The cybersecurity landscape continues to rapidly evolve. Even before the COVID-19 pandemic hit, bad actors were ramping up the sophistication of their attacks by subverting a target’s supply chain to gain access to their ultimate target. A recent Department of Homeland Security alert confirmed that IT service providers (MSPs) are among those in the supply chain that hackers are attempting to penetrate.

Here are 10 questions you should be discussing with your current IT service provider. Remember, your security is a shared responsibility. They should be able to answer these questions and provide you the level of confidence you need to know that your organization is secure.


Are your systems that contain my data protected by two or multi-factor authentication (2FA/MFA such as a login/password plus a code texted to a mobile phone)?


How often do you back me up (how much production data will I lose if something crashes), where are the copies stored and how many copies do you keep (minimally one should be onsite – one should be offsite), how often do you verify the backups happened and how do you verify the backups will work should I need them (backups should be consistently monitored and tested)?


What extra measures do you employ on your perimeter security devices (e.g. firewalls) to keep hackers out (answers should include things like country blocking, intrusion prevention and detection, etc.)


How often do you specifically test and monitor your own internal security? Describe that process and those tools.


Do you have a third-party security company monitoring and reporting on your security or is your security totally DIY?


What security certifications or clearance do your engineers hold? Do you screen for drug/alcohol issues? Do you require mandatory background checks?


Should I require more security services than you provide in order to meet state or federal regulations, what existing relationships have you established with 3rd party testing and/or security providers?


How does your service provider manage their own passwords – password changes, use of generic logins/passwords, use of local administrator password solutions (LAPS), etc. How do you monitor login and/or password compromises from your domain on the dark web? 


What do you use for ongoing email security against malware and phishing attempts? Does this include a consistent training component, so users are reminded of its



Who audits and reports on your company’s adherence security best-practice standards? If an anomaly is found, what is the process for correcting it?


If you’re not fully satisfied with any of the answers your current managed service provider gives you on these questions, you should consider finding a reliable, forward-thinking company to help you keep your business running efficiently and securely. 

With decades of experience and a reliable, talented, and trustworthy team behind what we do, Cynergy Technologies is here to help. Contact us today and see the difference an experienced partner can make!