Business IT 101
Business IT 101 is your go-to resource for learning the fundamentals of technology every small and mid-sized business needs. From understanding IT support basics and cybersecurity essentials to preventing downtime and protecting your data, these guides are designed to help business owners make smarter technology decisions.
IT monitoring isn’t only for tech companies. Manufacturers might focus on their machinery, but their networking equipment is equally important for smooth productivity. Servers control user permissions and access controls. Network equipment gives technicians remote access to machinery, and infrastructure for software control manufacturing activities. All these systems must be monitored to detect any issues before they impact production, and the right managed service provider (MSP) can help. Why Cybersecurity Monitoring is Important In Verizon’s Data Breach Investigations Report, cyber-threat intelligence researchers saw a stark increase in manufacturing targets between 2023 and 2024. Ransomware was the primary payload with 44% of data breaches involving ransomware in 2024. The most significant attack vector was the human element, meaning most attackers delivered their ransomware payload using phishing or social engineering to trick employees into taking action. A good example of this recent cybersecurity trend is in the September 2024 ransomware attack on Kawasaki Motors Europe. The attack came from a well-known ransomware group named RansomHub. As with any other ransomware attack, Kawasaki files were encrypted and held ransom. Instead of paying the cyber-criminals, Kawasaki declined. In retaliation, RansomHub leaked 487GB of stolen data. Operations were temporarily halted for a little over a week, which means the data breach affected the manufacturer’s productivity and likely cost them millions in the process. Manufacturers spend millions in monitoring systems and IoT for their machinery, but monitoring IT equipment is just as important. Most cyber-criminal groups target businesses where cybersecurity is commonly lacking. Even when businesses set up cybersecurity infrastructure, they often forget to integrate monitoring to ensure that threats are caught quickly. Intrusion detection and intrusion prevention are necessary to stop interruptions in manufacturing, supply chain, and protection of your manufactured product. Monitoring Infrastructure Health Cybersecurity isn’t the only reason to monitor your environment. The health of your infrastructure is also important to ensure that the environment continues to be productive. For example, if a server’s CPU is overheating, it could crash unexpectedly bringing down all users and workstations relying on it for productivity. Let’s say that you have a server in an environment a bit too hot for the equipment. The heat could slowly cause issues with your infrastructure hardware. Monitoring the environment for any unexpected errors including the internal heat of the CPU tells you that the environment needs cooling. If you don’t have monitoring systems in place to detect errors from heat, you could have servers that will eventually crash. Unexpected crashes lead to extensive downtime between troubleshooting and replacing any damaged hardware. Monitoring the environment also detects any strange behavior or errors in an application. Errors in an application present several issues. First, users are frustrated when they can’t use business software as intended. Second, application errors also cause issues with data integrity. When data isn’t processed properly, it can cause data corruption, errors with orders, mistakes in shipping and customer service, and any number of service problems. Resource Usage Monitoring Resource usage must also be monitored to prevent users from exhausting available infrastructure. For example, data storage eventually runs out, but you won’t know if there is nothing monitoring storage capacity. Monitoring resources also covers CPU usage, memory issues, or any other number of exhausted resources that impacts performance. Small performance issues might seem negligible at first, but accumulated performance degradation eventually impacts users and productivity. Slow applications slow down data processing, which slows down productivity like orders, shipping, customer service, financial activity, and any other number of employee actions reliant on your infrastructure. Servers aren’t the only infrastructure that needs monitoring. Other networking equipment must be monitored. Switches, routers, workstations, application servers, and cloud resources should be monitored for any anomalies. Cloud infrastructure often has native tools to monitor it, but you still need a reliable service provider to watch for alerts and respond to any critical notifications. The Cost of Downtime Monitoring for all the possible issues that could affect infrastructure lets your managed service provider remediate any problems before they cause downtime. Manufacturers know the value of