Challenges with having baseline 101 level quality IT services
Beware of outsourced help desks
Items to use to assess your IT services provider
The most secure help desk outsourcing is no help desk outsourcing.
There are many ways in which help desk outsourcing can create compliance and security violations.
How Help Desk Outsourcing Undermines Your Security | IT Pro (itprotoday.com)
The user's identity should be validated when they are calling for support. We use a system where end users have support PINs that change and are readable to them and us through a system. That is not the only method of validation.
How should you be investing in equities? You probably are not an industry insider. You probably cannot run a company like the one you are investing in. You don't have tremendous expertise in risk management for that industry. So how are you to make a decision about what company to invest in?
How MSPs are the breach vector for a lot of clients
The BIGGEST issue that creates problems for your business when you utilize any outsourced IT whatsoever is if the service provider's executive management team is not comprised of highly experienced, and highly trained security personnel.
Businesses owned and operated by sales and marketing people usually end up making decisions using the wrong criteria.
Since you cannot do what they do, you have to trust in the management of that company.
Many of these companies have zero ability to assess the efficacy of any security solution or strategy. They use and promote the flavor of the year that they picked up at a conference or that is being talked about in their industry groups and peer accountability groups.
There are tons of IT service providers that say that in order for them to scale, they have to use large help desks of 60 - 200 people or more that end up having administrative access to things in your environment.
Questions for the technology service provider
What type of technology do you use?
Will the same be used to support my company?
How will you manage my current infrastructure?
How will integrations with legacy systems be managed?
Do you use subcontractors?