When you entrust your IT to a service provider, you hope that company will be as devoted to protecting your company as you are. A good Managed IT Services company is going to do everything possible to ensure that your assets are secure and your company is well cared for. Ideally, this happens on a deeper level than just “I scratch your back, you scratch mine,” where your IT Managed Services Provider believes in your business and understands the crucial systems needed to make it succeed. It’s a partnership...
And that means telling you when something goes wrong.
Trust is vital in any relationship, and your IT provider’s role in your partnership is at its most critical when something goes awry.
There are rare occasions when the Managed Services Provider you’ve entrusted to protect your company experiences a breach of their own – be it through a trusted vendor they’ve given access to your systems, new ransomware that breaks through top-of-the-line security protocol, or other types of security threats. It’s a big deal. We get it, and we take these situations as seriously as if our own business depended on it...because it does.
Unfortunately, there are some providers, or even in-house IT managers, who fail to see the long-term implications of a breach. In fact, there are many who don’t even alert their customers about these breaches, leaving them completely in the dark. And beware of any IT provider who promises these types of breaches won’t happen – even the most heavily protected organizations are still at some level of risk.
Are you confident that your IT provider is a true partner and would disclose breaches to you?
Here are the things that your MSP SHOULD be doing in the event that something goes wrong:
They should alert you. This should go without saying, but there are some managed service providers who try to keep incidents like this on the down-low to protect themselves. They should obviously tell you about the attack and, in their alert, they should let you know the nature of the attack, what was potentially exposed and what dangers could still lie ahead.
End the attack. Your MSP should end the attack and close the vulnerability that was exploited, if possible. As your partner, your IT provider should know what needs to be done to stop the attack and they should tell you what they are going to do to fix the problem.
Monitor all systems. The hack isn’t over when it’s over. Your IT provider should be monitoring your systems to detect any nefarious activities, uploads and downloads that are out of place, etc.
Give you a full disclosure. There are some IT providers who either don’t realize the full implication of the attack or don’t have your back enough to tell you what was breached and exposed. You might have had customer bank routing numbers stolen or passwords to proprietary systems hacked and not knowing that is not good.
Assist you with compliance concerns. Leaving you in the dark could have disastrous consequences if you’re required to report privacy or data breaches for regulatory reasons. Beyond telling you about the incident, hopefully your IT partner will work with you to help you address whatever comes next for your company – whether that is notifying the clients, government agencies or other regulatory officials.
Scrutinize the responsible party. Finally, your IT provider should put your security above their own bottom line. In some cases, that means finding out who was responsible for the breach and determining if their staff member or preferred vendor handled it properly. That might mean firing someone, breaking a vendor contract or adding additional software to protect you.
Your IT provider should be trustworthy and empathetic to your business. As your partner, they should respect a situation that’s bad for you and be upfront and honest about it while working to resolve the problem. If you’re not sure how your own IT provider would handle an incident, it might be time to ask them.
Is your IT provider a trustworthy partner in protecting your business? Contact Qoverage at 972-352-3091.