uptime, but they often focus on their machinery without integrating infrastructure monitoring. Without monitoring, a manufacturer could suffer from downtime. Downtime is costly whether you have a small manufacturing plant or a large global business that supports customers around the world. Infrastructure downtime affects multiple locations, not just the location where the downtime occurs. Even for small manufacturers, the cost of downtime can be thousands of dollars an hour. For large manufacturers, the cost can be seven figures. Add more money to downtime costs when it involves a cybersecurity event. Cybersecurity events require mandatory downtime to contain the threat. After the threat is contained, a professional must investigate and save evidence for law enforcement. Then, eradication of the threat also requires professionals. Litigation, customer reparations, and brand damage also affect costs. For manufacturers, losing just one large customer impacts revenue long-term. All costs from downtime add up, and it can put small manufacturers into bankruptcy. Costs can be mitigated with proper monitoring. You can’t eliminate repairs to equipment or changes to the environment when they are necessary, but making changes before issues cause downtime can greatly reduce costs. Where to Get Started You don’t need more local staff to manage monitoring your environment. A good managed service provider can help you avoid any productivity downtime from infrastructure errors. Your MSP will install monitoring across all locations and respond to any cybersecurity incidents, repair damaged infrastructure, and configure applications to avoid errors. Find out if your environment could be at risk with a three-minute IT health check. To find out what Corporate Technologies can do for your manufacturing business, contact us. FAQs
Cybersecurity isn’t the sole responsibility of IT. Good cybersecurity is a collaborative effort between IT staff, managers, and employees. If you’re a manager overseeing multiple staff members, it’s your responsibility to ensure that your people understand corporate cybersecurity policies. Cybersecurity staff can set up policies and simulations to test human vulnerabilities, but they can’t enforce policies without your help. Here are a few ways you can help protect corporate assets within your department. Help Users with Phishing Detection It’s not a matter of “if” your company is targeted by phishing. It’s a matter of “when.” Your users should know what to look for when they read and respond to email messages. A good managed service provider (MSP) should offer email filtering to stop malicious messages, but it’s possible that the solution returns a false negative. In the unlikely event that an email slips through, users should know to ask questions rather than act without hesitation. Your MSP can perform phishing simulation attacks where users are flagged for interacting with a phishing email. As a manager, you can help guide your users through phishing identification. Here are some phishing red flags: While a good email filtering solution should block many of these messages, users are your last line of defense. Educating them on common phishing scams will empower them to recognize a phishing email from a legitimate message. Practice Password Protection Users with elevated permissions are more valuable to cyber-criminals, but attackers also target low-privileged users and launch lateral moves to elevate their privileges using a series of phishing and malicious executables. Keeping credentials private ties in with avoiding a phishing attack, but users should also avoid malicious websites, use cryptographically secure passwords, and rotate their passwords regularly. IT staff can force users to change their passwords every month or two, and they can force users to create a cryptographically secure password, but they can’t stop users from entering their credentials on malicious websites, especially if users do it on their personal computers. As a manager, you can train your employees to be wary about entering sensitive data into unknown sites. A good example is phishing pages made to look like SSO (single sign-on) pages. For example, suppose your organization uses Google Workspace as its provider, and users authenticate using a Google login page. Scammers use pages that look like the standard Google login prompt to trick users into entering their credentials. If you don’t have two-factor authentication (2FA) enabled, users have just given cyber-criminals access to their corporate account. Users should be encouraged to look at the domain before entering credentials. Phishing domains often have the official brand in the name with added words or letters to make it look official, or they own a domain with a slight misspelling. Instead of clicking links and authenticating, type the official domain in your browser and authenticate there. Here are a few protection steps users can follow: Be Suspicious of Calls Asking for Money or Credentials Along with phishing, social engineering is also an effective way for cyber-criminals to steal data or money. Social engineering is paired with phishing in more sophisticated attacks. Users might first receive an email and then a followup call to get an immediate response. These sophisticated attacks often ask for money transfers, so they target financial employees. Users should stop and verify rather than allow the caller to rush them into making any rash decisions. As a manager, you can train your employees to follow procedures regardless of the caller’s urgency. With AI, employees should also be aware that callers could use AI to sound like someone familiar, like the CEO or an employee’s boss. Train your employees to always ask and verify, especially when the caller is making an unusual request. Suggested Read: What is Hashing In Cybersecurity? Leave Unknown USB Devices Alone Here is a tip many experts forget to tell employees – don’t insert unknown USB flash drives into a corporate computer. Starting around 2023, cyber-criminals began increasing their use of USB drives and building malware specific for flash drives. Criminals might place the USB drive in a place commonly frequented by your employees or somewhere next to your office building. When the employee inserts the USB into their computer, the malware is programmed to automatically load. By this time, it’s too late unless you have great antivirus software that catches it. Antivirus can’t catch every attack, so it’s possible that the malware executes and delivers its payload. The payload could be a trojan, a rootkit, ransomware, or any number of malicious payloads. As a manager, you should also be aware of the dangers of malicious flash drives. Don’t put them in office workstations. If one is found onsite, ask IT to look into it or wait for someone in security to analyze it. Direct Cybersecurity Questions to Professionals If you’re the manager of a small business, it can be hard to deal with IT concerns as well as handle your own work-related productivity. Instead of handling cybersecurity, a managed service provider will take care of the IT helpdesk, employee questions, cybersecurity infrastructure, and protecting your data. You still need to help educate employees, but an MSP can also help with the right education tools, simulations, and documentation. If managing cybersecurity is getting too overwhelming for you, see what Corporate Technologies can do to lessen your workload and bring your business to where it needs to be. Contact us today. FAQs Download the Cybersecurity & Managed IT Services case study for an HVAC & Plumbing Contractor (PDF)
At some point, your law firm will have IT questions, whether it’s because of a workstation error or some kind of connectivity issue to the internet. One of the most beneficial ways you can save productivity time is by contracting with a managed help desk to help your users get quick access to answers to their IT problems. The dedicated help desk also saves time for your local onsite support, especially if you’re a small law firm relying on another staff member to answer questions. Why Downtime is So Costly for Law Firms Without access to critical systems, your law firm could lose thousands every hour. One attorney might charge $500 per hour and up to $1,000 per hour (realistically, attorneys charge anywhere from $150 to $1,000 per hour). Attorney rates vary, especially by state, but some technical downtime affects the entire office, putting multiple costly attorneys in a place where they can no longer work on their cases. Let’s say you have only 5 attorneys working at $500 per hour. The downtime would be $2,500 per hour, and a daily loss of $20,000 (assuming 8 hours of productivity). The cost of lost productivity is significant for small law firms and even more devastating to revenue for large law firms. Most case management and government applications work in the cloud, so you need internet connectivity and a working internal environment to stay productive. Having a help desk and managed service provider for any IT issue will lower the risks of downtime. When you only have a few attorneys on staff, it might seem insignificant, but as you grow to 10, 20, or 100 staff members, stable environments are a must. Large law firms could lose up to seven figures a day in downtime with enough staff left unable to manage their clients and cases. What a Managed Help Desk Provides Instead of relying on another attorney to answer IT questions and struggling to resume productivity, a managed help desk provides you with dedicated support professionals with experience in common IT issues. Even the simplest of issues can be overwhelming for someone inexperienced with infrastructure and help desk support alleviates this stress. For example, suppose that your entire office loses connectivity to the internet. Your ISP tells you that the downtime is not coming from their end. ISP support will only manage the router from your office to the ISP, so you need to figure out why the network is down. In many cases, this could be a Wi-Fi router issue or a damaged internal switch. A simple reboot could fix the problem, or you might need to reconfigure the router for better connectivity strength. Instead of relying on someone to take hours to figure out the problem, an experienced help desk person can more quickly identify the issue and walk you through configurations, saving time on recovery. A few benefits you get with managed IT services: How Managed IT Services Ensure Case Management Software Runs Smoothly Managed IT services are more than putting out fires. They also help you stay proactive with your hardware and software. For example, keeping your software updated and installing antivirus software on all staff devices is a proactive way to avoid data breaches and malware. Both these tasks take time from normal productivity and often require a dedicated IT staff for larger law firms. A managed service provider –including help desk services– performs these tasks in collaboration with your onsite staff to keep your case management software working smoothly. Your managed service provider also has service level agreements (SLAs) that they must adhere to. The number of hours –sometimes minutes– for a response depends on the severity of the issue. For example, if your whole office can’t access the internet and can’t work, this might be a tier 1 severity, meaning a response is necessary within 30 minutes (for example). The provider will then give you an estimated time of resolution, which would be a priority for them. A lower-level severity that does not interfere with productivity would have a longer timeframe for contact and recovery. SLAs are invaluable to any law firm that needs dedicated support for any critical downtime to limit monetary damage and revenue loss. Predictable Costs and Scalability of a Managed Help Desk As with most businesses, the idea of having a managed help desk might sound like an unnecessary expense. Good managed service providers will give you estimated costs so that IT support stays within your budget. Costs are often calculated per seat and the nature of your environment. This gives you a set flat-rate cost to include in your budget, and businesses can scale IT costs as the law firm grows. Corporate Technologies makes it easy for you to determine costs. You can use our managed IT services calculator to estimate your monthly IT budget. You aren’t limited to remote support either. You can add on-site IT support if you’re limited on staff and need someone to help scale infrastructure or prefer a hands-on approach to support. Knowing your future IT costs is essential for budgeting, and any good managed service provider will mold a contract to fit your budget, expectations, and scalability. Also Read: Cybersecurity Policies for Small Businesses To determine if having an outsourced IT help desk is worth it, ask yourself these questions: How Can You Get Started with a Reliable Managed Help Desk? If you answered yes to any of the above questions, you should be looking for IT support. Local staff is expensive, and each IT professional has their own set of skills and experience. With a managed service provider, you get several professionals with experience in several different fields to help support your law firm. To find out how Corporate Technologies can help you, contact us today. FAQs
Even if you don’t consider yourself a target, small businesses should always have a cybersecurity policy in place. It’s common for small businesses to think that they’re too small to be targets, but they are actually primary targets for cyber-criminals. Many of today’s sophisticated attacks involve coordinated groups of hackers that know small businesses don’t have the staff or resources to stop them. Small businesses can fight back, though, with some basic cybersecurity policies to lower their risks of being the next data breach victim. Authorized Access to Data Only If It’s Necessary It’s easy to grant every employee access to everything to avoid hassles, but this gives an attacker with stolen credentials unfettered access to all your systems without any barriers. Once an attacker gains access to credentials or tricks an employee into installing malware on their local machine, the attacker can then laterally move throughout the network, stealing data without security obstacles. You can minimize a data breach by giving employees access to only the data necessary to perform their job functions. This approach is called the “principle of least privilege,” and it’s recommended by the National Institute of Standards and Technology (NIST). Let’s say an attacker does steal credentials from an employee, but you’ve followed the privilege of least principle. An attacker would be limited to only the data authorized with the stolen credentials. This strategy does not stop an attacker entirely, but it limits damage. It’s important to note that attackers will likely try to elevate privileges using a variety of exploits and phishing via impersonation, but this creates a hurdle for them. Cybersecurity is built in layers, and limiting data access is one layer of many. A few ways you can better manage user accounts: Disable Unused Accounts After an Employee Leaves Let’s say that you have a system available for employees over the internet. They must authenticate with their business credentials. You might already have two-factor authentication (2FA) installed. These security provisions are rendered useless if you don’t disable accounts when an employee is no longer employed. This lack of action leaves your organization vulnerable to insider threats, which are even more difficult to detect since the ex-employee is using valid credentials. You probably need to retrieve email and data from the ex-employee’s account, so the proper way to manage this risk is to disable the account, not delete it. Disabling the account stops the ex-employee from authenticating in your systems, but it gives you time to collect data and retrieve old email messages to hand off to the next person in charge. You can disable the account yourself or have your IT staff disable it, but you’ll need to do it immediately to minimize risks. A few ways you can ensure account closures: Require Antivirus on All Devices Connected to the Network You might allow employees to connect to the network from their own devices. For example, they might connect to Wi-Fi from their smartphones to make calls or access the internet. Employee laptops might be used to connect to the network and take work home with them. While these are excellent ways to boost productivity, they also open up vulnerabilities and increase your attack surface. Should an attacker gain access to an employee’s personal device, the malware installed could then access your network data. Part of your bring-your-own-device (BYOD) policy should be the requirement of antivirus. Antivirus policies should extend to local business devices, also, but small business owners often forget about the threats that might come with personal device connections. Ensure that users have antivirus on mobile devices, and take it a step further by ensuring that any software installed on their devices has the latest security patches. Daily Backups of Data The most secure environments still have their own incidents (Incident Response Plan), but backups reduce the permanent damage done from malware and give you quicker recovery routes. Backups also need to be in a secure environment, and you should follow the 3-2-1 rule to avoid failures. The 3-2-1 rule states: To explain this better, suppose that you have a copy of all the files on drive E. Every night, you make a backup of drive E and store it to a NAS (Network Attached Storage). You should also store a copy on another disk, or if the backups are too large, use cloud storage. The cloud storage route would cover the last rule, which states that a copy should be off-site. The off-site copy is intended for catastrophes like fire or flooding at your office. Having multiple copies also avoids issues with corruption of one copy or should one of your backup disks fail. If one copy is corrupted, you can always restore data from one of the others. Also read: Signs Your Business Has Outgrown Break-Fix IT Email Security Phishing has long been a primary attack vector. The types of phishing attacks are too many for this article, but they come in several forms: You can train employees to recognize the signs, but it still leaves you open to human error. Employee security training is beneficial, but it should be a secondary security layer to email filters. Email filters block suspicious emails that come from known phishing and spam domains. More advanced filters use a combination of artificial intelligence, machine learning, and threat intelligence. Your email provider should have security installed, or you can ask your managed service provider (MSP) to install it for you. Chances are that email security is included with your MSP offer. Case Study: Cybersecurity & Managed IT Services for HVAC & Plumbing Co Managed Service Providers Help with All These Policies and More These top 5 cybersecurity policies are but a few of the layers of protection you should implement. The entire world of cybersecurity is a game of cat-and-mouse, so it can be difficult for a business owner to keep up with the changes. One day you’re protected, and the next day your business software has a known vulnerability, leaving you
Small businesses can usually get by with just a “fix it when it breaks” mentality, but scalable IT infrastructure requires a proactive approach. You need hardware capable of handling busy seasons, and you need software that allows for employee productivity without being a hindrance. If both these things are constantly breaking, it’s time to consider a professional approach to your IT. Professional buildouts might have a higher cost upfront, but the savings from productivity loss, angry customers, delays, and downtime are much bigger in the long run. Here are some signs that it’s time to seek out a provider that can help manage, update, scale, and monitor your critical applications. Excessive Downtime Impacts Productivity “Excessive” is relative, but you know when your IT infrastructure fails too much. If your employees have to ask for help for the same issue several times a week, it likely impacts their productivity. Let’s say that Wi-Fi constantly goes down, and you reboot the router to fix the problem. It’s a simple fix, but rebooting a router brings all devices down, including any software or hardware that continually connects to the internet. An IT issue that continually happens with a simple fix but one that interferes with productivity is never the answer. The answer is to figure out the root cause of the problem and have it professionally remediated. Remediation could be anything like: Added Infrastructure is Hacked Together Instead of Meticulously Designed Let’s say you have a small business and host all your hardware on-premise. Do you add the server in a random room with wireless connectivity to a Wi-Fi router? Some businesses even put servers in the lunchroom! It’s a quick fix to solve a scalability problem, but as you can imagine, it’s not a permanent yet alone an optimized solution. A random room leaves hardware open to theft or accidental damage. You might use cloud computing, but even cloud technology can be deployed in a way that doesn’t optimize resources or IT costs. Deploying any valuable resource requires planning, even if the planning is a simple layout to determine physical location of the server and how it will be monitored. In many of these scenarios, the server is improperly configured and isn’t monitored for threats. Computer hardware also requires optimal temperatures, ideally between 65F and 70F, so leaving equipment in a random room can reduce its life expectancy. A few issues you might run into: Keeping IT Compliant is Beyond Your Skillset Compliance should always be a consideration when building an IT environment, but it takes a professional to know how to do it. An inexperienced person could easily miss a configuration or miss important components in an IT design. Some compliance regulations require software setup, like monitoring of the environment or auditing records every time a user accesses them. Regulations are especially strict around personally identifiable information (PII), financial data, and healthcare records. For example, a violation of PCI-DSS –regulations overseeing payment information– can cost $5000 to $100,000 in fines depending on your business and the severity of the violation. An SMB could be put out of business if they suffer from a data breach. Compliance is a huge topic that often requires a professional, but here are a few common requirements you might need help with: You Need Additional Infrastructure to Scale, But Don’t Know What to Deploy When you only have a few people on desktop computers, you might be able to set up an environment yourself. When you get bigger and need more desktops, servers, software, and cybersecurity, it gets much more difficult to manage unless you have experience in IT. It can also limit your ability to scale your infrastructure as your business grows. In IT the saying “you don’t know what you don’t know” is true. You might think you have everything configured with cybersecurity in place, but it’s common for businesses to overlook vulnerabilities. It only takes once for a data breach to cost six or seven figures in litigation, incident response, reputation loss, and compliance violations. A common thought is that an SMB isn’t big enough to be a target, and that’s not true. As a matter of fact, cyber-criminals prefer SMBs for the lack of advanced cybersecurity protections. As you grow, you need software to make your business more productive. Professionals can steer you in the right direction. Here are a few reasons you might need a professional as your business grows: Unnecessary IT Spending When you don’t have professionals deploying infrastructure, you might have unnecessary spending. Optimizing your costs is another area where IT professionals can save you money and frustrations. For example, you might have cloud infrastructure that costs more than you need to spend. It’s common for businesses to have unused IT in the cloud that can be retired. Legacy cloud infrastructure can also cost more than using newer technologies. For SMBs, optimizing costs can be a huge benefit. It’s possible to save thousands in unnecessary spending, especially if you’re unfamiliar with cloud computing. Here are a few more ways professionals can help with IT costs: Where to Go From Here? If you find yourself overwhelmed with IT support or continue to have problems with your infrastructure, it’s time to consider a professional managed IT service provider. A professional MSP like Corporate Technologies can create a secure, scalable IT environment that won’t inhibit your productivity. To get started with your IT infrastructure, contact us today.
Every growing small business goes through IT struggles eventually. If you don’t have the right people and infrastructure in place, your software and hardware could be a bottleneck for business productivity. For many small businesses, this means it’s time to search for professionals to evaluate what you have now and determine what you need to scale for the future. It takes a lot of time and money to change infrastructure, so you need professionals who can architect a design that not only provides current support but also gives you the ability to scale as your business grows. If you search for IT support, you’ll find several managed service providers (MSPs) offering all types of bundles, plans, and subscriptions. Small businesses unfamiliar with the IT landscape can soon be overwhelmed by options. We put together 10 questions you should ask an MSP before you sign a contract. Some questions might be obvious (e.g., “What services do you offer?” or “How much is the cost?”), so we put together questions that you might not have already thought of. 1. What is Your Service Level Agreement? A Service Level Agreement (SLA) is a promise to respond and remediate issues within a set amount of time. Usually, a response is set based on the type of issue, and issues are categorized by severity. For example, an outage of critical infrastructure might be a tier 1 and have an SLA of 15 minutes response time with a small window for remediation, promising to get your business productive in the least amount of time. A lower-priority issue might have a longer response time, with several days for the MSP to remediate. 2. Do You Support Patch Maintenance Patch maintenance keeps all your software and firmware (software for your hardware) up to date. Outdated infrastructure leaves you open to known vulnerabilities, and it can be a source of serious data breaches. For example, the infamous Equifax data breach, where private information for 148 million Americans was stolen, stemmed from outdated software. Servers were breached after a known vulnerability remained unpatched for only a couple of months after the vulnerability was made public. You need software updated, especially if it’s a patch for a security vulnerability. 3. Do You Follow Compliance Regulations? If you have a business under compliance regulations (e.g., HIPAA, FINRA, CCPA, SOX, PCI-DSS), it’s critical that you hire an MSP with a firm grasp of requirements. Infrastructure must be configured and deployed in certain ways to avoid hefty fines. Your MSP will guide you in the right direction. For example, healthcare data must be stored in encrypted form even on mobile devices, so you need an MSP that can configure your hardware to ensure that you follow HIPAA compliance. 4. What Hours is Tech Support Available? You might think that you won’t need support during closed business hours, but what if your website suffers an outage in the middle of the night? What happens if a server fails, and that server is necessary for productivity in the morning? You need a help desk line to call. Ask an MSP what kind of off-hours support they offer, including holidays and weekends. 5. What Kind of Incident Response Do You Offer? Incident response is the process of detection, containment, and eradication of a threat. The faster your incident response, the less damage a threat can do to your data. Incident response is a crucial step in dealing with a data breach, so make sure you have an MSP educated and experienced in protecting your data. They might also offer a collection of evidence if you need to report the incident to law enforcement. 6. Do You Offer Disaster Recovery? Disaster recovery is a step in incident response. It’s the last step after a threat is eradicated from your network. After a threat is eradicated, you need a professional to restore your data and infrastructure to operational status. MSPs will create a disaster recovery plan and help restore data after an incident. You want an MSP that can ensure the lowest amount of downtime with as little data loss as possible so that you can return to productivity. Disaster recovery services often include backup, so ask the vendor what types of backups they perform to safeguard your data. 7. Do You Offer Security Awareness Training to Staff? Phishing and social engineering are primary attack vectors for cyber-criminals. They’re incredibly effective on unaware employees. Not every MSP offers security awareness training, but you should ask if they do and take advantage of the offer. Cybersecurity training is one way to lower human error and email-based data breaches, including ransomware. 8. Does Your Service Include Monitoring and Detection? How do you know your network is compromised if you don’t have monitoring in place? Some compliance regulations require you to have monitoring installed. An MSP should have monitoring included with their cybersecurity to reduce the amount of time a threat can persist in your business environment. Monitoring might also include the detection of failed hardware or hardware that might not be configured properly. Ask an MSP what type of monitoring is included with your coverage. 9. Am I Tied to Any Vendor with Your Infrastructure Deployment? It’s possible that an MSP might set up a cloud-based environment for you. You should know if you’re being tied to any particular vendor. Most corporations are tied to a vendor, but should you take over support for the cloud environment, you need to know if it’s AWS, Azure, Google Cloud or another vendor. If you want to change vendors, it could be difficult to switch especially if you’re integrated with proprietary cloud applications. Ask the vendor which cloud provider will be set up so that you are familiar with their applications. Also, a cloud vendor has their own SLAs that you can review. 10. Does Service Include Onsite Management? Most IT-specific service can be done remotely, but some MSPs offer onsite service too. If you have local hardware, an MSP might offer onsite