Skip to content
<span> 3 Questions to Ask Your MSP Before 2026 </span>

December 4, 2025

3 Questions to Ask Your MSP Before 2026

Before 2026, ask your MSP tougher questions about AI-driven attacks, lingering Windows 10 systems, and your first 4 hours in a ransomware incident.

 

December is planning season.

 

Budgets are getting finalized, leadership teams are talking about goals for next year, and somewhere on the agenda there’s a bullet that says “IT / security.”

 

If you’re not deep in the tech every day, it can be hard to know what to ask. Do we talk tools? Projects? Vendors? Acronyms?

 

We’d argue the most important thing you can do before 2026 is simple:

Ask your IT partner better questions.

 

Here are three we hope Milwaukee leaders will put on the table; whether you’re working with us, an internal team, or another MSP.

 

1. “How are you adjusting our security for AI-driven attacks?”

 

In the last few years, the threat landscape has quietly changed:

  • Phishing emails are cleaner and more convincing
  • Fake invoices and payment requests look surprisingly real
  • Deepfake audio and voicemail are starting to show up in fraud attempts

 

Attackers are using AI to write, translate, and customize scams at scale. That means “we turned on MFA once” or “we did a security training last year” is no longer a strategy. It’s a starting point.

 

When you ask this question, listen for answers that sound like:

  • Specific changes in the last 12-18 months
    • Tighter sign-in policies
    • More granular MFA requirements
    • Better monitoring of admin accounts and mailboxes
  • A plan for identity and email, not just the firewall
    • Where they’re watching for risky sign-ins
    • How they detect and respond to account takeovers
  • Clear language, not just acronyms
    • You should walk away understanding what’s being done and why, in plain English.

 

If the answer sounds like a generic security brochure or worse, “we’re looking into some tools”, you may be more exposed than you think.

 

2. “Where are we still relying on Windows 10, and what’s the plan?”

 

Windows 10 is now out of mainstream support. For many organizations, that doesn’t mean every Windows 10 machine vanished overnight.

 

In the real world, you might still have Windows 10 in places like:

  • Specialty software or equipment that hasn’t been upgraded yet
  • Kiosks, shop-floor systems, or lobby machines
  • Old machines doing “just one thing” that nobody has documented

 

That’s normal. What’s not normal is not having a plan.

 

When you ask this question, you’re looking for:

  • An inventory, not a guess
    • Someone knows how many Windows 10 systems you still have
    • You can see roughly where they live (by department, site, or function)
  • A risk-based roadmap
    • Some systems may be candidates for paid ESU coverage
    • Some may need isolation on the network
    • Others should be on a staggered refresh schedule
  • Realistic timelines
    • Not “we’ll get to it,” but “we’ll address these groups in Q1, these in Q2,” etc.

 

You don’t have to fix everything in January. But you do want to avoid waking up next fall with unpatched systems quietly running critical parts of your business.

 

3. “If ransomware hit tomorrow, what do the first 4 hours actually look like?”

 

This might be the most revealing question you can ask.

 

Most organizations have some sort of backup and security tooling in place. The difference between a bad week and a disaster is often what happens in the first few hours of an incident.

When you ask this, listen for:

  • Clear roles and steps
    • Who is on point, internal and at the MSP?
    • How does staff report an issue?
    • How do you decide whether to shut systems down or keep them online?
  • Confidence in detection
    • How would they know something was wrong?
    • Are there alerts on suspicious behavior, or are you relying on someone “noticing something weird”?
  • Concrete recovery options
    • Which systems are restored first and from where?
    • When was the last time those restores were actually tested?
    • Are there immutable or off-site backups if the main environment is compromised?

 

If the answer sounds like, “We’ll work with the backup vendor and figure it out,” that’s a red flag. You want people who can walk you through a calm, practiced process, not just a list of tools they own.

 

What “good” feels like when you’re asking these questions

 

You don’t need to be technical to spot a strong partner. In our experience, good answers share a few traits:

  • They’re specific.
    “We use MFA” turns into “We use number-matching MFA on all admin accounts and clean up stale methods quarterly.”
  • They admit tradeoffs.
    No environment is perfect. You’re listening for honest prioritization: which risks are you accepting, and why?
  • They invite follow-up.
    A good partner will say, “If you’d like, we can summarize this in a simple one-pager for leadership.”

 

These conversations don’t have to be adversarial. In fact, the best outcome is when your internal team or MSP feels like you’re finally asking the questions they wish more leaders would ask.

 

Where Stamm Tech fits in

 

As a Milwaukee-owned MSP, we sit in these conversations every day with local owners, CFOs, and operations leaders.

 

Our job is to:

  • Translate the technical realities into business-level decisions
  • Help you see where you’re strong and where the gaps actually are
  • Build a prioritized, realistic plan that fits your budget and timeline

 

If you’d like a calm second opinion heading into 2026, we’re happy to walk through these three questions with you, and give you a clear, non-alarmist view of where you stand.

 

Want a simple conversation starter for your next leadership meeting?
Ask: “How would we answer these three questions today?”

 

If the room goes quiet, that’s your sign to bring in some help.

 

 

FAQ

 

Q1: How often should we be having these conversations with our MSP?


A: At least once a year at a strategic level, and any time something major changes like a big acquisition, a move to new cloud systems, or significant headcount changes. Think of it as an annual check-up plus ad-hoc visits when your business changes direction.

 

Q2: What if our MSP gets defensive when we ask these questions?


A: Good partners should welcome hard questions. If you’re getting vague answers, lots of jargon, or defensiveness, that’s a signal. You don’t need perfect answers, but you do need transparency, clear prioritization, and a willingness to talk frankly about risk and tradeoffs.

 

Q3: We already have an internal IT person. Do these questions still apply?


A: Absolutely. The titles change, but the core issues don’t. Whether it’s an MSP, a solo IT admin, or a full internal team, leadership still needs clarity on: how security is evolving, where old systems like Windows 10 still live, and what the recovery plan looks like if something bad happens.

 

Q4: What if we don’t have a full inventory of our Windows 10 or legacy systems yet?


A: That’s a great first project. Start by asking for a simple, human-readable list of what’s still on Windows 10, where those systems are, and what they do. You don’t need a perfect CMDB on day one, just enough visibility to prioritize which systems to address first.

 

Q5: How detailed should our ransomware “first 4 hours” plan be?


A: It doesn’t need to be a 60-page manual. A 1-2 page, plain-English checklist is enough for most SMBs: who to call, what to shut down or disconnect, how to communicate internally, and where the backup/restore playbooks live. The key is that people know it exists and have seen it before an incident.

 

Q6: Can Stamm Tech review the answers we get from our current provider?


A: Yes. We can walk through your current situation, explain what your MSP is doing well, and point out any gaps or ambiguities in their answers. The goal isn’t to stir up drama. It’s to give you a clear picture so you can make informed decisions heading into 2026.

 

Interested?


Let's Meet and Talk