Your IT and the support it receives is fundamental to your business. It’s what keeps the clock ticking. At the end of the day most work is now completed via a device. Think about it. How have you communicated with people today? How are you reading this blog? How are your team keeping track of your customers and clients? All of our general working day activities are done through a device, whether that is a PC, tablet or mobile phone. Our lives, both working and personal, revolve around technology.
Now imagine if that technology was taken away. The PCs in the office won’t switch on, the server is doing something odd and everyone keeps telling you they can’t access anything. The emails begin to pile up, invoices don’t get sent out and your staff are at a standstill: you’re losing money. At this point in time you need someone to rely on, you need someone to call when you need help. You need some kind of IT Support, whether that’s to support your internal IT resource or to be the sole resource for your business.
Protecting your data is your organisation’s responsibility, even if you outsource your IT to a third-party company. In some cases, your IT Services Provider may just be getting on with what you have asked them to do and you may not have not considered all aspects of what you might need to protect your organisation. With the current cyber security climate and GDPR looming, it is important to make sure that you are taking responsibility for your company’s data protection and security.
Why do you need to ask these questions?
If you experience a cyber security incident it can have severe consequences for your business. You could find your finances being hit and you could also experience damage to your reputation and data loss. In the case of data loss, your business could experience downtime which would have a severe impact on your revenue if you were no longer able to accept payments or take orders.
As previously stated, there is also the issue of GDPR. When the General Data Protection Regulation comes into play businesses that experience data breaches are liable for fines of up to 4% of their global turnover or €20 million, whichever is greater.
You need to start asking questions about your IT to make sure that you are protecting your business and its assets.
In this blog, we have put together the 7 major questions that you need to be asking your IT Service Provider and also your management team. This is not an exhaustive list of every security precaution you should take. It is a basic checklist to get you started. If you do not know the answer to a question or know that the answer is ‘no’ then you should act immediately.
Questions to Ask Your IT Provider
Have they done this before?
IT companies can do a manner of different things. For example, ACUTEC provides IT Support as well as infrastructure installations, Cloud migrations, software development and security. Whatever relationship you are embarking on with your new IT partner you need to be sure that they are experienced. Whether they are going to be your IT Support for the next three years or they’re just going to migrate you to Office 365, you need to know they know what they are doing. You should explore their website for case studies and testimonials. If you can’t find any on the website then ask for them. See who they have worked with before. Have they dealt with a company of your size before? Have they dealt with companies with more than one site? Ask the questions and make sure that they are seasoned enough to be able to provide the support that you need.
How do they deal with issues?
Even with IT Support in place things can still go wrong, for example a server could fail or you could experience a ransomware attack. In this instance you need to know that the company you have chosen will stand to attention and deal with the issue quickly and effectively to get your business back up and running. Again, you need to ask the question. What happens in the event of a major incident? How will the company react? What are their processes? How quickly can you expect to be back up and running? Do they guarantee that they will fix it?
Are they qualified?
You want to know that the company you have chosen know what they are doing. For example, if you are looking for a partner to work with to migrate your business to Office 365 then you should check they have Microsoft accreditations like Small and Midmarket Cloud Solutions. Are they gold? Are they silver? For a company to achieve a Microsoft competency it takes hard work. The company’s engineers must have passed so many exams and the company has to have a certain amount of experience and references. If you want an IT project to be successful, you need to know that there is a likelihood of it being so. Working with experienced and qualified engineers will ensure that you are in safe hands.
Do we have a Next Generation Firewall?
A Firewall protects the perimeter of your network. It controls the traffic coming in and out of your organisation’s network and will stop things like malware. Asking if you have a Firewall is no longer enough. You need to make sure that you have a Next Generation Firewall in place. A Next Generation Firewall has something called deep packet inspection. Most of traffic that will come into your network will be encrypted and therefore will easily get past a Firewall no matter its contents. Deep packet inspection scans encrypted traffic. The best way to understand it is instead of just checking the address on an envelope it would check the letter inside as well.
Do we have an Anti-Spam solution?
Spam is unwanted and unsolicited email usually sent to a mass audience. Sometimes it can just be junk trying to sell to you and sometimes it can be more malicious such as a phishing email. A phishing email will try and extort information from you or will come with a dangerous link or attachment that could install Ransomware on your computer. An anti-spam solution will filter out most emails making your inbox a safer place to be.
Do we have a business-level Anti-Virus solution?
Viruses are harmful pieces of code that can destroy data on your computer and cause chaos. Anti-virus software will scan your computer to find any viruses and remove them. It’s important to not just ask if you have an anti-virus installed but a business level solution. Free is usually free for a reason and cheaper anti-viruses will not be effective. Make sure you are using something like e-set to ensure safety.
Do we have Patch Management?
Not updating software can be a critical issue for your security. Many of the organisations affected by the NHS WannaCry incident in 2017 experienced problems because they did not have software that was updated with patches for security flaws. Organisations that installed the patch that had been made available two months before were safe from the attack. You need to make sure you have processes in place to make sure you always have the most up-to-date software available. Make sure you ask your IT Provider what the situation is for your software updates.
Do we have a Back Up and Disaster Recovery Plan?
Sometimes the worst can happen no matter what precautions you have in place. It’s important to make sure that you have a back up and disaster recovery plan in place so you are able to get your business back up and running as soon as possible. You also need to check that you back up is being tested at least once a year to make sure that it is doing what it is supposed to. We once heard a story of a business who back up their data using tape. The IT Manager used to take it off-site on the tube every day and the magnetism was just wiping the data. There’s no point in backing up if it doesn’t work when you need it to. Make sure you ask your IT provider whether there is a back up and disaster recovery plan in place and whether it has been tested.
Do we have an understandable IT Policy?
This question is not for your IT Provider, it’s for your management team. You need to make sure it is very clear for your staff what they can and can’t do when using technology in the business. Your staff are your last line of defence when it comes to security so if they do not know what is and isn’t acceptable it could cause problems. If we’re being honest most people will not even bother to read an IT policy and if they do they won’t remember what was in it. We recommend having a one pager at the start of your IT policy that states clearly the most important things your staff needs to know.
Are our staff trained for cyber security?
We always say that end user education is key to protecting any organisation in the current cyber security climate. If all your precautions have failed, if one phishing email has slipped through the net, then it is all down to the decisions that your staff choose to make. Training your employees to be more vigilant and making sure they know what to look out for will help ensure you have good cyber security.
Do they understand your business?
There is no point in putting a fancy new thing in place if it is not going to benefit you or your business. When you are choosing a partner for IT Support you need to know that they understand what you are trying to achieve and will help you in making it a reality. A good IT company will work with you to create an IT strategy in line with the overall business strategy to ensure that everything is in place for you to be able to achieve your objectives.
How do they work?
If you’re looking for a company to provide you with IT Support you need to make sure that you know how they work as well as them knowing about you. You’re probably going to be working with them for at least a year and that can be a long time if their way of working is frustrating. Find out exactly what their processes are and how they manage the support that you will receive. Will they triage your issue in comparison to their other clients? Will they make sure that you are responded to in an appropriate time? Don’t be afraid to ask questions about exactly how things will work.
Questions to Ask Your IT Provider
We have given you a number of questions for your IT Provider or IT Team. You need to make sure that they can be answered and in a positive way. If not, or if you’re still concerned you need to take steps to improve your security. If you need any help with this then please email us at firstname.lastname@example.org or call 01675 469020. Remember, this list is not exhaustive and is a starting point. Call us if you need us.