Who is Watching the Watchers?

Who is Watching the Watchers?

Posted on Nov 18, 2016

You hire a managed network services firm to watch your network and protect your business. But who is watching the watchers?

It Can Happen

Sadly, many IT firms have lots of power but very little accountability. And most of the time, nothing goes wrong. But when it does, it goes very wrong. A rogue or careless engineer can edit scripts that erase data, damage important applications, or bring your business to a screeching halt.

And It Did

Recently we became aware of another managed network services provider who had such an issue. A disgruntled employee edited a script that caused all of the customer’s computers to be compromised. Needless to say, this was a major hassle and costly disruption to the entire business. But it could have been avoided with some due diligence when selecting a provider.

What to Watch For

To protect your business, here are questions you should ask of your IT service provider:

  1. Do you provide 50-state background checks on all employees?
  2. Do you provide reports on all actions engineers take when servicing our account?
  3. Do you provide easy access to recordings of every phone call regarding our network issues?
  4. Do you require manager approval for changes to scripts on our network?
  5. Do you patch third-party applications, including Internet of Things (IOT) devices, as part of your normal process?
  6. Do you require a non-disclosure agreement (NDA) that covers all employees, ties into our own NDAs, and survives even after an employee leaves?
  7. Do you have adequate insurance to cover an employee accidentally erasing our data or disrupting our business?

Doing Our Part

MNS Group is different from other providers in that we go above and beyond the requirements to protect our customers from preventable disasters. Here are some of the steps we take.

  1. We do a 50-state background check on all of our employees.
  2. Every action our engineers take is tracked, and this report is available to our customers. Our audit trail allows us to reverse any actions taken in case something goes wrong.
  3. We record each service call and make those recordings available to our customers.
  4. Our employees sign NDAs that are tied to customer agreements and do not expire if an employee leaves.
  5. We abide by the same best practices that we recommend for clients, including regular password changes and complex password requirements.
  6. Our client passwords are encrypted so our engineers never see the passwords when they use them.
  7. Our managers must approve all script changes, adding a layer of protection against human error.
  8. We operate under the principles of ITIL v3.
  9. We voluntarily submit ourselves to a third party audit for our security, just like banks and financial services firms (see AICPA SOC).

Peace of Mind

There is no silver bullet for avoiding human error or malicious intent, but we go above and beyond the typical IT service provider to ensure that our clients are covered.
If you have any questions about how a managed network service provider should be protecting your business, please contact us.