Tag: managed service providers

We’re mapping the nonprofit cybersecurity landscape—and we need your help.

NTEN, in partnership with Microsoft, has produced the first State of Nonprofit Cybersecurity Survey, which asks nonprofits what steps they’re taking to protect their organizations and clients.

Your answers to these questions will help us understand:

  • the policies and procedures your nonprofit has for who and how people can access your systems,
  • to what extent nonprofits are using technology to protect their systems,
  • what kind of training is offered to nonprofit staff, and
  • how the way nonprofits operate contributes to cybersecurity vulnerabilities.

Your contributions will be anonymized and used in aggregate to produce this landmark report, to be released this fall. Organizations like NTEN will use this data to inform their training and support programs, so we can help the sector better protect its systems and the data our clients have entrusted us with.

And you don’t have to be technology staff to take the survey! If your organization doesn’t have an IT team, we still want to hear from you.

The survey will take about 10 minutes to complete, and participants can elect to enter to win a registration to the Nonprofit Technology Conference or an NTEN course of their choice.

Take the survey today.

 

Using managed IT services can be great for nonprofits small and large, but it does come with some risks. It is important to understand some common pitfalls when using managed IT service providers (MSPs) and to ensure you have the proper systems in place to avoid those pitfalls. Here are some of the more common issues I have seen in my 20-year career in IT.

You’re not getting what you paid for

Are you paying for services you are not receiving? Is the managed service provider actually doing what they have agreed to do for your organization? Often an organization will only pay attention to something if they see a problem. They do not always ensure they are protected from a problem occurring.

As the customer, you are entitled to a monthly log of work done. You should see items like: patches/updates applied to computers/servers, firmware upgraded on network equipment and important backups verified. Whatever services you’re paying for, make sure you are receiving them.

You can’t access your own documentation

Lack of documentation can be costly to an organization. What is your access to your computer and network documentation? I highly recommended and encourage you to insist on access to all of your company’s documentation at an alternate location other than your MSP’s servers.

Dependency on a provider should be handled the same way you would with an employee: have a plan. All of the information you need should be available if for any reason someone or some company must take over the role in your organization.

You’re relying on just one opinion

Are you being sold the solution that works best for the managed services provider or the one best for your organization? Regardless of whether or not you have an MSP you should always get three proposals for any solution you require. Many times the one that your MSP provides is the right fit, but it is important to know it is. By actually bidding out any project or product you need, you do not just get price and feature comparisons but a greater understanding of features.

Having different recommendations can lead you to the best overall solution for your organization. Use the information to ensure that what you need is part of the solution you receive. This also ensures that those you contract to work for you are always putting their best foot forward.

You’re not seeking out specialists when needed

Managed IT service providers are experts in support but they are not experts in all forms of IT. If you look at functions beyond basic network and computer support, it is important to draw on MSPs that specialize. Some of the common instances when you should work with other vendors are cybersecurity, phone systems, and wireless.

It is your right to bring in an expert. If you see a problem, have your MSP work with that partner to make sure you’re truly getting the right equipment and configuration for your network.

You’re not asking enough questions

As with most things in life, if you do not ask for something, you won’t get it. For example, disaster recovery plans must be discussed. MSPs will sell you backup solutions, but you also need to know: How do you recover your systems? What is the plan?

It is important for every organization to evaluate what software and hardware they are using from time to time to ensure that they have what they actually need. Many MSPs will order and replace whatever you tell them. They will not set up a recommended plan of action for you every year unless you ask for it.

For example, “You will have X number of machines that will need to be replaced in a year, you will need to think about upgrading your infrastructure, and here is a phased approach or this is what we need to do to replace.”

MSPs can help you with issues if you report your network is slow but do they make recommendations to prevent your network from getting slow? You should engage your provider for assistance in developing your IT plans if you do not have the staff on site. Use your MSP to ensure that audits occur on hardware and software, keeping them in a proper cycle and verifying their utilization.


Many of these issues are simple to avoid. Do your due diligence, get competitive quotes and compare other managed service providers every few years.

Beyond that, help protect yourself by looking for an independent IT professional. Many consultants and contractors available are not managed IT service providers but can be contracted to review your network and computer systems. Auditors are used frequently to independently verify your accounting and it should be no different for your IT department.

Embrace IT but ensure you are getting your money’s worth.