Posted by Amanda at Varay on Oct 6, 2020 10:30:00 AM

Crisis brings out the best in some and the worst in others. But don’t take our word for it! Take Derek’s. 

From the beginning of our current COVID-19 crisis, Derek’s been fortunate to work for a company that’s persevered in adjusting their operations from in-person to remote. He’s been able to keep working and providing for his family because his team has worked hard, worked well, and worked together

Unfortunately, Derek’s also been the victim of a cyberattack that breached the security of his bank account without his knowledge. During an incredibly busy workday, he received an email from his bank warning him that his login credentials had been compromised and his password needed to be changed immediately. After clicking the link to reset his password, he thought a major crisis had been narrowly avoided. In reality, he was the oblivious victim of an effective phishing attack.  

Sadly, Derek’s not the only target. 

Though you might not have fallen for the same scam that Derek did, cyberattacks of all shapes and sizes are on the rise. In conjunction with the massive rise in online activity for work, social connections, and more, the risks facing computer security have never been greater. 

Here at Varay, we want to be sure you’re protected against the new threats facing you and your company’s computer security. That’s why we’re taking this blog post to analyze the strength of your first line of defense: your Managed IT Service Provider. 

What is an MSP? 

MSP stands for managed service provider, and it’s the company you hire to ensure your IT needs, cybersecurity framework, and technological requirements are maintained and protected. Basically, MSPs exist so you can delegate your company’s IT needs to a team of professionals that can streamline your technology processes and monitor your cybersecurity. 

In theory. 

Let us be clear — we are not here to put down other companies and elevate our own services. Instead, we’re here to bring clarity to traditional MSPs’ roles and how they need to be adapted to become the prepared MSP that your business needs, especially during this time where everyone needs heightened computer security. 

Traditional MSP vs. prepared MSP

First, it’s important to know that these titles of “traditional” vs. “prepared” aren’t official IT terms. They’ve been developed by our team to describe the gap in cybersecurity services we are seeing in the new high-risk computer security environment. With that being said, what’s the difference between a traditional MSP and a prepared MSP? 


Businessman reaching forward and tapping a holographic screen with the letters “MSP,” surrounded by technology icons.  Traditional MSPs all have the capacity to become prepared MSPs, but not all of them are taking the precautions they should be. In the words of our CEO, Patrick Holland, "These are the attributes all MSPs should have, and we know firsthand because we’ve seen how badly our clients need this!"

Here are the key attributes that differentiate traditional MSPs from prepared MSPs, and why you need to ensure your company is in the hands of a prepared managed service provider: 

Proactive vs. reactive

First and foremost, your MSP needs to have a proactive vs. a reactive mindset, especially when it comes to computer security. Too many MSPs only respond to the aftermath of a cybersecurity attack like ransomware or phishing, rather than implementing and monitoring preventative measures. 

 

In this case study Paige Fox of Fox Auto Group provided for Varay, she mentioned that our proactive approach was key in streamlining IT processes and strengthening their cybersecurity. So, when looking for an MSP, or analyzing the strength of your current MSP, be sure to ask questions that give you insight into their proactive vs. reactive mindset. 

 

Here are some questions we recommend asking current or prospective MSPs:  

  • What areas of our IT and cybersecurity processes need to be updated? Why? 
  • Where is the first place we should start improving our IT and cybersecurity processes?
  • What is your end goal for where our IT and cybersecurity processes should be in the next year? 

NIST Framework

An additional tool that gives you insight into an MSP’s proactive vs. reactive mindset is the NIST Cybersecurity Framework: 

Picture of the NIST framework with the following five columns: Identify (blue), Protect (purple), Detect (yellow), Respond (red), and Recover (green).

Image from nist.gov

 

The NIST framework is a method of mitigating computer security threats as much as possible and recovering from them in a way that strengthens your cybersecurity for the future. 

Ask any MSPs you’re considering about their use of the NIST Cybersecurity Framework or the alternative methods they use to mitigate computer security vulnerabilities. 

Adaptability: 

Did you know that more people are susceptible to computer security breaches during the holidays? Though that may come as a surprise to you, it shouldn’t be surprising to your MSP. 

During the holidays, most companies and individuals are winding down when it comes to work, but increasing their leisure or personal online activity. This leads to an increase in the usage of personal (and typically less secure) devices while online, which increases the opportunities for a computer security breach. In addition, the frequency of phishing scams tend to increase during the holidays, often in the form of emails such as, It’s time to update your password, Make sure your Amazon account password is accessible for the holidays, etc.

This is just one example of a computer security threat that a prepared MSP will know about (and constantly look for). They will be able to adapt your cybersecurity framework accordingly. Ask your current or proposed MSP what computer threats are on the rise and how your company can stay safe. 

We know that this can be an overwhelming process, but assessing the strength of your managed service provider is key to an effective computer security strategy. If you're overwhelmed with reviewing cybersecurity, book a free cybersecurity analysis for your company here to address your cyber vulnerabilities.

Topics: security, phishing, ransomware, cybersecurity, business insights, disaster recovery & business continuity