This post has been updated for accuracy in 2022.
Albany International Airport in New York was hit by ransomware over Christmas in 2019. The cause of the attack, which cost them five figures to settle, caught many by surprise.
The cause? The virus spread to the airport’s servers from the company they hired to help protect them— their IT support company.
As technology gets increasingly complex, it’s becoming more challenging and time-consuming to stay on top of best practices. Leveraging the latest technology drives innovation and business growth, but it comes with vulnerabilities you can’t afford to ignore.
Most people have basic knowledge surrounding cybersecurity practices (e.g., changing passwords frequently and creating backups), but a point is inevitably reached where everything isn’t as intuitive. This is where an employee can negligently put your entire organization at risk leading to significant downtime and an affected reputation.
That’s why companies looking to leverage cutting-edge technology securely commonly look for IT support as a solution.
But how do you choose an IT support company you can trust? Read on to find out.
What exactly does an IT support company do?
IT support providers help with day-to-day IT needs like troubleshooting, daily monitoring, and even advising you about the newest technologies that will suit your business. They also help you leverage the latest technologies while reducing costs associated with having an in-house IT team. Other times, IT support companies can help your in-house IT teams when they need assistance, such as during the holidays, or to free them up to work on more strategic initiatives like boosting your business’s efficiency.
In the past, businesses would keep IT teams solely in-house. Businesses would pay an IT professional a salary plus benefits, and they’d generally have IT support only Monday-Friday 8 am-5 pm. However, many companies have now switched to another model where they outsource to a specialized external company to handle their IT needs.
This allows companies to save money by paying an entire company about the same amount they would pay one IT professional while also being able to leverage the tools and IT staff the company has invested in.
Now keep in mind not all outsourced IT support services support you around the clock. When looking to outsource IT, it’s critical to differentiate between a managed IT model and a break/fix IT model.
Outsourcing IT support: Managed IT vs. Break/Fix IT
There are two popular ways to go about outsourcing IT support: Managed and break/fix. Let’s breakdown some of the main differences:
- Fees: With the break/fix model, you’ll pay an hourly fee plus a callout fee as problems arise. It’s sort of similar to insurance in that it could save you money if you don’t run into many issues, but if things happen to go wrong and you have to do many callouts, costs can skyrocket. With managed IT, you pay a predictable ongoing monthly fee (often per user), making it easier to budget.
- Contract: With managed IT, you enter a contract, which can be seen as a positive thing for some companies as it provides predictable costs, reliable performance and availability. Break/fix, on the other hand, doesn’t require signing a contract and your experience can vary widely.
- Preventative maintenance: Due to the short-term nature of break/fix, it doesn’t have a large preventative factor to it as opposed to managed IT, which does.
- Business model: When you hire a managed service provider (MSP), you’re partnering together. Your success is their success, so they have a vested interest in giving you the best recommendations. Although many break/fix model companies have good intentions, it’s sometimes been a point of conflict that companies with that type of model make money from your technology struggling. With managed IT, your service provider’s financial incentive for you not to have problems.
Break/fix is considered a legacy model of outsourcing. Managed IT evolved out of traditional outsourcing and is considered more holistic. Now that you know more about your options let’s talk about what to look for when choosing an IT support company in your area.
Interested in IT support? Here are 5 factors to consider:
Choosing a service provider to help with your IT requires doing your due diligence and vetting them on several factors. Here are some things to consider when looking for an IT support business:
As you decide on an IT support company, you’ll come across a few different price models, including some that are unnecessarily complex to understand.
If the company’s pricing is too vague, that’s a factor to consider in itself. Any good partnership begins with trust and having each other’s best interests in mind. Regulators in several industries, such as healthcare and finance, have recently started challenging pricing models because of a lack of transparency. Lack of transparency can lead to misinformed decisions.
You want to search for an easy to understand billing model which allows you to compare your IT spend to the true business value that your managed service provider(MSP) is enabling your technology to deliver. One key question to ask of prospective vendors “is how will their service fees scale as your business expands”.
2) Services and features provided
When searching for the best service provider, you want a provider who’s capable of offering a suite of services and solutions for your specific goals and objectives.
Most MSPs offer prevention and detection solutions, including firewalls, upgrading networks, anti-malware software, and AI-enabled next-generation security software, but there’s a third component you should be aware of— what sort of adaptation solutions do they offer?
Even the US government is not safe from cyber-attacks, so every company must acknowledge that no provider can entirely guarantee there won’t be a security threat. That’s why the MSP you choose must offer a cybersecurity & risk management strategy.
Even basic solutions surrounding security threat adaptation can save your organization a significant amount of money. According to the Ponemon Institute, testing the Incident Response (IR) plan saved organizations about $2 million in total costs associated with a data breach during 2020. You want to make sure your MSP offers adaptation services.
Other services or factors to consider are the following:
- Remote work: Will they help your organization transition to and from remote working effortlessly? Due to the pandemic, this has become an increasingly popular service by MSPs; however, some still choose to charge extra for this added support.
- Best practices framework: Does the provider have a framework of technology best practices that they will recommend to you? Can they help you identify ways to make your business more efficient by adopting technology solutions?
- Customized training: Does the provider offer custom training for your staff? What does it include?
- Hybrid Cloud Strategy: If you’re considering cloud hosting, VoIP services, and similar services through your MSP, server location is a significant factor to take into consideration. Distance from the server can have a direct impact on the quality of your service. How will the service provider implement a hybrid cloud strategy to support your applications and needs?
- Routine services: How do they manage security, maintenance, and support activities? Does it meet your needs?
- SLA (Service Level Agreement): This is a contract provided by managed service providers that outline responsibilities and requirements. This helps set expectations for both you and them. Make sure to read it thoroughly before signing.
In a letter to his SpaceX team in May 2010, Elon Musk banned the use of jargon and acronyms among his employees because he saw it as a significant impediment to communication and growth. It’s easy for IT professionals to forget that not everyone knows what GUI or “gooey” means.
Your service provider should be able to effectively communicate to you how assets like Microsoft 365 and Azure will be implemented and how you’ll be able to leverage the full benefits of these solutions today and in the long-term to improve collaboration and productivity. You need a service provider that aligns your IT strategy to your business objectives while also developing measurable outcomes you can understand.
So when searching for a provider, call their helpdesk to see how they communicate. Evaluate their service. Many IT support companies don’t use jargon on purpose to confuse you, but it can be a sign of a less experienced service provider.
Other questions to ask regarding communication:
Some other aspects of communication you want to vet for are the logistics of how you and the service provider will communicate.
- Do you need to log a ticket in first?
- Are you limited to the number of tickets you can log per month?
- Is a help desk operator available to your employees 24/7?
- If not, do they offer 24/7 support through other mediums?
- Are they accessible through all the major channels like email, phone, web chat and onsite?
- In the case that you need them to come onsite, how long would it take?
- Can they offer guaranteed response times?
The right questions will help you decide if you can rely on the IT support company when you most need them.
4) Break-fix or proactive management
Traditional IT support companies used a break-fix model approach where you’d wait for something to break, then get in touch with IT support. The problem is that nowadays, things are getting increasingly competitive. This can be incredibly costly when you consider all the downtime.
Time is money when it comes to unnecessary downtime. In a report published in 2020, the average cost for one hour of an enterprise server being down could mean between $301,000 and $400,000 according to 25% of the respondents. You know how the old saying goes — an ounce of prevention is worth a pound of cure— and this especially rings true when it comes to IT support.
Technicians aren’t always readily available on a break/fix model, while the clients on managed IT contracts are given preferential treatment. Moreover, a credible managed It provider implements fixes before the fact with proactive maintenance, upgrades and monitoring of IT systems. How will your service provider provide proactive rather than reactive support?
5) Credibility: security & regulations
No one ever expects to get attacked by ransomware or phishing attacks through their MSP, but unfortunately, MSPs have become a popular target. So much so that the United States secret service released a document warning about the increased hack attacks on managed service providers.
Adhering to regulations like GDPR and other laws, especially HIPAA, can seem like a burden at first, but remember these regulations are there to prevent costly data breaches. These regulations are made to standardize security practices to protect your business and your customers.
- Is the company you’re considering well aware of these regulations?
- Are they equipped to make sure both you and their vendors are compliant?
- If you’re in a regulated field like healthcare, finances, or legal, do they have experience dealing with certain regulations in your field?
It’s easy to think you’re immune to data sovereignty until it happens to you. Recently, Twitter was fined about $546,000 for breaking EU privacy law and it was found to be done out of negligence.
This is a significant reason why it’s essential to vet possible providers for credibility.
Questions to vet credibility:
- How do they vet their employees?
- Who is the provider affiliated with?
- Are they partners with any of the major companies like Cisco, Microsoft or Google?
- What other partners do they have? What certifications do they hold?
- How long has the company been around?
- Do they have proven success with past clients?
- What do their current customers say about them?
- Do they test their incident response plan?
- Do they test their disaster recovery plan?
- How do they deal with a security breach?
- Do they try to figure out how breaches happened in the first place and offer awareness training (root cause analysis)?
Companies who have experienced software like Microsoft Teams or Amazon Web Services’ (AWS) benefits to the fullest know technology’s power to boost collaboration and efficiency. Leverage an IT support company and the tools they’ve invested in so that your team can be equipped to stay ahead of the technological curve.
Are you looking to move to a managed IT model or to switch from another MSP?
Contact Ampersand for a no-obligation conversation to see how we might be able to help you.