Questions To Ask A New IT Security Provider

March 04, 2022

If you are considering switching to a new IT security provider, then there are a few things that you should think about in advance. As a business owner, cybersecurity should be in the forefront of your mind and every step possible should be taken to reduce this threat. It is important to have ongoing conversations with your existing or current provider to ensure they are taking all the necessary precautions to keep your business safe.

We have put together some of the top questions you should be asking your new IT security provider:

1. What are the individual risks to my business?

Prevention is always better than cure, and you really need to prioritise security risks by identifying gaps in your business. Even the smallest gaps can leave your business vulnerable to security threats. You should check that your new IT provider understands the legal, regulatory and contractual requirements related to cyber security.

2. Are you proactive or reactive?

There are lots of different tests that IT security providers can carry out to assess the vulnerability of systems, networks and applications. Penetration tests should be a regular part of any IT security provider’s work. This is where simulated attacks are carried out on a computer system in order to identify any weaknesses that could be exploited by hackers. In essence, it is a check carried out on your IT defenses.

3. Are regular IT security risk assessments carried out?

Now this isn’t quite the same as vulnerability tests. A risk assessment should provide your business with the assurance that every possible risk has been considered, so that the correct resources can be allocated. Without looking at the potential risks, security efforts and resources could be misaligned, giving hackers the opportunity to exploit these vulnerabilities.

4. How do we demonstrate compliance?

Before signing you up, your new IT security provider should provide an audit of your business, so you can understand the effectiveness of your current cybersecurity and how this needs to be improved. Check for their certifications too – is the company ISO 27001 compliant, do they hold the Cyber Essentials credentials?

5. What is your response plan in the event of a breach?

Of course if your new IT security company are proactive then there should be a reduced risk of a data breach in the first place. However, if the worst was to happen then there needs to be an action plan in place. The main difference between businesses who survive a data breach, and those that don’t, is the implementation of a cyber resilience plan. This is all about response planning, business continuity and a disaster recovery strategy to get the business up and running again with minimal disruption. It is also important to inform the ICO if a data breach does happen, in order to conform with the GDPR.

6. When were the recovery procedures last tested?

Effective business continuity management (BCM) helps to save many businesses both identify a breach in the first instance, and to contain a breach too. These need to be tested regularly to establish if businesses are able to recover quickly following a cyber attack. There may be some attacks, such as a malicious assault or a firewall attack which is more difficult to detect. A plan also needs to be put in place in case the backup data has been compromised and the IT security provider are unable to restore from that.


We hope this has helped to explain just how much is involved when it comes to IT security and protecting your business. By outsourcing this to a qualified specialist team, you will have added peace of mind that your business is protected. We would always advise that you ask a potential supplier these questions as they should be able to provide comprehensive answers. If not, then watch out for the red flags!

If you would like help with your IT security, then get in touch with the experts at Reality Solutions today by calling 01482 828000.

Related News

View All IT Articles

Types Of Data Backup

Backing up data should be an essential part of any business continuity plan, and it is also important to remember that as changes are made to the data, backups should change too. In an ideal world, businesses should have a full backup of their data...

Read More

Windows Server 2012 R2 End-of-Life

You may have heard us mention quite a while back in 2018 that server 2012 R2’s end-of-life road map was beginning and Microsoft were removing their mainstream support for this server. So why are we reminding you of this now, you may ask?! That is...

Read More

Looking For An IT Company In Hull Or Humber?

In this digital age, every business needs computer systems in order to function, but do you have an IT company to provide ongoing support? There is nothing worse than losing both time and money when your IT systems go down, so having experts on hand...

Read More

Benefits Of Remote IT Support

Remote IT support can play a pivotal role in improving productivity in businesses that have their team working from home. It has been clear that the pandemic has caused a complete revolution in the way we work, with many businesses entering the world of remote...

Read More