In a previous blog entitled “How Can You Protect Yourself and Your Business from Potentially Costly Ransomware Attacks?” I discussed three ways in which you can protect your organisation. I broke it down into 3 steps that need to be taken to mitigate against the risk of being attacked and infected and suffering data or financial loss;
Step 1 – Create a human firewall.
Step 2 – Have up to date IT systems.
Step 3 – Have good backups.
In this blog I’m going to focus on how you create a human firewall in your organisation because remember, it’s the users who are being targeted by the cyber criminals. These criminals are using a variety of digital deceptions to trick users into opening email attachments or click on compromised links on websites. Today’s computer users, Employers and Employee’s, need to wise up fast and get with the program before your business pays a hefty price!
The Human Firewall?
When we talk about the human firewall we’re talking about computer users within your organisation and their levels of awareness and understanding about the cybercrime threats they face today. The digital world we live in now is vastly different from years ago. No longer can we curiously and carelessly click on things presuming that everything is safe on the internet. The new reality is that there is danger around every corner and as a computer user you need to take responsibility for your actions and be very clear that you know and understand what you are doing when using email and internet! Users must condition their minds to be much more security aware and continually be asking questions;
Who is this email from, do I know the sender? Why have I just received this particular email? Is this website safe, how do I know it’s safe? Why is someone asking me to download something, how do I know that this download is what it says it is? Is it really my boss asking me to transfer money into a bank account? Should I really be doing personal stuff on my company’s IT system and putting my employer’s business at risk?
The first line of defence that the cybercriminal needs to penetrate is the user, it’s the user’s interaction with the email or a link that allows a network intrusion. Only after the initial intrusion will the secondary layers of protection like a firewall and AV software come into play. Organisations must strengthen their first line of defence and this is achieved through security awareness training with the key objective to condition the user’s minds to the new security threats and realities.
Security awareness training
Users do not come to work with the intention of contracting a horrible crippling virus at their place of work and so will naturally be predisposed to being receptive to training in this area. Acquiring basic knowledge of the main cyber threats and an understanding of how social engineering works can make a huge difference in the awareness and ability of the user to be alerted to suspicious activity and to act on it!
Cyber criminals constantly innovate!
It is vitally important that users are kept up to date with the latest threats. Criminals are constantly coming up with new ways to hack your systems either through social engineering or other means. We all know about the Nigerian prince who wants to pay us an exorbitant sum of money for doing very little but next week it will be something different and the week after that something new again.
We’ve touched on social engineering already however its worth considering this point, there is often a huge amount of data in the public domain, on the web, about our organisation and on us as individuals, through social media. It’s not that difficult for a cybercriminal to carry out basic desk research on your company and employees and then use that information, in what is a premeditated and customised attack on your organisation. Information gathered from the web will make the trick even more convincing than usual to get you to open an email attachment or even transfer money to an account.
How to create the human firewall in your business?
- Give your staff “Be Alert to Cybercrime” Security Awareness Training.
- Get users to sign off on the training they received.
- Ensure your staff regularly receive the latest cybercrime threat information.
- Provide users with an easy way to report suspect emails.
- Carry out simulated attacks to test your human firewall and record the results.
DON’T BE A VICTIM OF CYBERCRIME! TOP 5 X TIPS FOR USERS!
- Develop a 6th “Security” sense when it comes to email, attachments, website links and confidential data.
- Slow down! Think first, Act second, not the other way around. Criminals want you to act quickly without thinking about your actions.
- Delete requests for personal or financial information or passwords.
- Be highly suspicious of unsolicited email! If an email appears to be from someone you know, treat requests made with suspicion and verify authenticity independently.
- Shut down your computer at night! You’ll save power and cut off the criminal’s opportunity to have unfettered access to your machine!
For additional information or help with Cybercrime protection please get it touch
This article entitled “How Can You Protect Your Business From Potentially Costly Ransomware Attacks?” was written by Sean Hegarty who is Operations Director at HCS Business Solutions. Sean holds a BSc in Law with Business, an MSc in Technology Management and has been working in the field of IT Service Management and IT Outsourcing for the past 17 years.
E : email@example.com Sean’s LinkedIn Sean’s Twitter
This year has seen a 200% increase in new ransomware which has been driven by new, hard to detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt , and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor. Anyone reading this may be forgiven for thinking that I’m an expert in this area, I’m not. I do however manage an IT services company which has 100’s of customers who are affected by the threat of cybercrime. As a result I’ve been reviewing recent trends with our industry partners and our technical team to see how best we can manage these very real and serious threats to our businesses.
What is Ransomware?
Ransomware is a malicious virus which is contracted when a user inadvertently clicks on a link on a web site or opens an email attachment resulting in their data being encrypted. The user is then asked to pay a ransom to receive a key that will decrypt the files. The ransom could be hundreds or thousands of euros and there’s usually a time deadline for the user to pay the ransom. In some cases the ransom will be paid and then the decryption process may not work entirely successfully. Criminals are making millions from this activity right now and their next victim could be you and your business.
Cybercrime is a growth industry
Take this excerpt from The Internet Organised Crime Threat Assessment report (IOCTA) 2015 carried out by Europol;
“The Crime-as-a-Service (CaaS) business model, which grants easy access to criminal products and services, enables a broad base of unskilled, entry level cybercriminals to launch attacks of a scale and scope disproportionate to their technical capability and asymmetric in terms of risks, costs and profits.”
Traditionally we associate cybercrime with the geeky but technically skilled hacker who illegally accessed systems for a variety of reasons, some of which were not entirely harmful. However, it’s easier now for relatively unskilled criminals to get involved in cybercrime and this has led to the industry evolving.
Cybercrime is now becoming more aggressive and confrontational and is attracting the more traditional organised crime gangs who now see cybercrime as an opportunity to make huge profits.
Social engineering is a term used to describe the non-technical way that cybercriminals illegally access an organisations systems. It relies on human interaction and involves tricking people into breaking normal security etiquette, often through the use of email and now also through web sites, including social media sites.
Key Threat – Ransomware
Ransomware is a top threat for EU law enforcement according to the report mentioned above with Crypto Locker alone believed to have infected over 250,000 computers and obtained over €24,000,000 in ransom within the first 2 months of appearing in September 2013.
Data – A Key Commodity
Data is a key commodity in the digital underground and almost any type of data is of value to someone. Whether it can be used
to commit fraud or for immediate financial gain, the majority of malware nowadays is designed with the intention of stealing or hijacking your data.
How Does Ransomware Infect Your Systems?
Ransomware is contracted when users click on links in web sites or open attachments or files on emails. It’s easy to point the finger at so called “dodgy” web sites or blatantly obvious email attachments with dodgy email addresses and say that users should know better but these criminals are using ever more sophisticated means to entice users to click on the link or file that infects your systems. For example, emails could be received by users from customers which may contain an attachment with a logical title which when opened will infect your system.
Once Infected You Have Two Options
1. Pay the ransom and hope the decryption key and process works.
2. Don’t pay the ransom and restore your files from a backup, assuming you have a backup.
What to Do?
Firstly, there is tonnes of information on the internet about ransomware from a variety of credible sources. I’m simply going to bring some of it together with the goal of creating some awareness about the threat and what you can do to protect your business.
Secondly, I’m going to focus on how you can mitigate against the threat that ransomware poses through a prevention strategy and if you should get infected, by neutralising the leverage the criminals have over you by having a proper backup of your data.
Ransomware Prevention = Risk Mitigation
Educate your users. Create a human firewall in your company. Training in cybersecurity awareness should be provided with emphasis on data security, and awareness using the internet, visiting certain web sites and using email. The days of the philistine computer user frustratingly and randomly clicking buttons on their computer to get rid of a pop up are over. Users need to understand what they are doing when they click on a link, file or an attachment. With regard to the degree of success of phishing campaigns research shows that 23% of recipients who receive a phishing message will open it and a further 11% will continue to open any attachments so ongoing internal cybersecurity awareness campaigns are a must.
Ensure you have up-to-date IT systems, software, policies in place and adopt a multi-layered approach to threat management;
• A firewall with web filtering, virus filtering and application filtering. Perhaps have a whitelist of web sites for your users.
• All users should have up-to-date antivirus software on their PC’s, laptops and devices.
• Implement policies on your network that prevent users from running unauthorised applications or opening certain files or attachments.
• Review, update and maintain systems regularly and apply the latest patches.
Backups. Once you’ve contracted ransomware you have just two realistic options.
a) Pay the ransom or;
b) Restore from backup.
The best and quickest way out of this situation is to restore your data from backup. If you have a good back up you are neutralising the leverage that the ransomware criminals have over you and you are back in control.
So to ensure you will always have this option check your backups, make sure they are backing up everything you need to run your business. Check your backups regularly and carry out test restores to ensure they can be restored in an emergency. It’s critically important to have a robust system and process around your data security and ransomware is just one of many obvious reasons to ensure that you personally invest in this area of your business.
Remember that if you take these three steps you are protecting your business from multiple different threats, some old, some not so old, which are continually doing the rounds and could catch a user out. Importantly however, if you have taken these steps you have given yourself every chance of avoiding that brand new threat when it does come along.
Right now ransomware criminals feel they’ve cottoned onto a good thing making millions of euros around the world. Some ransomware people would even have us believe they are doing the world a favour by highlighting security holes and inadequacies of current systems. Some cybercriminals illegally encrypt a company’s data and believe they are merely charging for their services to decrypt the data.
Cybercrime is no different from traditional theft, burglary, obtaining property by deception, blackmail. There are criminals and there are victims and the authorities along with stakeholders must continually strive to make the digital world a safer place.
If there is an upside to this then perhaps the proliferation of ransomware will make us all more security conscious around the internet and IT systems in general, and specifically, we must realise the value of our personal and business data and ensure that we have proper backups at all times.
Remember – Security is a process, not a product you can buy!
1. Ransomware Hostage Rescue Manual. Adam Alessandrini.
2. The Internet Organised Crime Threat Assessment (IOCTA) 2015, www.europol.europa.eu
5. Verizon, 2015 Data Breach Investigations Report, http://www.verizonenterprise.com/DBIR/2015/, 2015
This article entitled “Data Backup Strategies for SMB’s” was written by Sean Hegarty who is Operations Director at HCS Business Solutions. Sean holds a BSc in Law with Business, an MSc in Technology Management and has been working in the field of IT Service Management and IT Outsourcing for the past 17 years.
E : firstname.lastname@example.org Sean’s LinkedIn Sean’s Twitter
Data backup strategies for SMB’s: How can you be sure your data will be there when you need it most?
This article is about the topic of data backup and security. I’m not discussing anything technical, I’m just addressing an area which is all too often over looked within small to medium size businesses (SMB). That is the area of regular review, monitoring and testing of your data backups so that you are 99.99% sure that you can successfully restore your data when you need it most.
I assisted an SMB client recently who invested in a new data backup solution. The client spent time and effort in ensuring that the solution was set up and configured the way they wanted and they were happy.
Afterwards I suggested that we should put in place REGULAR REVIEW, MONITORING AND TESTING of the backups to be sure that in the event of a problem the backup would restore successfully. The client did not take me up on the offer and seemed satisfied to receive daily notifications about the status of the backup.
This client is not alone in believing that the mere presence of a data backup system that appears to be doing its job is good enough when it comes to securing your data!
Top 5 Reasons why data loss can happen to you!
After a quick browse on the internet, I found a number of white papers on the subject of SMB’s setting themselves up for catastrophic data loss. Here’s the top five reasons why it could happen to you;
1. Combination of complacency and optimism, it won’t happen to me.
2. Not conducting regular backups and no backup strategy in place.
3. Relying on employees to back up YOUR critical data.
4. Keeping all backups on site.
5. Cost factors inhibiting resources and expertise being put in place.
“A successful backup is no guarantee of a successful restore”
This is a recent quote from a global data security software company.
A very successful global data security software company emailed our service desk recently after our technicians reported a problem with their software. They agreed that there may be a problem with their backup software and that they will resolve this problem in the next version. They went on to say that “a successful backup is no guarantee of a successful restore”.
So even a “successful backup” doesn’t guarantee that your data will restore safely!
At first glance this statement sounds absolutely incredulous. The statement by implication is saying that the only way of guaranteeing a successful restore is to actually restore your data, then you can be sure that it has restored successfully! Obviously we’re not going to restore our data every time we do a backup!
What about a software product defect that has the potential to put you out of business?
As with most IT hardware and software products they are sold “AS IS”. In terms of the IT industry I believe that means you buy the product and use it as you see fit and if anything happens you are largely on your own. There’s a warranty period for parts failing of course. Hardware and software companies don’t provide any guarantee in respect of how you the end user uses their products. If it turns out that their product was defective they might refund your money back at best. They say up front that they don’t cover the consequences of their product failing. In fact they will tell you straight that neither they or their affiliates, their resellers, distributors or suppliers will be liable for any indirect, special, incidental or consequential damages arising out of the use of or inability to use the software, including, without limitation damages for lost profits, loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses…….. etc. etc. etc.
And by the way let’s not get too hung up on defective data backup software either, the backup job may have been successfully backing up a corrupt database for 6 months and the only way you’ll ever discover this is if you test it.
There’s been a fire in your office!
Imagine the scene. There’s been a fire in your office and all that’s left is your off-site back up. You are overjoyed when you see that there is string of “successful” data backup jobs on it. You go to restore it and you find out that the files are corrupt and that every data backup job on there is completely useless.
You’ve potentially lost all of your company data. Your accounts data, with all your financials, debtors, creditors. Your customer data base with all your sales information, appointments, quotations, prospect lists. Everything you’ve ever written, all your emails and your staff’s emails. And depending on what industry you operate in other critical data also gone. On top of this, although not critical to your livelihood, you’ve also lost personal data, irreplaceable family photos, video’s and other important personal items.
Where does that put you in that moment? Obviously there’s the immediate situation to deal with but with your data gone there’s not much you can do. You could contact the backup software company and accuse them of selling a defective product? You could contact the IT Company, who brokered the sale of the software and helped you set it up, and shout at them?
This is akin to your boat sinking and you pull out the rubber dingy. The dingy that came with the boat when you bought it two years ago. Back then you inflated it and it seemed fine so you put it back in its box. 2 years later you are 5 miles from shore, a storm is closing in, and now you are sitting in the knackered old dingy, with no supplies and no plan B. It’s not likely you’re even thinking about the boat manufacturer at this difficult time and as for the dingy, this is now what you are relying on to save your life! “Jeez…. I hope this works out!” Who is responsible?
When you’ve lost your company data there may be a financial remedy in your business insurance policy. This may cover you for a new IT system and data re-entry back into your systems and it may also cover you for a host of other things. However, the claims process may take months of course and by then you may well be out of business or suffering from severe health problems or both!
Is there anyone out there still whose thinking “ YES….… I’m getting successful data backup notifications and I’m covered for losing all my data because I’ve got a comprehensive insurance policy”?
I‘m not going to drift into the subject of disaster recovery, I’m merely discussing this as a means to highlighting that losing your data is not a realistic option for you whether you have insurance or not! When you are in business your data is the most precious thing in the world after your family and you must take care of it because when it’s gone, it’s effectively gone. The cost, in terms of time and money, of trying to reinstate the parts of your data that still exist in paper form or from memory or other sources are often overwhelming and not survivable.
YOUR data is YOUR responsibility and nobody else’s. You should personally take responsibility for the security of your data.
You should systematically and regularly REVIEW, MONITOR AND TEST your backup’s in exactly the same way that you would equip and test a lifeboat that you knew you had to use one day. You’d leave no stone unturned. A backup is not a car or a printer or a smart phone, a backup is not used every day, in fact you only use it when you need it most and often it can be at a critical juncture like a disaster, a fire or flood.
