4 Assumptions You Need to Stop Making About your MSP & IT

It’s easy to assume that if you have an MSP or IT provider, then all of your technology needs are covered. Actually – it’s easy to assume a lot of things when it comes to your technology. However, not all Managed Service Providers are the same. Neither is the service you receive. It’s crucial to be aware of the risky assumptions you may be making about your MSP, and why it’s so important to know the truth behind your information technology. Get started below.

FFIT 4 assumptions it MSP

Let's Get Started

The four main assumptions you need to stop making about your MSP and technology are the most common ones we’ve experienced recently in our 25 years in the IT industry. Small business owners across a variety of industries have been unaware of the truth behind their IT support and needs. That’s why we’re sharing our discoveries with you, in the hopes that you can work towards keeping your company protected from cyber-attacks.

Explore each assumption by clicking the boxes to the right, or by scrolling down.

My MSP will Protect my Company from Cyber-Attacks

The truth: not all MSPs are focused on cybersecurity, but they won’t tell you that. If you have a team managing your emails, IT infrastructure, and technology, it’s easy to assume that the security of all these moving pieces must be included. In reality, few MSPs have team members focused on keeping you protected.

Additionally, there will always be gaps in your company’s security. One of the easiest ways for attackers to infiltrate your systems is through your employees. In fact, 95% of breaches are caused by human error (Cybint). These social engineering attacks specifically target your people through a variety of methods, all focused on infiltrating your system. At the end of the day, your MSP can’t stop every employee from clicking malicious links in emails or downloading malware. However, a trusted MSP partner will offer routine employee cybersecurity training to minimize the risk of such an event.



If my Company is Breached, my MSP will Handle Everything

The truth: in the unfortunate event of a cyber breach, you and your MSP must work together to save your business. You cannot expect them to wave a magic wand and fix everything overnight. In fact, a qualified MSP should work with you to create an incident response plan that outlines what will happen before a breach ever occurs. This ensures both parties understand their roles during such a lengthy and stressful event. The more prepared you are in the event of a cyber breach, the more likely your business is to survive. This is vital given that 60% of SMBs that fall victim to an attack will close within six months (National Cyber Security Alliance).

Your MSP will not be responsible for insurance, pay a ransom, and contacting required authorities – that falls on your shoulders. However, your IT provider shouldn't be radio-silent during a breach either. Like any good partner, there should be consistent communication and support for your team. That's what separates an IT partner from a vendor.

Have Questions About Your Service?

Our team of trained experts is ready to answer any questions about your current or future MSP needs.

My Company isn’t a Target for Cyber-Attacks

The truth: your company is the prime target for a cyber-attack. Why? Because your guard is already down with this mindset. It’s not a matter of if you’ll be attacked, it’s a matter of when. Hackers and online attackers are highly intelligent individuals looking for easy money (and data). Small businesses are prime targets due to minimal security, which means easy access.

Sure, you may not think you have anything valuable to hackers, but every piece of private information is a golden nugget to them. They can sell it on the internet for profit, or lock you out of systems to gain even more profit via ransoms. Either way, they know how to play the game, and it's your money at stake. The harsh reality is that a breach costs small and medium businesses a staggering $200,000 on average (Hiscox).

My MSP is Regularly Audited by a Third-Party

The truth: there is no set of standards an MSP is required to meet in order to be called an MSP. In other industries, this is absolutely not the case – lawyers must pass the bar exam, and CPAs must pass CPA examinations. These requirements are in place because of the complexity and importance of the information both industries are in charge of. That’s why it comes as a shock to many small businesses that their MSP has no set of practiced standards.

The good news is that there are voluntary audits MSPs can complete in order to show their dedication to providing quality service. One of the top attestations is the AICPA’s SOC 2 Type II audit, which actively reviews an MSP's practices and procedures to ensure they are following rigorous levels of security and privacy standards. Because of the high standards, the SOC 2 Type II audit requires, few MSPs have successfully completed it. We’re proud to say we are one of the only Portland MSPs to be SOC 2 Type II compliant (for two years in a row!).


While technology is constantly changing, one thing has been made clear in the last year – cybersecurity must be a part of IT. Cyber-attacks and breaches are increasing in frequency and magnitude, with no end in sight. If your MSP isn't prioritizing cybersecurity, it's time to find one that does.

Fixed Fee IT is an MSP with a people-first security mindset. Our team follows strict processes and procedures to ensure your compliance, as well as provide regular security training and content for your employees (plus much, much more). We partner with you to maintain a culture of cyber-security within your company, which in turn helps keep you protected.

Ready to Upgrade Your IT Team?

You deserve an IT partner that you can trust. Fixed Fee IT is one of the only SOC 2 Type II compliant MSPs in Portland, with over 25 years of experience helping small businesses stay protected.

Stay Updated on the Latest Security Tips

© 2021 Fixed Fee IT • Privacy Policy Site by Daylight