster strikes toward the end of the workday. It’s also critical to verify that your MSP uses AES (Advanced Encryption Standard) and a minimum key length of 128 bits.
Q: What is disaster recovery?
A: Disaster recovery is an area of security planning that aims to protect an organization from the effects of a significant negative event. Similarly, a disaster recovery plan allows an organization to maintain or quickly resume continuity following a disaster, and the quality of this plan can dictate whether your business is down for a few hours or an entire week. Before choosing a provider, you should conduct an internal assessment to determine your unique disaster recovery needs.
For instance, your building may be physically secure, but how quickly can you recover after a major virus incident? Being prepared for the worst is a security best practice, so your IT provider should work with you to create and regularly update a robust continuity plan.
Q: What is compliance?
A: Compliance involves becoming and staying observant of established guidelines or specifications pertaining to your industry. Companies in the healthcare, legal and financial sectors are especially concerned about compliance as they handle a lot of sensitive data. That said, ensuring compliance should be a huge business concern regardless of your industry, as companies are expected to fully understand and observe regulatory compliance requirements.
With this in mind, your MSP should either be fluent in governmental compliance itself or able to connect you with knowledgeable advisors. This will help your company save money in the long run by protecting your data, business and brand.
Knowing how to talk to your existing or prospective MSP about security will help you make the right decision for your business. While this isn’t an exhaustive list of questions, it will put you on the path toward making a secure choice.
Nico Trujillo, Systems Administrator I
The purpose of this blog is to answer the questions you ask! For more information on security, please feel free to contact us. You can also head over to our resources page for more information about managed services, security and more!
