Insider Cybersecurity

5 Reasons You Shouldn't Trust Your Cyber Defense to Your IT Vendor or Service Provider

Many small and medium-sized businesses utilize IT vendors and service providers to help them with their technology needs. But a business's cyber defense should not be left solely in the hands of these types of firms.
Next Article
Entrepreneur Leadership Network Writer
Principal Cybersecurity Consultant
home
5 min read
Opinions expressed by Entrepreneur contributors are their own.

Let me preface this article by saying that I mean no disrespect to IT vendors or managed-service providers (MSPs). For many organizations, these firms are a huge help, economically feasible and do help businesses figure out technical solutions to their problems. In addition to your traditional IT services, many IT vendors or service providers provide basic security services as part of their normal engagement with customers. Many may even offer a separate, more comprehensive security offering for an increased cost.

But if you do use one of these services for your business, consider getting another set of eyes to examine your cyber defenses. Below are five reasons not to fully trust your cyber defenses to an IT vendor or MSP.

1. Tools are a double-edged sword

Behind every good cybersecurity defense is a toolset to make it happen: antivirus, data protection, email defense, backups and more. Often, IT vendors and MSPs tend to use the same tools across many clients because it’s what they know and are used to. Unfortunately, if the tools they regularly use aren’t that great, then as a client of theirs, you suffer the consequences. This is especially true if you are purchasing licenses for these security tools directly from the IT vendor or MSP. If they stand to make money by selling you a product, then they aren't really putting your best interests first in selecting the best possible tool. Tools are also a double-edged sword because on one hand they are supposed to help your business, but on the other, solely relying on them for your defense would be a huge mistake. There is much more to a good cyber defense than simply installing some tools and hoping for the best. 

Related: 4 Major Cybersecurity Risks of Working From Home

2. Security can become an afterthought

I might be generalizing a bit with this one, however, in my opinion, IT vendors and MSPs tend to be focused mostly on technology stability, performance, ease of use and cost savings. Even though there is a place for all those things, security becomes an afterthought or something to be “bolted on” later. In the current digital environment, security should be at the center of technology with all of the above items built around it. Since general IT vendors and MSPs are not security consultants or dedicated security professionals, their mindset will never be equal to that of somebody who focuses solely on cyber defense. 

3. They generally have a security "recipe"

The ultimate goal of any cybersecurity effort is to lower the risk of becoming a victim of a cyber attack. No amount of effort will ever reduce the risk to zero, but managing the risk and mitigating it where we can is definitely doable. In my experience, IT vendors and MSPs do not approach cyber defense from a risk perspective. They generally have a security “recipe” to provide you by way of the tools they deploy, as mentioned above. Install these tools and you’re now done with “doing security.” It doesn’t really work that way, unfortunately. Each business is different and often requires a custom effort to adequately address cyber risk. Worth mentioning in this category is the importance of reducing your risk to ransomware and destructive malware. Not all preventative tools and measures are created equally when dealing with these threats, so don’t cut corners and simply go with what your IT vendor has offered you. 

Related: The One Cybersecurity Risk You're Probably Not Even Thinking About

4. Many lack the necessary experience

The truth is that attackers have gotten more sophisticated over the years, especially in areas such as phishing and business-email compromise. Nigerian prince scam emails that are easy to spot are not the only nefarious emails your business may encounter. Many IT vendors and MSPs simply lack the experience and expertise to adequately shore up a business's cyber defenses. It’s not that they aren’t good at what they do, or that they are lacking in other technology-delivery areas; it’s just that security is often not their focus or prime objective. 

5. Everyone has bias

This is the old saying, “Don’t put all your eggs in one basket.” Of course, MSPs and vendors will tell you their security solutions are the best. Maybe they use “military-grade encryption” or “artificial intelligence,” or pepper their marketing material with “best in class” or other snazzy buzzwords. Okay, if that is the case, then it should pass a third-party review with flying colors. Everyone has bias (including me, of course), but gathering an independent second or third opinion is a prudent move given what is on the line if your cyber defenses fail. 

Related: 13 Cognitive Biases That Really Screw Things Up For You

There is definitely a place for MSPs and IT vendors in your overall technology strategy, especially if you don’t have a robust internal team to take care of tech problems for you. With or without an internal team, it’s always a wise decision to seek third-party counsel for a reality check and an independent peek at your cyber defenses. 

loading...
More from Entrepreneur
Learn More: Franchise Advisors
Our Franchise Advisors are here to help you throughout the entire process of building your franchise organization!
  1. Schedule a FREE one-on-one session with a Franchise Advisor
  2. Choose one of our programs that matches your needs, budget, and timeline
  3. Launch your new franchise organization
Learn More
Take Our Quick Quiz
Discover the franchise that’s right for you by answering some quick questions about
  • Which industry you’re interested in
  • Why you want to buy a franchise
  • What your financial needs are
  • Where you’re located
  • And more
Find Your Franchise Match
Go to Biz Planning Plus
Try a risk-free trial of Entrepreneur’s BIZ PLANNING PLUS powered by LivePlan for 60 days:
  • Get step-by-step guidance for writing your plan
  • Gain inspiration from 500+ sample plans
  • Utilize business and legal templates
  • And much more
Start My Plan
Related Books
Ultimate Guide to Google Adwords

Ultimate Guide to Google Adwords

Buy From
Ultimate Guide to Pay-Per-Click Advertising

Ultimate Guide to Pay-Per-Click Advertising

Buy From
Ultimate Guide to Optimizing Your Website

Ultimate Guide to Optimizing Your Website

Buy From
Ultimate Guide to Link Building

Ultimate Guide to Link Building

Buy From
Million Dollar Web Presence

Million Dollar Web Presence

Buy From
Outcome-Based Marketing: New Rules for Marketing on the Web

Outcome-Based Marketing: New Rules for Marketing on the Web

Buy From

Latest on Entrepreneur

Cybersecurity

Nephilim: the hacker group that threatens the wealthiest

Cybersecurity

Putting Off Cybersecurity Is Putting You at Much Bigger Risk Than You Realize

Cybersecurity

WhatsApp wants to earn your trust with a new campaign