Common Business IT Questions Answered
Finding the right IT support services for your business is difficult, so we pulled together the most common business IT questions and provided some answers. These are general, of course, and your business needs are very specific. Just contact our experts to discuss your business IT needs. In the meantime, we think you will find these business IT questions and answers helpful.
IT FAQs & Answers
Outsourcing is when you fulfill a function with an external resource instead of an internal team or staff member. You can approach the outsourcing of IT services in a few different ways.
When you hire a vendor or contractor to take on a specific IT project or component such as a cloud migration that is an IT project. Or you could outsource for an after-hours help desk or a set number of support hours per month. These “break-fix” solutions are designed to fix a problem or fill a specific need, but they are not proactively serving the IT and cyber security needs of your business.
When you use a managed service provider to outsource your IT support, you get a more encompassing solution. It includes not only a help desk and project expertise, but also actively works to keep your network problem-free. Outsourcing to an MSP gives you a highly efficient IT team that works literally constantly to prevent breaks or breaches from happening, allowing your business to complete its goals seamlessly.
Not only do MSPs provide 24/7/365 coverage, they also keep abreast of the latest IT. You have the benefit of an entire team of IT experts and cyber security specialists. Tapping into this team approach typically costs less per month than hiring in-house staff.
IT help desk outsourcing is when you hire an external vendor to provide 24/7/365 tech support for your team as a standalone service. Managed service providers (MSPs) offer help desk services as part of their comprehensive solution. But when the term “IT help desk outsourcing” is used, it typically refers to only help desk support.
The staff who work the help desk will take calls (or chats or tickets) and do their best to fix the immediate problem of the user. IT help desk support services usually include:
- Running diagnostics.
- Escalating the issue to someone with higher levels of expertise.
- Installing, repairing and/or making changes to computer hardware and software.
- Follow-up with customers to ensure issues are resolved.
If you use a managed service provider instead for your help desk, you have the benefit of a help desk team that is extremely knowledgeable about your business and IT infrastructure. That’s because they are also part of the team actively working to prevent issues. A standalone IT outsourcing help desk team usually does not have that level of insight into your business or the ability to help prevent similar issues from coming up.
When you hire an external resource to accomplish a specific, limited-scope IT project within a given period of time, that’s called IT project outsourcing. It might include the development of products, services or solutions and involve multiple parties within and outside of your organization.
Some IT projects that are typically outsourced are migration from an on premise service to the cloud, migrating email from G-Suite to Microsoft 365 or integrating multiple systems together.
Internal IT teams usually don’t have the expertise or bandwidth to take on the project. Some managed service providers also offer IT project outsourcing while others only complete IT projects for existing managed IT clients.
Managed service providers (MSPs) provide ongoing and proactive IT support for a company’s network, infrastructure and other technology needs. Managed support doesn’t just fix things when they’re broken: Your MSP will proactively work to keep your network up and running without interruption and partner with you to get the most productivity out of your business.
Some managed service providers offer a specific set of services to all customers while others will customize their support package to meet the specific needs of a business. With the latter approach you never pay for things you don’t need.
Managed IT services include protection of all your endpoints (devices, computers), data and infrastructure (servers). The best IT providers also proactively monitor and patch manage to prevent disruption. They also offer training to your team and technology leadership guidance to you.
Cloud service providers are third-party companies that offer a cloud-based platform, infrastructure, application and/or storage services. Think of it as a utility company: You just pay for the services you use, in this case, cloud services. A cloud managed service provider bundles cloud services into a managed service agreement. You get the cloud services and the expertise and support you need to keep everything optimized and secure.
Cyber security services providers offer cyber security to other businesses as a service. Cyber security Service Provider (CSSP) is also a set of specific certifications issued by the Department of Defense (DoD) to designate certain levels of knowledge and experience.
Working with a cyber security provider allows your company to leverage a more robust set of security protocols. They can run tests to find vulnerabilities, monitor networks for intrusions and even respond to incidents. Be aware though: Not all cyber security service providers offer the same set of services and their methods and costs can vary greatly.
A managed cyber security service provider (MSSP) bundles these security services into your managed service agreement for a flat monthly fee. You’ll get proactive monitoring, infrastructure expertise and response and remediation in addition to the help desk, training and other managed service components. The best MSSPs customize their services to meet the needs of your business, so you never pay for services you don’t need.
Cyber security managed service provider is another name for a managed cybersecurity provider or MSSP. They differ from a CSSP because the security services are provided as part of end-to-end IT coverage. MSSPs:
- Assess your infrastructure for risks, gaps and vulnerabilities to continually assure your security.
- Close any gaps and provide recommendations to implement specific security and productivity improvements.
- Monitor your system and support your team 24/7/365.
- Proactively respond to attacks, usually blocking them before they breach your system.
- Provide ongoing training for your staff who are the #1 weakest link in any security chain.
With a cyber security managed service provider, these services and more are packaged into your monthly fee, so that you can plan better for meeting your company’s technology needs.
There are many cloud computing benefits for small business, including but not limited to:
- Flexibility. With cloud computing, you can easily expand your technological infrastructure resources as needed. You don’t need to know how much data storage you will need in the next year or how many locations you will need to access that data. Your data storage size can scale up or down depending on your needs.
- Lower costs. With cloud services, your infrastructure costs change from capital expenditures (purchasing servers) to operational expenses, saving you money because you only pay for what you use (usage-based pricing) and you need fewer IT hours to implement and manage your data.
- Better accessibility. As long as you have an internet connection, the data on your cloud can be accessed from anywhere and multiple users can work on the same data simultaneously.
- Less maintenance. Because cloud applications are not installed on each user’s computer, there is no need for updates or patches applied to every endpoint. All that happens on the cloud.
- Increased peak load capacity. Resources are shared across a large pool, so peak-load capacity increases and there is more efficiency for less utilized systems.
- Backup redundancy. With a well-designed cloud solution, your data will be stored on multiple redundant sites, so it is protected and available even if one site is compromised by a natural or man-made disaster.
- Security. Cloud security is as good as (or better) than traditional systems if implemented correctly.
Co-managed IT services (or hybrid IT services) is when you use a managed service provider (MSP) to supplement your in-house IT staff. Co-managed IT services can be the best of both worlds if your business is large enough to maintain an in-house IT team. You decide how much you want in-house and what you want from an MSP.
Here’s how it could work:
- Day-to-day business is handled by your in-house IT team with assistance or specialized expertise from your managed service provider as needed.
- Your MSP serves as a virtual chief information security officer or VCISO, basically becoming an outsourced CTO. Your internal IT team manages your systems and implements strategies created under the expert direction of your MSP.
- Your IT leadership is in-house but an outsourced managed IT team executes and manages your systems day to day.
Providers that determine and address your cyber security risks are offering cyber security assessment services. Every business should conduct some level of cyber risk assessment. But the types of assessments you need will vary based on your business, company size, industry and your risk tolerance.
The most common cyber security assessment services include:
- Vulnerability assessment to discover potential weak spots inside and outside your network that could be exploited.
- Penetration testing. A “practice” cyber attack is run by authorized cybersecurity experts (“white hat hackers”).
- Network audit and access review, which can determine what is on your network, finding unauthorized software or hardware as well as performance or licensing issues. An access review looks at who has permissions to access or make changes to your network.
- Compliance audit reveals how well your company is obeying the rules, regulations and laws that relate to your particular industry. A compliance audit will find out, from common PCI compliance (required by any business that accepts credit card payments) to specialized requirements for defense contractors. Compliance audits look both at what is happening inside your business and with any external partners or vendor relationships.
It’s not hard to find managed IT service providers. They come in all shapes and sizes, from the “guy in garage” to large national firms. The key is to choose the right managed service provider to partner with for your business. Here are the hallmarks of a quality IT partner:
- 24/7/365 monitoring and supporting.
- Fast response times and reasonable resolution times based on the level of impact the issue is having on your business.
- A high average customer satisfaction rating (CSAT) over several years and client references to back it up. The higher the rating the better.
- Experience with your type of business or industry (including compliance requirements) and client references to back it up.
- Willing and able to be on site in your offices if needed.
- Flexible contracts. You should be able to cancel all or part of your services with them with 30 days notice. You want a managed service provider that earns your business month after month, not locks you into a long-term contract.
After you pare down your options with the basics, it’s time to find out about their specific IT processes and protocols. Download our Choose IT Support Checklist for more questions to ask potential managed IT service providers.
Both multi factor authentication (MFA) and two factor authentication (2FA) validate that you are who you say you are. In fact, all 2FA is MFA. But not all MFA is 2FA.
The difference between multi factor authentication and 2fa is the number of forms of authentication you will require to prove you are a legitimate user to that site. Two is the minimum while more than three tends to get in the way of productivity. As its name suggests, 2FA requires two forms of authentication while MFA covers anything that requires two or more.
Remember your last log in? You were asked to provide a username and password. Together, those are one factor of authentication. Taking this a step further, 2FA asks for one more factor, such as answers to previously asked security questions. These all fall into the “something you know” category.
In addition to “something you know” most MFAs also require “something you have” or “something you are. ” “Something you have” is usually your cell phone. Your login triggers code to be sent to your phone. You enter that code to access the system. There are more robust methods, such as using an authenticator app or token device. Any of these will provide an additional layer of security over simply providing information. “Something you are” is usually a fingerprint or face scan, but any form of biometrics fits in this category.
So don’t get caught up in the terminology multi factor authentication vs 2fa. The important thing is that you implement more robust authentication methods to protect your business.
A business continuity and disaster recovery plan outlines how to keep your business operational or quickly restore operations after a disaster, whether it’s natural or man-made. The combined plan will ensure that your business operations keep running despite unexpected issues, and ensure your employees know how to keep working after a disaster.
A disaster is anything that affects the continuance of your company and can include:
- Tornados, hurricanes and other weather related disasters
- Global pandemic or other medical issues
- Data breaches
- Computer crashes
Disaster recovery plans and continuity plans will keep these things from shutting down your business. The plan designates who does what if a disaster hits so everyone knows what their responsibility is. Also, it outlines how each computer system or stored data is backed up and protocols for recovery, including emails, databases, files and other stored data. The plan will protect your revenue and keep your customers happy.
Zero Trust architecture is a cyber security model where no one is trusted by default from inside or outside the network. Verification is required from everyone trying to gain access to resources on the network.
Zero Trust architecture stops and blocks malicious software and other applications that have not been specifically authorized. Zero Trust security services allow you to define what software, scripts, executables and libraries can run on your company’s endpoints and servers. This typically involves a combination of:
- Application whitelisting. This process blocks everything unless it has been explicitly approved. This means no one can download and install any program or perform any function unless it’s on the list. This not only protects you from malware or other ransomware but also from the use of your systems for non-business purposes (e.g., crypto mining).
- Ringfencing. A technology that protects your data from exploited applications and files by creating a fence at the most granular level around the applications that run your system. This essentially eliminates attack vectors from a cybercriminal’s path.
- Storage control. A solution that allows you to stop users from exporting or uploading files to the internet and external storage, like USB drives.
A quarterly business review (QBR) is a meeting between your decision makers and your MSP. The QBR’s purpose is to make sure you are fully prepared for your future tech needs and to help your MSP team understand the trajectory of your business.
As the name implies, a quarterly business review is usually held quarterly, but can be scheduled more or less frequently depending on your business needs and goals. The QBR meeting itself usually takes about two hours and can be done onsite or virtually. A typical QBR report will include:
- A one-page business plan
- Your contact list
- Your IT assets
- Your workstation life cycle report
- A phishing report
During a quarterly business review, you are likely to discuss:
- Current issues, with real-time problem solving
- The latest tech innovation and IT trends that could impact your business
- General industry trends
- Feedback on your MSP’s performance
An endpoint is simply a device on which you create and load data: Mobile phones, tablets, laptops, desktops, manufacturing machines and health system devices are all endpoints. They are the last stage in the IT system.
Endpoint backup involves protecting your data on each of these endpoints by also saving it to another location, separately. Some of this could be done automatically at a backup location such as iCloud, Microsoft Drive, etc. The caveat is that they all must be backed up individually.
A shared system backup is a solution for companies to store backup files centrally with the work accessible to all (with a permission structure as needed). Both shared system backups and endpoint backups can use local servers, cloud solutions or a combination of both.
