21 Critical Questions Every Small and Medium Sized Business Should Ask Their IT Support Provider Before Signing A Support Contract

Don’t Trust Your Critical Files And Operations To Just Anyone! This Advisory Guide Will Arm You With 21 Revealing Questions You Should Ask Any IT Company Before Letting Them Set Up And Support Your Computer Network

Choose the wrong IT services company and you could end up with more than shoddy service. Their mistakes and oversights can cost you in lost productivity from slow systems and crashes, excessive downtime and CAD files being lost, corrupted, deleted or overwritten (costing you HOURS of lost work). Don’t hire just anyone!

Read this guide and you’ll discover:
⦁ Buyer beware! The “dirty little secret” of the IT services industry that most people don’t know and will never be told by their IT company.
⦁ 21 revealing questions that will help you instantly spot an unethical or grossly incompetent IT company in minutes so you don’t risk your time and money hiring the WRONG one.
⦁ Ransomware, viruses, spyware and hackers: what you need to know to protect your organization from a devastating, expensive attack.
⦁ Why “cheap” or “lowest price” IT companies aren’t the bargain they initially appear to be (and how to know if someone is pulling a bait-and-switch deal).

 

Provided as an educational service by:
MultiserveIT Solutions Inc.
www.multiserveit.ca
(416) 846-5206

An Open Letter From Mohsin Esa
Owner/Founder, MultiserveIT Solutions Inc.

Dear Colleague,

Choosing an IT services company isn’t easy. There is no shortage of horror stories about incompetent computer and IT “gurus” bungling jobs and causing MORE problems as a result of their loose morals or gross incompetence. I’m sure if you talk to your own friends and colleagues you will get an earful about the unfortunate experiences they have encountered in this area.

Why is this? Because the IT services industry, along with a lot of other industries, has its own share of incompetent or unethical businesses that will try to take advantage of trusting business owners who simply do not have the ability to determine whether or not the technician knows what they are doing.

Sometimes this is out of greed for your money, but more often it’s simply because they don’t have the skills and competency to do the job right but won’t tell you that up front. From misleading information and unqualified technicians to poor management and terrible customer service, we’ve seen it all…and we know they exist in abundance because we have had several customers come to us to clean up the disasters they have caused.

Buyer Beware: The IT Services And
Consulting Industry Is NOT Regulated

Electricians, plumbers, lawyers, realtors, dentists, doctors, accountants and even engineering and construction firms are heavily regulated to protect the consumer from receiving substandard work or getting ripped off.

However, the IT services industry is still unregulated, and there aren’t any laws in existence to protect the consumer – which is why it’s so important for you to arm yourself with the information contained in this report. Anyone who can hang out a shingle can promote themselves as an IT expert.

Even if they are honestly trying to do a good job for you, their inexperience can cost you dearly in your network’s speed and performance, ransomware attacks or in lost or corrupt data files. That is why we decided to offer this report. The information in this guide is provided to help raise standards within the IT services industry, and to give YOU useful information to help you guard against the lack of ethics or incompetence of some companies and technicians.

Dedicated to serving you,

Mohsin Esa, OWNER/Founder
21 Critical Questions Every Engineering, Architectural Or
Construction Company Should Ask Their IT Company
Before Signing A Contract For Support

⦁ Do you proactively monitor our network for suspicious activity 24/7/365?
Yes. We use advanced Security Information and Event Management (SIEM) tools combined with AI-based threat detection to monitor your network round-the-clock for any anomalies or malicious activity.

⦁ What cybersecurity frameworks do you follow (e.g., NIST, ISO 27001)?
We align our practices with NIST CSF (Cybersecurity Framework) and ISO/IEC 27001 standards to ensure comprehensive risk management and data protection protocols.

⦁ Do you offer regular vulnerability assessments and penetration testing
Yes. We perform quarterly vulnerability scans and conduct penetration tests biannually or upon major infrastructure changes.

4. How do you handle patch management and software updates?
We use automated tools to deploy critical patches and updates. All updates are tested in a controlled environment before full deployment to avoid disruptions.

