There are many to consider. Depending on your industry and the type of data you collect and store, some are more critical than others.
Home networks: Usually residential networks rely on consumer grade routers with no intrusion protection or advanced security services. In addition, they have other unsecure devices like IoT devices, games systems attached. They may offer weak WiFi protection as well.
All these open these networks to additional risk of attacks, often without any awareness.
Secure VPN Connections: These should be used in ALL cases where access back to a central office is needed. In most cases, connecting to the VPN will then filter traffic for that device though the corporate router.
Single-Sign On (SSO):
While cloud services can be a wonderful way to stay connected and access work, ensuring that it is secured is critical. Where possible, get as many cloud applications talking to a central identify provider. There are solutions for clients with and without servers. When a user is added or removed access is then updated accordingly across all systems. This method also allows you to maintain password rotation and other high-level security policies.
Employee vs Corporate devices:
What is your team computing on? If corporate owned and managed devices, then you can ensure those are secure and have your security solutions loaded. When staff begins to use their own devices, you lose control of security and risk your data being stored on devices you do not own or manage. Based on your industry, this can be a huge issue.
Remote working policies and procedures:
Does your team know what you expect and how to move forward? Most firms raced to work from home but spent little time on formally documenting expectations around data security and privacy risks. Take some time to meet and get everyone on the same page around how to work smart from home.
Social engineering attacks:
With more of your team working from home, its easier for attacks to seem more legitimate. Phishing attacks are on the rise as many have their guard down do to changed routines. Routine training and awareness about company procedures, especially around financial transactions and access to systems is a must. If your team is not using instant communications software to stay in touch, consider it as email is still the most effective conduit for attacks. Use phone calls, virtual meetings, or instant messaging to confirm critical actions.
Within the IT support industry there are no real standards in terms of what or how a company provides IT services. There are differing models such as break-fix, contracts, or hybrid offerings.
With 20+ years in the IT support space, we feel that the Managed Services approach works best for both client and provider alike.
Managed Service Providers (MSPs) exist to collect and manage an array of services and solutions for their clients. Within that designation, there can be a focus on vertical or niche industries.
What we have observed over the last two decades is that clients with an MSP are much better prepared for changes, have a higher security posture, and have better performing networks. To this end, that is our approach. Think of an MSP as your IT controller.
Questions you should ask a potential IT provider should include:
Most of all, find a provider you can trust, one that will act on your company’s best interests. As an example, our firm does not add margin to hardware or software sales. We are not here to upsell gear, instead we focus on our service relationship.