Your managed IT provider can help you determine the best data backup solution for your business, whether that is endpoint backups, shared system backups or a hybrid solution.
An IT service management (ITSM) company uses a process to create, plan, operate, deliver, support and implement your IT to best serve your customers and your business.
In other words, an ITSM manages and protects your data.
An ITSM’s scope of work includes all technology devices and services: your passwords, servers, printers, all software applications, even your laptops and the applications on them.
Some primary examples of what an ITSM can provide for your business include:
- Streamlining your infrastructure to better manage high-quality internet technology.
- Ensuring access to company data is only allowed to authorized current employees or end users (members of your staff, clients, etc.). The ITSM will purge the system of former staff members or clients who can still access your network because someone forgot to block their accessibility when they left the company or partnership.
- Advising you on the optimal type of backup to handle any possible data breaches whether they come from criminal action or natural disasters, or other unforeseen circumstances.
- Checking every application and every endpoint (scanner, computer, phone, etc.) to ensure they are up to date, and periodically update them to the latest patch if they are not.
- Examining your cybersecurity plans and processes and replacing them with ones that are safer, or reinforcing existing plans if need be.
There are numerous benefits of using IT service management: We’ve narrowed it down to our top seven:
- Reduced IT costs (scoping out redundant or obsolete assets)
- Reduced risk factors
- Reduced downtime when data breaches happen
- Adaptation to your specific needs
- Enablement of teams to share knowledge
- Improved efficiency, customer satisfaction and service
- Active breach prevention and strategizing for cybercriminal attacks as well as natural disaster mitigation
An ITSM doesn’t just offer tech support via a help desk or a service desk. Those support services are included as a part of the service, but an ITSM’s role is much broader than that.
The terms “service desk” or “help desk” are defined differently across businesses and industries, blurring what the phrase actually means. With an ITSM, it doesn’t matter. All you have to do is call or submit a “ticket” and the issue will be resolved.
An ITSM handles all service requests whether they are an incident that affects the system (my computer is down), a recurring problem (this application is stuck again), a change to the system (I need to add, remove or modify the database) or even requests for a new piece of equipment (I need a new computer).
The bottom line is this: Whatever IT issue you may have, an ITSM has the answer.
A zero day attack involves a cybercriminal exploiting an unpatched or unknown vulnerability for the first time (aka a zero day vulnerability).
Some examples of zero day exploits include:
- New or undetected malware.
- A known vulnerability that had never been exploited before.
- A previously unknown vulnerability that is exploited.
In some cases, a system’s vulnerability is known, but it is not known how that vulnerability could possibly be exploited. Vulnerabilities can sometimes be discovered once people figure out how to exploit them. This is why there is often a gap between a zero day vulnerability and a zero day exploit.
Organizations and websites track critical vulnerabilities and exposures to distribute to others. They maintain updated lists of these and then release patches that will fix the system flaws. Once the patch is released, it is no longer considered a zero day vulnerability.
You might be surprised to learn that an everyday, run-of-the-mill antivirus or anti-malware software can’t protect you against zero day attacks. These software tools can only look for what they know for certain is out there, and because zero day exploits occur from the three examples listed above, IT systems are never fully protected all the time. This is why it’s important to make sure your company is taking cyber security seriously.
A vulnerability can be defined as a weak spot in a system. Cybercriminals gain access to a network through IT vulnerabilities. Not all weak spots are in the source code itself, and it is virtually impossible to have no weak spots.
As it turns out, the biggest vulnerability for the majority of companies are their people.
Some human examples of vulnerabilities include a human response to phishing emails or weak passwords, while technological vulnerability examples include weaknesses in the software code of a program or software that hasn’t been updated or patched.
Exploits require vulnerabilities to exist, which is why preventing vulnerabilities is critical for the health of your organization. A cybercriminal uses a vulnerability to exploit a system.
In today’s world, bad actors don’t need to be sophisticated coders or computer experts to exploit a vulnerability — especially of the human kind. Bad actors can purchase automated tools to take advantage of weaknesses on a grand scale.
There’s plenty of data available on the dark web to trick your team into making a mistake and letting criminals in.