6 Critical Questions to Ask Before Signing With an IT Company
Choosing the right IT company can be time-consuming, but don’t rush to sign on the dotted line just because you think you’ve found the perfect fit. Before you commit, it’s crucial to double-check what they’re agreeing to do for you. Ensuring all your bases are covered now will save you from surprises.
So, you’ve identified an IT company you want to work with—are you confident they’ll deliver everything you need?
While it may feel frustrating to do extra homework before finalising the agreement, taking the time to confirm your needs are addressed is essential. Contracts for managed services may appear comprehensive, but they can still need key details. It’s better to uncover gaps now than to realise you’re not fully covered.
Even if you’ve already signed a contract, it’s not too late to ask these critical questions to assess your IT provider’s cybersecurity coverage and commitment.
To ensure your business is protected, start by asking these critical questions:
Do You Follow Established Cybersecurity Best Practices?
Security policies don’t need to be reinvented. The Australian Signals Directorate (ASD) has outlined key cybersecurity best practices in its Strategies to Mitigate Cyber Security Incidents.
These strategies are known as the Essential Eight and are considered crucial for protecting businesses against cyber threats:
- Application whitelisting
- Patch applications regularly
- Configure Microsoft Office macro settings securely
- User application hardening
- Restrict administrative privileges
- Patch operating systems promptly
- Enable multi-factor authentication (MFA)
- Perform daily backups
Does your IT company follow these recommended practices? Confirming this is key to ensuring your business has a strong cybersecurity foundation.
Are You Protecting Me From Unauthorised Access?
Digital security is a cornerstone of any reliable IT service. To safeguard your business from cybercriminals, your IT provider should deliver comprehensive security measures, including:
- Endpoint Protection
- Threat Hunting services on computers, servers and Microsoft 365 accounts
- Firewall configuration and management
- Intrusion detection and prevention systems
- File-level encryption to protect sensitive data
- A clear explanation of how these services are implemented and maintained
Confirming these measures ensures your systems are secure and protected against unauthorised access.
Are You Monitoring My Entire Network?
If you invest in fully managed IT services, you must ensure your IT company monitors your entire system, including your network. Network monitoring is critical to preventing disruptions caused by vulnerabilities or cyber threats.
Ask your provider if their monitoring extends to:
- Mobile devices
- Virtual machines
- Remote users and work-from-home systems
A thorough monitoring plan ensures every part of your network stays secure, no matter where or how it’s accessed.
Are You Regularly Testing My Cybersecurity?
Cybersecurity isn’t something you can “set and forget.” Cybersecurity measures must be consistently tested, assessed, and updated to keep your defences strong. Regular testing ensures your systems remain protected against evolving threats.
Ask your IT company how often they:
- Conduct vulnerability scans
- Perform penetration testing
- Update security protocols and software
Are You Protecting My Staff From Dangerous Emails?
Phishing emails are one of the most common cyber threats today, and your IT company needs to have a plan to combat them. Phishing attacks use deceptive emails to trick employees into sharing sensitive information, clicking malicious links, or downloading malware. With just a tiny amount of information, cybercriminals can impersonate business leaders or colleagues to manipulate staff into handing over money, data, or critical information.
Ask your IT provider how they’re addressing this threat:
- Do they provide anti-phishing tools and email filters?
- Are they implementing employee training to identify phishing attempts?
- Is there a process for reporting and responding to suspicious emails?
Keeping your staff informed and your systems protected is crucial to preventing email-based cyberattacks.
Are You Keeping My Data Backed Up?
Data loss happens due to human error, hardware failure, or cyberattacks. That’s why having a reliable data backup solution is essential. Ask your IT company about their backup approach, mainly if they use cloud-based solutions.
Key questions to ask include:
- How secure is the cloud backup solution?
- Is the backup hosted on a public or private cloud server?
- Will they consider a private cloud option for better security if it’s a public cloud?
- If cloud backups aren’t used, where is the data being stored?
If you trust an IT provider to secure your business, you must ensure they do the job correctly. If they need more critical areas like email security or data backups, it might be time to explore other options for safeguarding your business.
Choosing the right IT company requires careful consideration and evaluation. By asking the right questions, you can assess their commitment to cybersecurity, network monitoring, regular testing, email protection, data backups, and more. Remember, your IT provider should be an extension of your business, working proactively to protect your systems and data while supporting your business objectives.
Contact us today to discuss how we can protect your business from cyber threats.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.