As a dental practice owner, choosing an IT services provider is one of the biggest decisions you can make to ensure the security of your practice and patient’s confidential information. Your technology partner should be a close advisor on the IT services you need now and, in the future, based on a clear understanding of your practice needs. Thousands of companies every day become victims of cyber-attacks. Choosing the right provider could mean the difference between being down for minutes/hours versus being down for days/weeks.
Determining how to choose one from the hundreds of IT service companies on the market can be challenging.
Here are some key factors to consider when selecting your prospective IT services provider:
- First and Foremost, perform an IT Assessment. Determine what your IT and security needs are so you have set expectations when meeting with IT service candidates. Make sure you list your priorities.
- Choose a provider with a solid security platform and infrastructure in place. A system that can provide real-time reports on active and ongoing threats. Ask for names of the security products they use and do your own research. You want to choose the company that has invested serious time and money and hasn’t selected the cheapest product to maximize their profit margins.
- When evaluating a potential IT service provider, ask them what measures they take to protect against and mitigate cyber threats. A good provider will most likely use several third party outside providers for their Security Operations Center, and internal risk management.
- Consider a company that utilizes a cloud-native platform (Cisco Umbrella) that delivers the most secure, reliable, and fastest internet experience and can support millions of users on a daily basis. This allows your IT provider to filter out network traffic and block any non-approved potentially malicious connection.
- Find a technology provider who is up to date on security best practices and has comprehensive experience tailoring security-oriented solutions for a variety of industries and business sizes. Ask if they use services like Dual Factor Authentication (2FA) for all credentials when engaging in remote access. Some other best practices are:
- Restricting internal access by tiers to remotely managed and monitored systems.
- Disabling any afterhours access to remotely managed and monitored systems
- Perform monthly account audits for remote access
- Disabling all standard admin accounts on all servers and workstations
- Maintains an up to date business continuity and disaster recovery plan
- Ensure that your selected provider enforces a strict internal password policy. According to DTC, one of our trusted IT providers, a strong password requires a minimum of 16 characters. Studies by the NSA have shown that a unique 16-character password would take thousands of years to crack using brute force on the most powerful supercomputers. For comparison, an 8-character password would only take 30 minutes to 6 hours to crack (DTC, 2020).
- Ask the provider directly if they think they are at risk of being “hacked” or breached. A good IT provider will acknowledge that there is always the risk of a breach. They will admit that nothing is impenetrable. If a malicious actor wants in badly enough, it will happen. What is important is how many layers there are protecting your data if and when there is a breach. Ask them to explain each layer. The more layers that need to be “peeled” the safer your data is.
Lastly, but certainly not least, always request credentials and customer reviews from the IT service providers you are considering. As choosing a technology partner is such an important and often enduring relationship, no IT firm worth its salt would question your need for verification about the level of service they offer.
Special thanks to Ryan Burch of DTC, Inc for this guest blog.
Ryan Burch is the Chief Information Officer for DTC, Inc. Ryan has spent the last 18 years of his career in various IT management roles, including managing the global development labs for Oracle, and as IT director for a national mortgage lender. During his time at Oracle he received several certifications for security and data storage.