5. Will you provide a written information security policy?
Absolutely. Every client receives a custom-written, up-to-date security policy aligned with your specific compliance and business requirements.

6. How do you back up data, and how often do you test backup recovery?
We use both on-premises and encrypted cloud backups. Backups are performed daily, with restoration tests conducted monthly to ensure reliability.

7. Do you offer cybersecurity awareness training for employees?
Yes. We provide ongoing training, phishing simulations, and policy reviews to keep employees informed and vigilant.

8. What type of endpoint protection do you deploy?
We deploy next-generation antivirus (NGAV) and Endpoint Detection and Response (EDR) solutions that include real-time behavior monitoring and threat hunting.

9. How do you secure remote access for remote workers or vendors?
Remote access is secured using VPNs with multi-factor authentication, encrypted tunnels, and role-based access control.

10. Do you provide multi-factor authentication (MFA) setup and enforcement?
Yes. MFA is a mandatory part of our cybersecurity baseline, and we support configuration across all major platforms and applications.

11. Can you detect and respond to ransomware and phishing attacks?
Yes. We have tools in place for real-time detection and a dedicated incident response team to contain and remediate ransomware and phishing attempts quickly.

12. How quickly can you respond to and remediate a cybersecurity incident?
Our SLA guarantees initial response within 30 minutes. Full containment and remediation times depend on the incident severity but are treated as top priority.

13. Will you help us develop or maintain a disaster recovery and incident response plan?
Yes. We work with you to create, update, and test your Disaster Recovery (DR) and Incident Response (IR) plans regularly.

14. Do you have cyber liability insurance and are you willing to share its scope?
Yes. We carry cyber liability insurance and are transparent about its coverage scope, which includes incident response and data breach remediation.

15. Will you provide regular reports or dashboards on our security posture?
Yes. Clients receive monthly reports with KPIs, risk trends, incident logs, and actionable insights via a client portal.

16. Are your technicians background-checked and trained in cybersecurity best practices?
Yes. All staff undergo background checks and receive continuous training in security standards and compliance.

17. How do you manage and secure admin credentials and privileged access?
We use secure password vaults with role-based access, audit logs, and periodic access reviews for all privileged credentials.

18. Do you encrypt sensitive data at rest and in transit?
Yes. We implement AES-256 encryption for data at rest and TLS 1.2+ for data in transit.

19. Will you help us comply with data protection laws (e.g., PIPEDA, GDPR)?
Absolutely. We help businesses achieve and maintain compliance through gap analysis, policy development, and data handling practices.

20. Can you show evidence of security certifications or industry partnerships (e.g., Microsoft, CompTIA)?
Yes. Our team holds certifications such as CompTIA Security+, CISSP, and Microsoft Security certifications. We are also Microsoft and Fortinet partners.

21. Do you guarantee a specific response time in the event of a breach or attack?
Yes. Our Managed Security SLA includes guaranteed response times — 30 minutes for critical incidents and up to 2 hours for lower priority issues4 Costly Misconceptions About IT Support And
Choosing An Honest, Competent IT Services Company

Misconception #1: My computer network doesn’t need monthly monitoring and maintenance; I only want to pay for repairs or support on an “as-needed” basis.

This is probably one of the biggest and most costly misconceptions many small and medium sized businesses have.

Computer networks, data and software applications are complex and dynamic systems that need regular updates and maintenance to protect against cybercrime (ransomware, hackers, viruses) and to ensure backups are happening. Here are just a FEW of the critical updates that need to be done on a daily, weekly and monthly basis, many of which most IT firms miss or simply don’t do:

⦁ Critical updates, conflicts, functionality and potential issues
⦁ Backups checked DAILY to ensure HOURLY backups are happening
⦁ Security patches and updates installed (with new cyber-attacks cropping up daily, this is a CRITICAL part of maintaining your network)
⦁ E-mail size maintenance and monitoring to avoid problems with large file transmissions
⦁ Antivirus updates and monitoring
⦁ Firewall updates and monitoring
⦁ Spam-filter installation and updates
⦁ Spyware detection and removal
⦁ Monitoring disk space on workstations and servers
⦁ Monitoring hardware for signs of failure
⦁ Optimizing systems for maximum speed

All computer networks and the devices connected to them need to be managed and monitored if you want to protect against cybercrime, lost data, slowness and data loss.

