If you’re a small business, you don’t have the budget to hire full-time employees to handle security, maintenance, and employee support. And as cybersecurity threats become more sophisticated and prevalent, it’s safer and more cost-effective to outsource your IT support.
Far too often, however, companies in the market for IT support services assume that every provider, simply by virtue of being in the IT field, is equipped to secure its own network. That’s a mistake.
An IT support company can help your small business flourish but choose your vendor carefully. Before you hand over access to your business — and your network — vet each candidate carefully by asking some crucial questions.
How are passwords protected?
When you outsource IT, you give providers the ability to remotely access and manage your systems, which is essentially giving them the keys to your business. Providers that hold passwords for a number of clients make great targets for attackers.
Start vetting potential providers by asking about their password management policies. First of all, do they have one? Too many IT support providers store client passwords in Excel spreadsheets. That’s convenient, but it’s far from secure. You should hear the term “two-factor authentication” when providers describe the security measures used to protect sensitive data. Then ask them about their procedures for when employees leave the company. How does the company make sure that former employees don’t continue to have access to confidential client data?
These aren’t complicated questions. If a company hedges or gives you complicated answers, that’s a red flag. The company should be able to tell you exactly how it ensures that only the people who need to have access to client passwords have that access. As for departing employees, the answer should be that the provider changes the authentication credentials needed to access important client data. If that’s not what you hear — another red flag.
The bottom line? IT support companies must take security seriously. If the company can provide IT services but not a straightforward answer to questions about their security policies, it means they don’t have those policies. Don’t trust them with your sensitive data.
Who pays for mistakes?
If you like the answers about security, ask them next about their liability insurance. If they’re like most smaller IT support companies, they just don’t carry it. That’s another red flag.
If you hire someone to work in your home, you’re not going to let them redo your bathroom unless you know that person is a reputable insured contractor. If not, when the crew messes up and tears a hole in the wall, you could end up with the bill.
If you’re a small business owner paying someone to access your systems and fix a problem, you must consider the worst-case scenario. If something goes horribly wrong and critical data is somehow compromised, you need to know who will be on the hook. If a potential IT provider doesn’t carry liability insurance, steer clear.
What kind of training is offered?
The IT provider’s staff should have all the certifications required to work with specific technologies or software platforms. Otherwise, how could they competently and responsibly support your IT needs? An IT company that doesn’t ensure employees are trained is one to avoid.
The security landscape is quickly evolving for everyone. Before hiring an IT support provider, ask what kind of training it offers to clients — and its own employees — to establish and maintain security awareness. An IT support company should give its own employees ongoing training to ensure they’re up on the latest security developments and protocols. If it doesn’t? That’s a red flag.
There’s a bonus question at the end of this vetting quiz: Does the IT support company offer cybersecurity training to its clients? A provider that stands behind the training it provides its own team enough to make it available to you is a provider that you can probably trust.
An IT support company can mean the difference between a small business floundering or flourishing. Avoid these red flags, and your IT service provider can be a trusted and valued partner as your business grows.