Using a common password for administration across clients
“The password you typed is incorrect.”
“Incorrect password. Please try again.”
Sounds familiar, right? Each one of us probably has forgotten some of our passwords and that is why people tend to use one password on every site. Even some IT service providers use a common password for administration across clients because they might think this will resolve the issue and this will make their job easier for them.
So, ask your IT service provider. Are they using a common password or a pattern for all their clients?
If yes, then your system isn’t safe!
Different accounts should have different passwords.
Storing client/management passwords in documents or plain text rather than using a password manager
Writing or typing your passwords in a notepad, word or excel?
Felt guilty for doing it?
How dangerous is it?
Imagine someone from your IT provider’s organisation who accidentally clicks and installs malware or gets hacked then they have all your passwords. Will you feel safe?
Any supplier that has credentials to your network needs to be using encryption to protect any passwords and should be using multi-factor authentication.
Ask them. How are you storing your passwords? Hopefully, they will be using a secure password manager like Bitwarden, 1Password or Lastpass.
Sending the client the backup report and leaving it in their hands to decipher, rather than managing the backups for you.
Did your IT provider give you an online backup report and leave it in your hands to hands?
You probably put them in the trash each day. Let’s face it, you have more important things to do than to understand it. If disaster strikes, and you need to restore your backup, they have not been checking the reports, and they have been failing for a year. It’s going to be your fault yet it’s not your job to understand these reports.
Wouldn’t it be better to have an IT company that is checking backups and doing regular restore tests?
You have an IT partnership with your IT service provider. One of their main responsibilities is creating your online backups. But make sure checking the backups are working is part of the service.
I was recently at an IT company where we noticed the backup device was not turned on which is hard to imagine if you have the correct proactive processes in place. We would be getting alerts every hour telling us to sort it out.
Not having a contract with your IT provider
Can you still remember how you and your IT provider ended your conversation when you decided to get support from them?
Did you sign up for an agreement or a contract? Is it verbally or a written contract?
Or didn’t have any?
Think about it.
Contracts have many purposes that is why it is important to every business. It serves as a record of commitment to you and your IT provider.
Imagine if something goes wrong with your network and you need to fix things as soon as possible. Your IT provider is busy and you do not have a contract. Will you be able to get support immediately?
(Also see: Cyber Insurance: 5 Things You Need to be Doing If You Want Any Chance of a Payout)
Do not expect that they will provide you support immediately. You might have to wait in line.
Having a contract with your IT provider is critical these days as it gives you peace of mind and they have a duty of care to protect you. Sending out a contract is a symbol that your IT provider cares about having a detailed relationship that they are having a commitment to you.
There is nothing wrong with asking these questions to your service provider. You have the right to know. You rely on and trust them so much and that is why you choose them as your IT partners.
Remember that, providing a good service with transparency to the clients is what makes them the best IT service providers. Being proactive is an incredible amount of work for an IT company and there is not room for shortcuts.