Most small business owners, when they’re looking for a vendor to support their business, default to the old adage – “hire someone you know, like, and trust.”

This is especially true here in Charlotte, North Carolina, which is where we operate – it’s a relationship town through and through. 

And listen, friends – there’s nothing wrong with doing business with someone who you like and trust. You should hire someone who you like and trust. But when it comes to hiring an IT vendor, it’s not enough just to like them and trust them. You also need to know that they’re competent and that they have systems, processes, and procedures in place to ensure that your business is protected.

This is essential to the health of your business – because over the past few years, the cybersecurity environment has drastically changed. Cyber-crime has increased, cyber-criminals have gotten more sophisticated, and as a result, business owners face a much greater risk from cyber-crime than they ever did before.  

And that means you need to have an IT team that you not only like and trust – but who also has processes and systems in place to ensure that your business is protected and that your risk is mitigated as much as possible. Your IT team must be sweating the details – otherwise, their lack of attention to detail could expose you and your organization to significant, unnecessary risk.

For example, you should ask a prospective IT vendor questions like this:

  • How will you implement cyber hygiene best practices in my business?
  • How do you monitor your backup software to confirm that it’s working – and that a silent bad actor hasn’t tampered with it?
  • Do you back-up data solely on the cloud, or do you have offsite backups as well? How many off-site backups? (We recommend two geographically separate offsite locations whenever possible.)

  • How often do you test your backup restoration process to ensure that it’s going to work as expected?
  • Do you have an Incident Response Plan in place in the event of a security breach? Will you share a written copy with my team?
  • Do you recommend that we purchase cyber insurance? If so, how much coverage do we need and how can you help us lower our premiums through proper IT hygiene?

Bottom line: It’s great to do business with people that you know, like, and trust. But when it comes to selecting your IT vendor, just “liking” them isn’t enough. You need to know that they’re competent and that they’re sweating the details. A simple rule of thumb is to always ask them “how?”… as in, how will you ensure the firewall is up to date, how will you verify that my backup software is working properly, and how will you monitor our network to make sure Silent Bad Actors haven’t compromised our security? Their answers to these questions will be illuminating.  

If you’d like to have a conversation about your organization’s IT strategy, please reach out to us via email at or 704-464-3075 extension 3.      

 Dedicated to IT security and productivity,  

 – Steve


Steve Kennen, president of Proactive IT and cybersecurity expert

About Steve Kennen

As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.