Video Suggestion : How to evaluate an MSP

I was watching your recent video on the Sodinokibi ransomware hitting dental practices through a common IT provider.

In that video you touched on how hard it is for an SMB to properly evaluate IT service providers. What would be good questions to ask of prospective MSPs? How do you properly evaluate their responses? You mentioned asking about 2FA in the video but I was wondering if there were others you might share.

When you’re discussing your own service with prospective new clients, what questions do they ask you that make you think, ok these folks are on the right track?

Thanks for the great channel. I really enjoy watching your videos!

Unfortunately the client rarely asks security questions, they just assume because you are there pitching them to use your services that you know what you are doing. The second problem is that frequently IT sales people may not be forthcoming about how things are handled in their office. They may claim that an audit was done and everyone has 2FA, but that is not something easy for a client to find out.


Talking to other clients of theirs is probably at the top of the list. They can tell you they are responsive, but what do their clients think? Do they handle other clients with the same complexity of your network? Do they offer a true all you can eat at a flat rate - or do they charge extra for drive time and onsite time? Are they proactive?

I’d just go with references from their clients, but tbh if a client is not it savvy and have had no issues they will probably recommend them.

Ring their provider yourself and ask questions, easy enough to setup a fake domain/company and ask for a quote and what they do. We do this regurarly to “check out” competiton, just ask :slight_smile:

That does not play out in the real world. I will cite the PercSoft Dental MSP as a case study. There are 400 dental offices that are very aware now, but how would they have known that he did not have his remote access tools secured before they signed up?

1 Like

I was only looking at the title and missed the part about evaluating their security. I know what questions I would ask, but I don’t know how a non IT business owner could ask the right questions and understand the responses.