What should customers of MSPs do?

Australian organisations are responsible for ensuring their IT systems and data are protected, including when it is outsourced to an MSP. Customers of MSPs can take actions to protect your network and data.

MSP customers should contact their MSP to ensure they are doing everything necessary to investigate whether they have been compromised and what effect it has had. To start the conversation, consider asking the following questions:

  1. Have you run the published indicators of compromise and tools against your network and ICT systems?
  2. Has my IT system been compromised? If so:

    1. What specific data and systems are known to be affected?
    2. What was the indication that there was an incident?
    3. Date and time of the incident?
    4. Is the incident ongoing?
    5. What actions is your MSP taking to investigate and remediate?
    6. Has this incident been reported anywhere?

See our fact sheet for additional questions to ask your MSP.

If your customer or employee data has been compromised, we encourage you to advise them. MSP customers may also have legal obligations under the Notifiable Data Breaches Scheme if personally identifiable information has been breached.

The ACSC has published advice for customers of MSPs including strategies you can use to manage your network security when you use a MSP.