To avoid ever having to find yourself in this position, I’m suggesting that you do the following;
REVIEW – MONITOR – TEST
1. REVIEW – your data backup policy biannually.
2. MONITOR – your data backup jobs daily.
3. TEST – your data backups quarterly by restoring data.
The frequencies of the review, monitoring and testing may vary depending on a number of factors to do with you and your business but the three steps don’t change.
When you put these practices in place then you can be highly confident that your backups will restore successfully. The cost for doing this will vary and it will depend on your own capabilities in terms of what you can do and cannot do yourself. These services can be outsourced and you can work with a qualified technician to review your policy and carry out test restores and deal with any issues that arise. On a daily basis make sure that any failed data back up jobs are dealt with speedily and problem root causes are followed through on and fixed.
This article entitled “Choosing the right Outsourced IT Partner” was written by Sean Hegarty who is Operations Director at HCS Business Solutions. Sean holds a BSc in Law with Business, an MSc in Technology Management and has been working in the field of IT Service Management and IT Outsourcing for the past 17 years.
E : email@example.com Sean’s LinkedIn Sean’s Twitter
I worked with an SME (Small to Medium Size Enterprise) last year who in my opinion suffered greatly because they chose the wrong Outsourced IT Partner. The SME in question had not considered the importance of making the right choice when it came to choosing an Outsourced IT Partner and instead had simply chosen the cheapest option at the time without considering other important factors.
I’ve written this article to assist SME’s in understanding some of the issues surrounding choosing the right Outsourced IT Partner. This article will consider questions such as;
• Are all IT service Companies the same?
• Why do SME’s find it difficult to change Outsourced IT Partner?
• What’s the difference between Professional Buyers V’s SME Buyers!
• What should your Outsourced IT Partner be doing for your business?
• Case Study – Small Business with 15 employees.
• What’s the Opportunity cost of not choosing the right Outsourced IT Partner?
• How to choose the right Outsourced IT Partner?
• Top 20 questions for a prospective new Outsourced IT Partner.
I will give you my top 20 questions for a prospective new Outsourced IT Partner that will ensure you leave no stone unturned in your search for the best Outsourced IT partner for your business thus ensuring that you and your business have the best IT environment possible to enable your people to achieve their goals!
Are all IT Service Companies the same?
Many businesses have the same Outsourced IT Partner they’ve had for years. You’re hoping that your Outsourced IT Partner has moved his or her business forward with the times and is up to date, employing high quality people, choosing the right industry partners and is able to offer and provide the full range of solutions and services that your business requires in order to make the best use of information technology. The truth is, however, that not all IT companies are equal. Some don’t change at all and some only marginally while others grow and expand and are ahead of the curve and know what’s coming down the track. Is your Outsourced IT Partner ahead of the curve, proactively coming to you with ideas that will save you time, make you money and enable you and your business to reach its goals?
Why do SME’s find it difficult to change Outsourced IT Partner?
Sometimes SME’s find it difficult to make decisions when it comes to thinking about changing Outsourced IT partners. In much the same way as anyone would be reluctant to change their bank, or accountant, solicitor, doctor or dentist there are often long relationships involved, friendships in some cases, and generally people just won’t change unless there has been a catastrophic relationship breakdown of some kind!
If you are not entirely happy with your current Outsourced IT partner and find yourself saying things like “ better the devil you know!”, or “I’ve been with them for years I can’t change”, “they know my systems inside out”. “I really like “Bob”, he’s like a friend” then it’s probably time to start asking questions “Can I do better? Can my business do better?” and consider looking for a new Outsourced IT Partner.
What’s the difference between Professional Buyers V’s SME Buyers!
