How to know if your IT provider is doing enough

by Jon Lober | NOC Technology

10 criteria for evaluating your IT provider.

In today’s digital landscape, ensuring that your IT provider meets the necessary security and operational standards is crucial for protecting your business. But you’ve hired an IT company precisely because you don’t have the time or knowledge to deal with it yourself. So how do you know if your provider is doing enough?


Here are some key criteria to evaluate whether your IT provider is adequately safeguarding your systems and data.


1. You have on- and offsite backups

A robust backup system is your first line of defense against data loss. Having both onsite and offsite backups ensures that even if a catastrophic event occurs—such as a fire or a ransomware attack—you still have access to your data. If your IT provider only offers one type of backup, it may leave your organization vulnerable to data loss. A comprehensive backup strategy should include redundancy, ensuring that your data is protected from various potential threats.


2. Your backups have been tested recently

You won’t know that your systems are backing up correctly until you need them, right? Regularly testing your backup systems is vital to ensure they function as intended. If your last backup test was conducted more than three months ago, it raises a red flag. An untested backup could fail when you need it most, leaving you at risk. A proactive IT provider will routinely check the integrity of backups and verify that they can be restored quickly and effectively.


3. There are only two admins (us and them)

Limiting the number of domain admin accounts is essential for maintaining security. If your IT provider has not implemented this practice, it increases the risk of unauthorized access to your systems. By having only a couple of domain admin accounts, you can better monitor and manage access to sensitive information, reducing the likelihood of breaches caused by insider threats or compromised credentials.


4. You have remote access

Remote management of network switches and access points is crucial for ensuring that your IT provider can quickly address issues as they arise. If your provider is not set up to manage these devices remotely, they may struggle to maintain optimal network performance, leaving your organization vulnerable to downtime. Remote management allows for timely updates and security patches, enhancing overall network security.


5. Your firewall has active security services

A firewall serves as a primary barrier against cyber threats. If your IT provider hasn’t implemented active security services, such as intrusion detection, malware protection, and real-time monitoring, your network could be at risk. An effective firewall should not only block unauthorized access but also actively monitor and respond to potential threats, providing an additional layer of security.

Need more help finding the right IT support company?


Start with a quality list of questions from industry experts. We'll give you our top 10 questions that we think you need to use in any opening interview with a potential IT partner (plus a few bonus follow-up questions). Beyond just a script, we explain why these questions are important to you as you find your tech soul mate.


Get the Guide

6. Your guest Wi-Fi is segmented from your primary network

Segmentation of guest Wi-Fi from your private network is a critical security measure. If your IT provider hasn’t set up this segmentation, you may be exposing your internal systems to unnecessary risks. Guest networks should be isolated to prevent unauthorized access to sensitive data. Proper segmentation protects your internal systems while allowing guests to access the internet safely.


7. You have MFA set up on all Microsoft 365 accounts

Multi-Factor Authentication (MFA) adds an essential layer of security by requiring users to provide two or more verification factors to gain access. If your IT provider hasn’t implemented MFA for all Microsoft 365 accounts, you’re at a heightened risk of unauthorized access. MFA significantly reduces the chances of credential theft and strengthens overall account security.


8. You have a defined onboarding and offboarding process

A comprehensive onboarding and offboarding checklist ensures that employees are granted appropriate access rights when they join and that access is revoked when they leave. If your IT provider does not have a clear process in place, you could be leaving your systems open to potential security risks. Properly managing access rights helps mitigate insider threats and ensures compliance with security policies.


9. All managed devices have anti-virus installed

Having anti-virus software on all managed devices is a fundamental step in safeguarding your organization against malware and other threats. If your IT provider has not ensured that every managed device is equipped with reliable anti-virus software, your organization is exposed to significant risk. Regular updates and scans are also critical to maintaining effective protection.


10. You have good spam filtering

Email is a common attack vector for cybercriminals, particularly through spoofing attempts. If your IT provider does not have an effective spam filtering solution in place that can block or alert users about potential spoofing, you are at a higher risk of falling victim to phishing attacks. A robust spam filter will protect your organization by analyzing incoming emails and flagging suspicious activity.

By evaluating your IT provider against these criteria, you can gain a clearer understanding of whether they are doing enough to protect your organization. If any of these areas are lacking, it may be time to address your concerns or consider finding a more capable partner. Your business’s cybersecurity and operational integrity depend on it.

clicking a phishing email can make you feel sick
By Jon Lober 28 Oct, 2024
Just a quick refresher— what is email phishing? Phishing is a type of cyberattack where attackers try to trick you into giving away sensitive information—like passwords, credit card numbers, or even access to your business’s network— by pretending to be someone you trust . These emails often look like they’re from legitimate companies, like your bank, a well-known retailer, or even someone within your own organization. The goal? To get you to click on a malicious link or download an attachment that can compromise your system. Sometimes, the emails are obvious fakes, but other times, they can be extremely convincing, making it crucial to stay vigilant.
By Jon Lober 23 Oct, 2024
Looking for weak points could save your business.
what should i do with phishing emails
By Jon Lober 22 Oct, 2024
and w hat if I clicked the link?
More Articles
Share by: