Questions To Ask A New IT Security Provider

March 04, 2022

If you are considering switching to a new IT security provider, then there are a few things that you should think about in advance. As a business owner, cybersecurity should be in the forefront of your mind and every step possible should be taken to reduce this threat. It is important to have ongoing conversations with your existing or current provider to ensure they are taking all the necessary precautions to keep your business safe.

We have put together some of the top questions you should be asking your new IT security provider:

1. What are the individual risks to my business?

Prevention is always better than cure, and you really need to prioritise security risks by identifying gaps in your business. Even the smallest gaps can leave your business vulnerable to security threats. You should check that your new IT provider understands the legal, regulatory and contractual requirements related to cyber security.

2. Are you proactive or reactive?

There are lots of different tests that IT security providers can carry out to assess the vulnerability of systems, networks and applications. Penetration tests should be a regular part of any IT security provider’s work. This is where simulated attacks are carried out on a computer system in order to identify any weaknesses that could be exploited by hackers. In essence, it is a check carried out on your IT defenses.

3. Are regular IT security risk assessments carried out?

Now this isn’t quite the same as vulnerability tests. A risk assessment should provide your business with the assurance that every possible risk has been considered, so that the correct resources can be allocated. Without looking at the potential risks, security efforts and resources could be misaligned, giving hackers the opportunity to exploit these vulnerabilities.

4. How do we demonstrate compliance?

Before signing you up, your new IT security provider should provide an audit of your business, so you can understand the effectiveness of your current cybersecurity and how this needs to be improved. Check for their certifications too – is the company ISO 27001 compliant, do they hold the Cyber Essentials credentials?

5. What is your response plan in the event of a breach?

Of course if your new IT security company are proactive then there should be a reduced risk of a data breach in the first place. However, if the worst was to happen then there needs to be an action plan in place. The main difference between businesses who survive a data breach, and those that don’t, is the implementation of a cyber resilience plan. This is all about response planning, business continuity and a disaster recovery strategy to get the business up and running again with minimal disruption. It is also important to inform the ICO if a data breach does happen, in order to conform with the GDPR.

6. When were the recovery procedures last tested?

Effective business continuity management (BCM) helps to save many businesses both identify a breach in the first instance, and to contain a breach too. These need to be tested regularly to establish if businesses are able to recover quickly following a cyber attack. There may be some attacks, such as a malicious assault or a firewall attack which is more difficult to detect. A plan also needs to be put in place in case the backup data has been compromised and the IT security provider are unable to restore from that.


We hope this has helped to explain just how much is involved when it comes to IT security and protecting your business. By outsourcing this to a qualified specialist team, you will have added peace of mind that your business is protected. We would always advise that you ask a potential supplier these questions as they should be able to provide comprehensive answers. If not, then watch out for the red flags!

If you would like help with your IT security, then get in touch with the experts at Reality Solutions today by calling 01482 828000.

Related News

View All IT Articles

The Hidden Dangers Of a Free VPN

With so many people working remotely these days, coffee shops are becoming an even more attractive place to work. With free WiFi available this can become a target for hackers and cybercriminals to steal data from your laptop. Most people are educated in this scenario,...

Read More

Why Your Business Can’t Survive Without Data Backup & Recovery

Data backup is a term commonly used in business, but not many business owners tend to do much about it. Did you know that most businesses backup their data at least once a year. Yes, once a year! Think about how much data you process...

Read More

Improve Productivity With SharePoint Online

Whether your staff are working from home, in the office, or a hybrid of the two, optimal productivity is essential to keep your business moving forward. A proven way to streamline workflows, enhance collaboration and improve efficiency is SharePoint Online, a cloud-based collaboration platform created...

Read More

Cloud Hosting For Your Business

At Reality Solutions, we specialise in providing the very best cloud hosting solutions for our clients, but what actually is cloud hosting and why would your business benefit from it? Carry on reading to find out more! What is Cloud Hosting? With traditional website hosting,...

Read More