Just for a moment let’s consider the difference between professional buyers and SME buyers. Professional buyers, usually found in enterprises or larger organisations, are dedicated, trained, specialist personnel who are ruthlessly focussed on their role and the objective in hand. They are focussed on the quality and cost of the product or service that’s being provided and they do their research thoroughly which usually means contacting many suppliers of the product or service and benchmarking them against each other across a whole range of criteria and metrics. When it comes to decisions there’s no blind trust based on history or faith and goodwill, just smart trust. Smart trust, I’ll trust your company because I’ve done my research and based on my research I’m prepared to do business with you. I know what I’m buying and I’ll know when I’m not getting it to the standard that I expect. I understand what my options are and if I’m not happy then I will, without hesitation, exercise one of those options if I wish to change provider.
SME’s rarely go to such lengths when looking for a new Outsourced IT Partner simply because they don’t have the resources. Don’t get me wrong, I have come across excellent and thorough SME owner managers who can really put you through the “mincing machine” and I’m sure most owner managers could if they had the time. In reality however it’s easier not to change and to stick with the existing arrangement because you know them and there’s a trust on some level. And you don’t want the hassle and risk of looking for a new Outsourced IT Partner and starting a new relationship.
What should your Outsourced IT Partner be doing for your business?
If your business is dealing with a single individual or a small IT company that is static, not growing, not progressive then there’s a high chance that you are not getting the ICT services that your business needs. I’m not just talking about fixing your PC or server when it breaks down. I’m talking about all the other services and benefits that you’re Outsourced IT Partner should be bringing to your business to ensure that you are progressing, that your business is being informed about the latest technologies and that your ICT technology is fully supporting your business goals.
1. Your Outsourced IT Partner should provide you with a service level agreement (SLA) which sets out in detail exactly how your relationship will work on a day to day basis.
2. Your Outsourced IT Partner should provide you with a high level account manager who will be available to you at all times for advice and guidance.
3. On a consistent basis, your Outsourced IT Partner should be making you and your business aware of new technologies and ways of working that are relevant to your business.
What if your current Outsourced IT Partner is not doing this? What is the cost to you and your business?
Case Study – Small Business with 15 employees.
Here is an example of a small firm that I came across last year. The firm had a fairly basic non-committal type IT Support contract with a local IT business. When a problem occurred they called their contact and someone would attend and work on the problem. Other than reacting when called their IT contact had little or no involvement with the client when it same to auditing, sales and recommending new services and products. Because the systems were so old breakdowns became more frequent. Downtime for staff was more frequent. The business as a whole was using 10 year old technology which was slow and “creaking at the knees”. It was almost like a badge of honour to some staff whose PC took 15 minutes to boot up. The company was still using an old fashioned tape drive for backups and although they were religiously changing tapes every day, no one actually knew exactly what was being backed up let alone whether or not the tapes would actually be able to restore data in the event of a disaster. When it came to considering any new software across the business it was always a problem because of incompatibilities with the old hardware and operating systems so business systems were never kept up to date. Staff member’s knowledge around business systems was 10 years out of date. The IT firm fixed things that broke but offered little or nothing when it came IT direction and planning. One day the, out of warranty, server ground to a halt, there was data loss, two weeks of downtime and after the chaos the realisation by the business owners that they had to make a huge investment in new hardware, software and staff training all at once. It took months to recover from the disaster and months again to get the business back on track and up to speed with staff having to learn how to use the new modern IT systems.
Having made a huge investment the owners now wanted to get value and use the new IT system to its full potential but this was challenging given the culture engrained within the business of not changing, of not learning new things, of not being up to date. As a result the business has probably been set back a number of years by comparison to some of its competitors who upgraded their IT systems incrementally. In summary the costs of this reactive approach to information technology for this company were high when you total the cost of the new hardware, software and staff training along with the cost of the downtime and data loss and the opportunity cost of the business being set back years behind its competitors.
What’s the Opportunity cost of not choosing the right Outsourced IT Partner?
What’s the opportunity cost of not choosing the right Outsourced IT Partner? Its relative of course, hard to put an exact Euro’s figure on, however as we can see the cost can be significant. And what about the staff development opportunity cost in terms of their lack of opportunity to interact with modern information technology in their daily work and the effect this has on their productivity and motivation which, no doubt, also has an impact on staff retention and turnover? The costs of not having an appropriate modern information technology system supporting your staff and your business goals is huge. SME’s need to be working with the right Outsourced IT Partner to ensure that your most important asset, your people, are not held back in any way when it comes to pursuing your business goals.
How to choose the right Outsourced IT Partner?
When the search for your new Outsourced IT Partner begins in earnest you will quickly whittle the numbers down to three or four realistic options that appear of a suitable reputation, size and quality that are worth being considered. We can now consider and discuss a number of key factors in determining the right Outsourced IT partner for you and your business leading to my top 20 questions for prospective Outsourced IT Partners that will ensure no stone will be left unturned by you in choosing the right one.
What is the right size Outsourced IT Partner?
Having worked with SME’s over the last 20 years and crossed swords with many of my competitors across the strategic groups in the IT Services sector I believe that the ideal Outsourced IT Partner, for an SME with 10 employees and upwards, will have between 10 and 30 employees. If an IT Company is too small they may be limited in the services they can provide. Smaller companies may not yet have the necessary management structures in place, the specialist departments with robust business processes operating and they may not yet be able to attract the right staff that guarantee reliable, consistent and high quality IT Services. Alternatively, if an IT company is too big they may not be able to give you the personal service that your business needs. I’ve seen examples of this over the years as growth hungry IT Companies move their focus from SME to Enterprise leaving swathes of SME customers in their wake receiving less than satisfactory levels of service as their focus shifts away from smaller businesses to higher value corporate clients. As an IT service company it’s difficult to service the SME market and Enterprise market at the same time because they are two very separate markets with differing needs. I’m not bashing the small guys here because I know what it’s like starting small and growing a business and besides we live in different times now. The number of IT service providers out there right now is way greater than it was 20 years ago especially at the smaller size company end.
Is there evidence of growth, progression and success?
The first thing you’ll want to see in a prospective partner is independent evidence of growth, progression and success and, ideally, this evidence might come in the form of recommendations from people that you know. Also, when did they start in business, what has been their growth path in recent years, have they won any industry awards, worked for and earned industry accreditations or received recognition for special achievements?
What is the split between technical staff on the road and service desk?
Your Outsourced IT Partner’s technical staff should be split at least 50:50 between service desk and field engineer. 90% of all IT problems can be resolved remotely and quickly so your Outsourced IT Partner should have a well-resourced service desk able to handle a large volume of calls efficiently.
Your account manager should be a senior person with plenty of experience, often it may be a company director, someone who will give you direction and advice and be there to deal with your questions and issues when they arise.
Evidence of management structure?
Within your ideal Outsourced IT Partner’s company you will also want to see evidence of a management structure. Management roles in areas such as sales management, operations management, service delivery and customer services should be filled with strong capable people. I’d also like to see a summary of experience and qualifications of key staff particularly ones that will deal with your site.
Ask the questions up front!
When you select a new Outsourced IT Partner the time to ask the questions is at the beginning. Once the questions and answers are done, the service level agreement complete and both parties set off on a new relationship then it’s like any other relationship. You have to get used to working together, there may be teething problems along the way, but if both parties are committed to the cause of working together through problems then both will get the best out of each other and reap the rewards of a successful relationship. You will have a great IT Partner and the IT Partner will have a great Customer and that’s the result we’re all looking for at the end of the day!
Top 20 questions that will leave no stone unturned!
So to help you choose the right Outsourced IT Partner I’m going to give you my top 20 questions, with some pointers, that will leave no stone unturned as you search for the right Outsourced IT Partner. These are the questions that I would ask prospective IT Partners. And remember you’re not just interviewing for someone to fix your computer you are looking for an Outsourced IT Partner, a company with people and processes that you trust to deliver the suite of services that you need to ensure that your business stays modern and is delivering value as you focus on pursuing your business goals. Of course it’s highly unlikely that you will invite these people to your office and put them through the grinder in a 2 hour interview. You certainly could do that if you wanted to and maybe you should. The reality is that much of this information will be gathered through desk research and informally from a variety of sources, web, sales documentation, referral and any remaining questions can be asked directly via email, over the phone and during that face to face meeting.
Good luck with your search!
