Does your IT support company communicate proactively with you and add value? Or are they just a silent partner who only leaps into action when you call them, and sometimes it’s hard to get hold of them or get them to leap?
Here’s ten things that your silent IT partner should be proactive in bringing up to you, adding value to your relationship.
The Patch Status of Your PC and Servers
Every so often, PCs and servers need to be patched. This means they need important updates installing that will fix new security flaws that have been discovered in them. If these “patches” are not installed, there could be security vulnerabilities in your systems that will allow a cyber criminal to gain access through something known as a “backdoor vulnerability.”
Has your IT provider ever shown you evidence of them proactively installing all of the latest patches so you aren’t at risk from backdoor security vulnerabilties? Do they regularly show you a report which easily tells you the patch status of all PCs and servers in your business?
About Outdated Systems that are Now a Business Risk
Older versions of systems you may use, such as Windows, eventually reach the end of their life and stop being supported by the vendor (Microsoft, in the case of Windows). This means that security updates and patches are no longer released for them. Continuing to use these systems after their support period ends means you are vulnerable to any new security flaws that are discovered.
Are you still using unsupported operating systems like Windows XP, Windows Vista, Mac OSX or Windows Server 2003? If so, why hasn’t your IT partner suggested you upgrade your operating systems? Continuing to run with these old, unsupported systems is a business risk.
By the way, Windows 7 support ended in 2015. If you had Service Pack 1 installed, support is extended until 2020. Did your IT providers install service pack 1? Are you still supported, or are you using vulnerable systems?
Your Backup Success Rate
Did you know that lots of backups fail to complete, meaning that you might not actually be able to get all of your data back if you suffered a disaster such as a ransomware infection that encrypted all of your data?
Backups are necessary. We have restored from them with great success when the unavoidable happens. This could be a fire, a flood, or someone ripping the copper wires out in the street outside your building. If it happens, you need to know your data is safely backed up, and easily recoverable.
Has your IT provider ever shown you evidence that your backups are running successfully? Or worse yet, do they know you don’t have backup and they’ve never recommended you invest in a solution?
Does your IT provider understand the value of your data, and advise you on how to get the most out of your IT budget?
Not all of your data is created equal. It all needs to be backed up, but maybe only 10% of it is business critical data that you need to be able to recover within 30 minutes.
Backing up all of your data every fifteen minutes to such a system is expensive, but necessary for some data. Do you really need to back up all of your marketing documents four times an hour, and be able to recover them within 30 minutes of a disaster? All of your data is important – but it doesn’t all need to be backed up at the same frequency, with the same speed of recovery.
By being intelligent about which data is most critical to be backed up regularly and recoverable at high speed, you can get the most out of your IT budget, and invest the savings in other solutions.
Proactively Warn You About Dangerous Malware and Give Advice to Avoid Infection
With all of the ransomwarecurrently flying around, such as Cryptolocker, businesses are finding themselves infected and permanently locked out of their data. Has your IT provider ever warned you about these threats? Have they ever given you advice so that you can avoid being infected? Have they offered to educate and train your employees to spot the types of emails which spread the infection?
About their Own Performance
Has your IT provider ever brought up the subject of their own performance in carrying out their service? Do they show you reports detailing all of the things they have done, the time they have spent helping your employees both reactively and proactively? Do they show you how they’ve met their SLAs in responding and resolving your requests, and details of proactive work that has been done to optimise your systems?
About Upcoming Regulations such as GDPR
Has your IT provider mentioned GDPR (General Data Protection Regulation) which is coming into effect in May 2018 (less than one year away)?
These regulations stipulate ways in which data relating to any EU person must be held or processed (even if the business is not in the EU). Companies found to be in breach of these regulations can be fined up to 4% of their global annual turnover.
As these regulations relate to protection of data, much of your compliance with it will rely on your IT systems and processes.
Has your IT provider mentioned anything about this to you? Have they explained how you’ll have to handle data differently in order to be compliant with the regulations and avoid getting a hefty fine?
If you hold any data on any EU nationals, your IT provider should be recommending changes to your IT systems and processes based on these regulations so you’re not in breach of them when they come in next year.
About New Services that Can Improve the Security of Your Business
New technology solutions and IT services are constantly becoming available that can be of great benefit to your business. For example, has your IT provider recommended you invest in hard drive encryption? This means if you lose a laptop or it is stolen, the data on it cannot be read by anyone who has found it – even if they remove the hard drive.
About Your Disaster Recovery Test Results
Has your IT provider ever run a disaster recovery test to see how quickly they would be able to have you up and running in the event of a disaster? A potential disaster could mean your employees cannot work from your office and also cannot access systems and data remotely. You need a plan for how you would get everyone working again in a disaster scenario, with access to data and systems, in the shortest possible time. Your IT partner should help you create this plan, document the procedure, and then test the process.
About Relevant Accreditations and Certifications they have, and Training their Engineers are Doing
Not all of the accreditations and certifications that you see on your IT provider’s website are worth knowing about. Many accreditor logos are gained simply by being a reseller of that particular vendor’s software or hardware. Many of the accreditations are easy to obtain and don’t require rigorous training and testing of their engineers to hold the certification.
Look for ISO 27001 and ISO 9001 accreditations. These ensure that the company is audited every year by an independent auditor to ensure they adhere to certain standards governing data protection and quality management.
Also look for Cyber Essentials. This ensures your IT partner understands all of the various ways in which they need to ensure data is kept secure from cyber criminals.
Lastly, ensure they are a Microsoft Gold Partner. Many things are required to achive Gold partner status, but one of these is that their engineers must pass certain exams set out by Microsoft. These exams are tough, and every year the organisation is checked again to ensure enough engineers have done the latest exams before the Gold status is renewed. Gold partner status makes it more likely that you will deal with a company who has the necessary expertise to advise your business on technology matters.
Are You Evaluating IT Providers?
Download the checklist of questions you should be asking potential partners by clicking the button below: