Let’s face it: IT can be a little opaque. It’s a highly specialized field, evolving at lightspeed, with plenty of jargon to go around. What’s more, a lot of the important stuff happens out of sight, out of mind.
Take a restaurant owner for example. It’s easy to know if their bakery is doing a good job. The bread is delivered, and the quality and service can speak for themselves. Likewise, the restaurant owner can check in with their financial services team and see that their money is being handled in a professional way.
How does the restaurant owner know if their Managed IT Service is keeping their business protected? Well, it’s hard to see if you don’t know the right questions to ask. Since many businesses handle data much more sensitive than that of a restaurant, it’s that much more important to be asking the right questions.
And most importantly of all, your IT company should have the answers to these questions:
- How do you identify and classify sensitive data?
Data can be anything from client lists and financial information to a simple image file. You need to know what data you have so it can be sorted and protected effectively. Your Managed IT Services company should be able to scan your systems, categorize the data and create a plan based on their findings. This is important because it leads us to…
- What’s your access control and data monitoring plan?
Once you know what you have, you can decide who gets access to what. You might want your financial team to be able to access the books, and your sales team to access the CRM, but not vice-versa. Not only “who,” but questions of how, when, and where are also important when it comes to deciding how data is accessed. To tie it all together, your IT team should be able to monitor access to safeguard against improper use and ensure everything is running as it should.
- How do you handle data encryption and masking?
Data encryption and masking are essentially two ways of locking your data with a key. If someone steals your phone, they can’t get in without a fingerprint or PIN. This is a simplified metaphor for what’s happening with encryption and data masking. Even if a bad actor gets ahold of your data, they can’t access it.
- What’s your backup and disaster recovery plan?
Everyone needs a plan B, and if possible, a plan C. With so much of business reliant on technology, there’s always something that can go down and take part of your business with it. The stakes can range from an employee accidentally deleting a critical file, to a flood destroying important servers. An IT team worth its salt will have a plan in place to mitigate disaster and have you back up to speed as fast as possible.
- How do you handle secure data erasure?
You don’t need to keep everything forever. But just like old financial docs need to go into a shredder, sensitive data needs to be erased securely. The same tools that can recover lost data when a harddrive fails can be used against you to restore improperly erased data.
- How do we manage physical security?
All the technology solutions in the world can’t help you if someone can walk out of the building with a USB stick. Controlling physical access to different systems is an often-overlooked aspect of IT security. Just like access control for your data, it’s important to have a plan for who can access what hardware, when they can access it, and under what conditions. Should everyone be able to take home their laptops? Should employees be able to connect any external devices to their computers that they wish? These are questions for your IT team to consider.
- Can you provide employee training for best practices?
Unfortunately, people tend to be the weakest link when it comes to IT security. Like we said, it can be opaque and not every employee is going to be up to date on how to safely use technology. Training against falling victim to phishing attacks or clicking unsafe links are a few of the low-hanging fruit that every business can benefit from.
Got more IT questions? We got more IT answers. Contact amshot to set up a free consultation.