Background
An SME can believe “the IT company has it covered” when in reality no one is challenging the quality of the setup.
Questions to ask yourself
- What exactly is our IT supplier responsible for — support, or security?
- Do they test backups, or only check they ran?
- Do they tell us about risks, or only respond to problems?
- Could we move away from them easily?
- Do they own any of our domains, accounts, or master passwords?
What you can do today
Audit your supplier in 30 minutes
Three free questions.
- 01Reread the SLA. Search for security and backup. If they aren't there, that work isn't their job.
- 02Email your supplier: “What three risks are you actively managing for me?” Specific answers (e.g. “your Server 2016 is approaching end of life in 2027, here's our plan”) mean they're running your risk. Vague answers mean tickets.
- 03Find out who legally owns your domain name, DNS, and Microsoft 365 / Google global admin account.