TOP 20 QUESTIONS FOR PROSPECTIVE NEW OUTSOURCED IT PARTNERS!
1. What is the size of your company?
• Who owns the company?
• What is your company’s turnover?
• Who is your target market, SME or Enterprise?
• How many full time employees do you have?
• How many technical staff do you have?
• How many mobile field engineers do you have?
• How many service desk / helpdesk staff do you have?
2. What geographic regions do you cover?
• Where are your field engineers located?
• Where are your offices?
• Where is your HQ?
3. What kind of IT Support contracts do you offer?
• Pay as you go? Fixed price? Variable?
• Service Level Agreement which includes service desk and time on site? Fixed price, no risk.
• Or a combination of service desk and on site time billable? Variable cost, risk of higher bills.
• Regular onsite helpdesk visits? Bulk regular time on site?
• Managed services, where the provider proactively manages all aspects of your IT
4. What are your guaranteed response times?
• Is this a fix time or a response time?
• How quickly will you respond to a priority 1 call, 2 and 3…?
• What is your guaranteed on site response time?
• How does your service desk manage call priorities?
5. Who would be my dedicated account manager?
• Ask to see a summary of their experience and qualifications.
• How often will my account manager be in contact with me?
6. Who would be my dedicated engineer?
• Ask to see a summary of their experience and qualifications.
7. What standards are your technical staff trained to?
• What in-house training do your technical staff receive?
• What are minimum standard of technical qualifications for technical staff?
8. Who are your industry partners?
• What brands of hardware do you sell?
• What types of software do you sell?
• Who are the key partners you have accreditations with?
• Can I see copies of these accreditations / can you confirm they are current?
9. Do you have a detailed written process for logging and managing calls, cradle to grave?
• Ask to see this process.
• What call management system does your company use?
• Will I receive an email notification every time my company logs a call?
• Explain your call escalation process? Who do I contact when I have a problem that needs escalating?
10. If I change provider what steps will your company take to ensure that your company knows my systems inside out and will these steps be at your cost and not mine?
• Will your company do a site survey and document my site properly
• Who will be responsible for updating this documentation?
• Will the engineer attending my site be given time to familiarise himself in advance?
• Will I receive a copy of my site documentation?
11. What services can your company offer my business?
• Do you sell /support phone systems?
• Do you sell hardware/software?
• Do you do software development?
• Do you sell cloud services?
• Telecommunications services?
12. Does your Company do remote IT monitoring?
• What exactly do you monitor?
• Is this included in a support contract?
13. Will your company manage and monitor my backups?
• What is your company’s policy on backups and responsibility for data loss?
• How will you know when my backups have failed?
• How quickly will the problem by fixed?
• What priority does your company give to a backup problem, Priority 1?
• What is your approach to IT disaster recovery?
14. Are there any surprises in your IT Support contracts?
• What do your contracts cover?
• What do your contracts not cover?
15. Reporting: What regular reports will I receive from your company?
• Will I receive reports from engineers when they attend site?
• Will I receive reports about my companies call history?
• Will I receive regular reports about the health of my IT system?
• Will I receive regular reports about my backups?
• Will I receive a monthly statement of account?
16. What are your terms and conditions?
• Can I see a copy of general your terms and conditions?
• Can I see a sample copy of your service level agreement?
• What is your contract cancellation policy?
17. What will you charge me for over and above the contract fee?
• Service requests resolved remotely?
• Short administrative tasks resolved quickly?
• Password changes?
• Will you always tell me in advance if something is billable or not?
18. Can I pay for my IT contract monthly, quarterly, annually?
19. What happens if I want to cancel the contract and move to another provider?
• What is the notice period?
• Will the handover to a new provider be smooth?
• Will there be any issues with key username and passwords being handed over to me or a new IT provider?
20. Do you offer discounts?
• I want to extend the contract over 2 or 3 years will I get a discount?
• If I want more bulk engineer time on site will I get better rates?
• What is the hourly engineer rate for installation or service request work on site?
• What is the rate for remote engineer work for installation or service request?