If your IT support company does not insist on some type of regular, automated monitoring or maintenance of your network, then DO NOT HIRE THEM. Lack of system maintenance is the NUMBER ONE reason most people end up losing valuable files and incurring heavy support costs to restore files. If your IT company isn’t offering you these services, you need to find someone else to support your computer or network for 2 reasons:

⦁ Either they don’t know enough to make this recommendation, which is a sure sign they are horribly inexperienced, OR

⦁ They recognize that they are profiting from your IT problems and don’t want to recommend steps toward preventing you from needing their help on an ongoing basis. After all, they’ll get paid MORE to restore a network that’s been locked by ransomware than to make sure your system is patched, updated and secured (which can be done quickly and inexpensively with good monitoring).

Either reason is a good one to get as far away from that person as possible!

Misconception #2: My nephew’s/neighbor’s kid/brother-in-law/office manager knows this IT stuff and can take care of our computers.

Most people look for a part-time “guru” for one reason: to save a few bucks. But this often comes back to haunt them. We frequently get calls from (new) clients who desperately need our help to get them back up and running or to clean up a mess caused by an inexperienced neighbor, friend or relative who was just trying to help.

As a professional firm, you know the importance of getting a PROFESSIONAL to do the work.

If the person you have working on your network does not do IT support for a living, there is a good chance they won’t have the knowledge or experience to truly help you – they are a hobbyist at best. And do you really want a part-time, inexperienced person responsible for handling something as important as your data and IT network? As with everything in life, you get what you pay for. That’s not to say you need to go broke to find a great technician, but you shouldn’t be choosing someone based on price alone.

Misconception #3: All IT support companies are created equal. Your best option will be the one who offers the lowest price.

As we stated a moment ago, you get what you pay for. A cheap price usually means a cheap job. Really good technicians do NOT work cheap because they are in high demand, just like every other professional service category. The only technicians who will work cheap are those who are just starting, and they are grossly inexperienced.

Some shops outsource the support to overseas companies who will do the job for a fraction of the price; but we feel you should know who’s accessing your personal files, e-mail and data. Others will hire college kids or newbie technicians because they will work for next to nothing to gain experience, OR they allow interns to support your network because they don’t have to pay them at all – but what you don’t realize is that an inexperienced technician like this can end up costing more because:

 

⦁ They improperly diagnose problems, which means you’re paying them to fix the WRONG thing and they STILL won’t resolve your problem. Case in point: A few years ago a TV reporter went undercover to 8 computer repair shops with a perfectly working PC, but simply disconnected a cable in the back (a fix that the AVERAGE IT tech would have caught in minutes with a visual inspection). Several shops improperly diagnosed the problem and wanted to charge them anywhere from $59 to over $275 to fix it!

⦁ They could take 3 to 5 times as long to do the same repair an experienced technician could do quickly. Again, you’re paying for those extra hours.

⦁ They could do MORE damage, costing you more money and downtime.

With your client data, accounting records, personal e-mail, personal browsing history, bank accounts and other critical data at stake, do you REALLY want the lowest-priced shop working on your machine?

We take the view that most people want value for their money and simply want the job done right. You will find that we are not the cheapest, but we don’t apologize for that. As the owner, I decided a long time ago that I would rather explain our higher rates ONE TIME than make excuses for POOR SERVICE forever. That said, we’re not the most expensive either. We simply feel that we should offer a good service at a fair price.

Misconception #4: An honest IT support company should be able to give you a quote over the phone.

I wish this were true, but it isn’t. Just like a good doctor, an honest and professional technician will need to diagnose your network before they can quote any price over the phone; consider the example above where all that was needed was to plug in a simple cable. If someone brought that to us, we would just plug it back in and not charge them, but without SEEING the machine, we could have never diagnosed that over the phone.

