As the year transitions from reflection to planning, business owners face a pivotal opportunity to set their organizations up for success in 2025. While your team or managed IT service provider may handle the day-to-day technology needs, some questions demand your direct attention. After all, IT decisions impact everything from cybersecurity to growth potential. In this article, we’ll highlight 4 critical IT questions that deserve your personal review, ensuring you are informed and prepared to lead your business with confidence into the new year.
1. Do We Have Cyber Liability Insurance?
If you have an insurance agent, please take a moment to call them and verify that you have this insurance either included in your business owner’s policy or that you have this as a separate policy. No matter whether you do business online or not, you still have computers and data. Even if all this data is in the cloud, it is subject to bad actors looking to compromise that data and try to profit from it. This policy is now just as critical as your property and professional liability policies. The application forms for this are getting increasingly more complicated to fill out but your managed IT provider should be able to handle. Reviewing this with them will help give you an idea of how secure your environment is currently and also what you may want to do to help lower this premium such as adding managed detection and response to your security solution.
2. Is Our Backup & Disaster Recovery Verified?
If your company still has servers running on site, it is an absolute must that you have someone show you that you have verified backups and that they have tested recovering from these backups. We have seen numerous examples of companies paying for a backup solution, but no one is monitoring the results. There have even been times where the backups appear to be successful but when doing a restore, a critical server fails or essential data was not properly backed up.
Another good question to ask is, if one of these servers fails, how long will we be down? Knowing that you have verified the backups and knowing how long you will be down if there is an outage are crucial pieces of information an owner needs to know in planning for the worst. If you don’t like the answers you get, then now is the time to review the latest solutions.
3. Have We Upgraded to Managed Detection Security?
Every day there is another news article about a company having an IT security incident. Breaches seem to be the new norm. Even though security solutions are more robust than ever, attackers are also improving. To combat this threat, the security software you installed 3 years ago probably needs an upgrade.
Firewalls need to be updated to the latest generation to help detect and prevent intrusions into your network; Email Security needs to be added to your base email solution; and Endpoint Security (aka Anti-virus) – which is moving from just trying to prevent attacks to being more proactive and trying to identify when attacks are happening – should be responding in real-time. This is commonly called Managed Threat Detection and Response. Most security vendors now offer this as an upgraded solution to their base package.
Review with your IT team and make sure you understand what level of security you have currently. If you don’t have at least the 3 mentioned here, consider budgeting for them.
4. Do We Have Cash Controls in Place?
You might not think this is something that would involve IT but so many times we have come across situations where businesses reach out to us after money has been lost due to a technology issue. The reality is even though they used technology, it is a cash control issue. Business Email Compromises are still one of the ways most small businesses lose money over the internet. A bad actor sends a well-crafted email to a key employee and money then gets wired or transferred to the wrong person. While we do encourage you to have security training and email security controls, this will not always work. It is best to make sure that you have stringent controls over how money is transferred out of the company.
When a company changes a bank routing code, do you call the company to verify over the phone that the bank change is legitimate? If money is being wired out of the company, do you have a second person verify the transfer? If requests are made for payroll changes or owners make email requests to change payroll or obtain cash, is this verified with a phone call? Do all your online financial sites have two factor authentication? These are just some of the ways we have seen money lost. Reviewing these now could save you thousands later.
Summary
Being prepared and proactive are essential for any business, especially when it comes to IT, which impacts nearly every aspect of your operations. These critical IT questions are not only important for every business owner to ask but to understand as well. They can be complex and time-consuming though. With the right managed service provider (MSP), getting answers and feeling confident in the security of your business can be a quick and relatively painless review. Spera Partners handles this for our customers and can certainly help you as well.
If you have questions or would like a complimentary consultation, reach out to us with one of the below links, or book a meeting with me here. Here’s to hoping you have a great 2025!
Brian Hess
President, Spera Partners
Consultation For Businesses: https://sperapartners.com/business-solution-complimentary-consultation/
Consultation For Schools: https://sperapartners.com/Complimentary-Consultation/
