I’m Staring at a Feature List from an MSP. What Features Do I Really Need?

Article

As a small business owner, you’re likely juggling multiple responsibilities every day. One of your key concerns is keeping your business safe from cyber threats. You’ve probably heard about Managed Service Providers (MSPs) or Managed Security Service Providers (MSSPs) and the myriad of features they offer. But staring at a long list of technical jargon can be overwhelming. You might be asking yourself, “Which features do I really need to protect my business?” This article aims to demystify the most critical features you need from an MSP, focusing first on what the cyber insurance industry calls “The Big 5 of Cybersecurity” and then by looking at Goal Alignment.  Do your business goals and the goals of your MSP match up, or are they opposed?

* To keep things simple for the rest of this article, I’ll use “MSP” to reference both MSPs and MSSPs.

Understanding Managed Service Providers (MSPs)

What is an MSP?

An MSP is a company that manages a customer’s IT infrastructure, end-user systems, and some (or all) aspects of its security. Small businesses often lack the resources to maintain a robust IT department, making MSPs an attractive solution. Just like how most small businesses pay for the services of a CPA to handle corporates taxes, they also pay for an MSP to handle IT needs. MSPs offer a variety of services, from network management to cybersecurity, ensuring that your business runs smoothly and securely.

Common Services Offered by MSPs to Small Businesses

MSPs offer a wide range of services tailored to the needs of small businesses, including:

  • 24/7 monitoring and support
  • Network management and security
  • Data backup and disaster recovery
  • Email security and management
  • Endpoint protection
  • IT consulting and strategy planning
  • Troubleshooting labor
  • Project labor

The Big 5 of Cybersecurity

Overview of the Big 5

According to the cyber insurance industry, the five most critical security safeguards that every business should implement are:

  1. Immutable Backups
  2. Monitored Multi-Factor Authentication (MFA)
  3. Managed Endpoint Detection and Response (Managed EDR) also called Managed Detection and Response (MDR)
  4. Secured Email with Simulated Phishing Attacks
  5. Wire Transfer Safeguards

These 5 safeguards are essential because they address the most common and severe types of cyber threats that businesses face today.

Why These Safeguards are Essential for Small Businesses

Small businesses are prime targets for cybercriminals because they often have weaker security defenses compared to larger organizations. Implementing these five safeguards can significantly reduce the risk of a cyberattack and help ensure the survival of your business.

Feature Comparison: Common MSP Offerings vs. The Big 5

Immutable Backups

  • Definition and Importance: Immutable backups are data backups that cannot be altered or deleted. This means that even if your primary data is compromised by ransomware, you can restore it from an immutable backup. This safeguard is crucial for ensuring business continuity after an attack.
  • How to Ensure Your MSP Provides This Feature: Ask your MSP if they offer immutable backups and verify the frequency and retention period of these backups. Ensure they are stored offsite to protect against physical disasters.  Neither you nor any member of your team should have access to these backups. If you are able to log in somewhere and can turn off or delete your backups, then they are not immutable.

Monitored Multi-Factor Authentication (MFA)

  • Definition and Importance: MFA requires users to provide two or more verification factors to gain access to a resource such as an application or online account. Monitoring MFA involves actively checking that this service is not turned off or somehow bypassed.
  • How to Ensure Your MSP Provides This Feature: Confirm that your MSP offers MFA for all critical systems and actively monitors this security safeguard. Can MFA be enforced so that users are unable to disable it? If not, how does your MSP monitor MFA so that it’s not disabled without their knowledge.

Managed Endpoint Detection and Response (EDR) / Managed Detection and Response (MDR)

  • Definition and Importance: EDR/MDR solutions continuously monitor endpoint devices (like laptops and servers) for signs of malicious activity and provide tools to respond to these threats quickly. Managed services ensure that experts are always watching for potential issues.
  • How to Ensure Your MSP Provides This Feature: Verify that your MSP offers EDR/MDR solutions and that they include real-time monitoring and incident response. Ask about their response times and the expertise of their security team.  Some MSSPs (like us!) offer 24/7/365 Security Operation Center (SOC) MDR.  This means real people, who are security professionals, monitor your company MDR installs constantly.  (It’s really great! 😉👍)

Secured Email with Simulated Phishing Attacks

  • Definition and Importance: Email security solutions protect against phishing, malware, and other email-borne threats. Simulated phishing attacks help train employees to recognize and avoid phishing attempts.
  • How to Ensure Your MSP Provides This Feature: Ensure your MSP includes robust email security measures and regular simulated phishing tests. These simulations should be realistic and varied to effectively educate employees.