Also, some consultants will quote you a cheap rate over the phone to get in the door, but then jack up the prices once they get in your office by taking 3 times as long, selling you add-ons and up-sells, etc. And finally, reputable firms don’t charge by the hour anyway – they give you a fixed fee, flat rate. Here’s why…

One of the easiest ways to take advantage of a customer is to get them to agree to a time and materials repair. Unless you know what’s wrong and how long it should take, they can soak you on the fees. And what are you going to do when they get 5 to 6 hours into a repair or project and then spring on you the news that it will take even longer than they anticipated to fix, costing you MORE money?

Always, always, always make sure you get a flat-rate, fixed-fee quote in advance so you don’t end up getting burned – and NEVER take a phone quote!

A Personal Invitation

We’d love the opportunity to earn your business. To that end, we’d like to offer you a FREE IT Assessment to review your network’s stability and security, and to look for ways to eliminate software problems, e-mail problems, licensing problems, slowness, crashes and a host of other nagging, frustrating IT-related issues ($497 value, yours free).

Why would we give this away for free? Two reasons:

⦁ We are simply offering this as a risk-free “get to know us” offer to people we haven’t had the pleasure of doing business with. Again, our goal is to allow you to make an informed and confident decision – and offering this is one way we can help you better evaluate us.

⦁ This will allow us to determine if we even CAN help you. Obviously we can’t help everyone, and our services might not be a good fit for you. Conducting this Assessment enables us to do a small project for you to help you evaluate whether or not we’re the right company for you without risking your money.

This service is completely free, with ZERO obligations or expectations on our part. Would we like the opportunity to earn your business? Of course! But I personally guarantee you won’t be strong-armed or pestered to do anything.

You’ll Get Answers To The Following Questions:
⦁ Is your current outsourced IT company really, truly doing the maintenance and monitoring they should be doing, that you might even be paying them to do?
⦁ Are your IT systems truly secured from hackers, cybercriminals, viruses, worms and even sabotage by rogue employees? If you’re not getting weekly security-patch updates from your current IT person, your IT systems are probably not truly secured.
⦁ Are your backups configured properly to allow you to recover FILE VERSIONS that were saved an hour ago? A day ago? A week ago? Also, if you lost it ALL to ransomware or some other disaster, how fast could you be back up and running again at full speed? In 99% of the computer networks we’ve reviewed over the years, the owners were shocked to learn they would NOT be able to restore everything as fast as they thought.
⦁ Could you utilize cheaper and more efficient cloud-computing technologies to lower IT costs and make it easier to work remotely with large files?
⦁ Are your systems, e-mail and software optimized for maximum speed and performance? Are you having licensing issues? File-sharing issues when attempting to e-mail large files? Slowness and other “glitches”? We’ll diagnose ALL of these issues and provide answers on how to resolve them (they ARE easily fixed).
Once we have a clear picture of the state, health and performance of your current IT systems, we’ll deliver a customized report and action plan that will show you how to eliminate every single nagging problem, enable you to work more efficiently and possibly even lower your IT costs.
We hope you become a client, but if not, you’ll still see value from this service. As I stated a moment ago, you have my personal guarantee that high-pressure sales tactics will not be used at any point during our engagement. We simply want this to be a delightful, informative and positive experience for you.
3 Easy Ways To Request Your Free IT Assessment

Go online to: www.multiserveit.ca/assessment

Or call me at (416)846-5206

Or e-mail me direct at mohsinesa@multiserveit.ca

Looking forward to meeting you,

Mohsin Esa, Founder/Owner
MultiserveIT Solutions Inc.
P.S. Even if you don’t have an immediate need or problem right now, having this IT Assessment done is an easy, no-cost way to have “fresh eyes” looking at your network.
In the 15+ years we’ve done this, we’ve never been able to find a “perfect” setup with zero problems or ways to improve the speed, performance and security of a network. At the very least, the peace of mind you’ll gain from having a credible 3rd party reviewing your systems is worth the little bit of time it takes, and this is truly an easy, non-invasive process.