Phil's Flub of the Month-Hiring an IT Service Provider that Can't Backup Their Claims
There are a lot of IT service providers out there and while they may all seem to provide the same services on the surface, not all IT companies are created equal! Unfortunately, the market is flooded with IT yes-men that will say anything to get you to sign on the dotted line. It's important to research your IT company thoroughly to make sure they have the skills to back up their claims, and the experience to give your business the specialized attention it deserves. It's my flub of the month: Hiring an IT service provider that can't backup their claims.
This month's flub was inspired by a new healthcare client that recently came to us after an unsatisfactory relationship with another IT service provider. Through the process of setting up our services, the astounding negligence of their previous provider came to light. The trouble arose when we came to the subject of system backups. The client had every expectation that we would send backups directly to them through FTP as their previous IT service provider had done. Why did this one little detail cause my jaw to drop? FTP is fast and convenient for the client, however, FTP is also among the least secure file transfer methods available, second only to e-mail! Not only was this client's highly sensitive patient information exposed to potential thieves, they were not in compliance with HIPPA regulations, putting them at risk for hefty government fines in the event of a breach. When we refused to use FTP to transfer backups and told the client why we couldn't offer this service, the client realized that they had truly dodged a bullet by giving this inferior company the heave-ho.
This client had hired their previous IT company after a sales pitch promising dedicated IT experts with years of experience in the healthcare industry. Through this one oversight, it was obvious to me that either this IT company didn't know anything about healthcare regulations or they didn't care about their client's security at all! When hiring an IT service provider, it's important to know who you're dealing with. You should hire a company with experience in your specific industry so that they are prepared for the unique problems they'll face when implementing IT security. If a company says they have industry experience, make them prove it. Take the time to contact a prior client or two for references and ask about industry specifics. Prepare yourself with research so you know what you need from your IT provider before you start looking for one. If you're unsure what to ask a potential provider, take a look at our Guide to Hiring a Network Management Provider[insert link]. Make sure there is a dialogue happening, a potential service provider should be giving you detailed information of what they plan to implement and how exactly it will help your business stay secure. You're trusting your IT provider with protecting your most sensitive data, find a company with integrity and experience that you can verify.