Wire Transfer Safeguards

  • Definition and Importance: Wire transfer safeguards protect against financial fraud, particularly from Business Email Compromise scams where attackers trick employees into transferring money to fraudulent accounts.
  • How to Ensure Your MSP Provides This Feature: Ask your bank about the security measures they have in place for wire transfers, including multi-person approval processes and verification of transfer details via secure channels. While this isn’t something that your MSP will handle for you, it’s important enough to be on this list of only 5 safeguards.

Goal Alignment: Ensuring Mutual Success with Your MSP

When selecting an MSP, it’s crucial to consider how their goals align with your business’s objectives. A common pitfall is choosing a service model that incentivizes the MSP to profit when things go wrong, leading to a misalignment of goals.

Goal Misalignment with Break-Fix Models

In a traditional break-fix model, MSPs make money by fixing problems as they arise. While this might seem straightforward, it creates a scenario where the MSP benefits financially when your business encounters IT issues. This misalignment means that your MSP’s ethical goals conflict with their financial goals.  Essentially, the MSP’s financial incentives are tied to your business experiencing technical difficulties, which is counterproductive to maintaining smooth operations.

Goal Alignment with Flat-Fee Models

On the other hand, a flat-fee or managed services model aligns the goals of the MSP with those of your business. In this model, the MSP charges a fixed monthly fee for their services, covering everything from routine maintenance to emergency repairs and, in some cases, even the cost of project labor & malware remediation (like in our plans! 😉). This setup incentivizes the MSP to ensure that your IT systems run smoothly and efficiently, as they do not gain additional revenue from fixing problems. When your business operates without technical issues, the MSP can allocate resources more effectively, reducing their costs and increasing their profitability. This alignment of goals fosters a proactive approach to IT management, focusing on prevention rather than just reaction.  Also, whenever you, the business owner or CEO, sees the tech guy working hard for your company, you never have to wonder if they are burning time.  Instead, you know they are doing all they can to make sure problems never return.

The Benefits of Goal Alignment

When the goals of your business and your MSP are aligned:

  • Proactive IT Management: The MSP is motivated to prevent problems before they occur, leading to fewer disruptions and more stable IT operations.
  • Improved Response Times: Since the MSP benefits from your systems running smoothly, they are more likely to invest in quick and efficient solutions to any issues that arise.
  • Cost Predictability: A flat-fee model allows for predictable IT expenses, making budgeting easier and reducing unexpected costs.
  • Mutual Success: Both your business and the MSP thrive when your IT systems are stable and efficient, creating a partnership focused on mutual success.

By choosing an MSP with aligned goals, you greatly increase the chances for a collaborative relationship that prioritizes the long-term health and efficiency of your IT infrastructure & Security. This alignment not only enhances the performance of your business but also fosters a more reliable and supportive IT environment.

In summary, when evaluating MSPs, consider their pricing models and how these models influence their incentives.

Making an Informed Decision

Key Questions to Ask Your MSP

  1. Do you offer immutable backups? How often are they updated, and where are they stored?
  2. What kind of MFA do you provide, and how do you make sure it’s working?
  3. Can you describe your EDR/MDR services and your response protocol in the event of an incident?
  4. How do you ensure email security, and do you provide regular phishing simulations?
  5. How do you charge when someone in my company has an issue?  How about to train one of my employees?  How do you bill for projects and emergencies?

** And for your bank: What safeguards do you have in place for wire transfers, and how do you verify the legitimacy of transactions?

Evaluating MSPs Based on the Big 5

When evaluating potential MSPs, use the Big 5 as a checklist to ensure they offer these essential features. Also, do they profit when your business is quiet, or in technical chaos. Finally, consider their experience, reputation, and customer reviews to gauge their reliability and effectiveness.  If they have plans that hit the Big 5 and they align with your goals and ALSO their techs are loved and respected by the references you called and reviews you read, then you hit the MSP goldmine! 💯

Conclusion

In conclusion, while MSPs offer a wide range of features, not all of them are equally important. Focusing on the Big 5 of cybersecurity and on goal alignment can help ensure that your small business is runs safely and reliably. By asking the right questions and making informed decisions, you can choose an MSP that is not just “another vendor”, but a business partner that you trust and love.