Technology Advisor Blog



Not Sure If Your IT Support Is Good Enough? Here’s Where to Start

Posted by Ann Westerheim on 3/31/26 3:53 PM

Worried Business Professional
We’ve had a few conversations recently with local business owners who all said some version of the same thing:

“I think our IT is fine… but I’m not really sure.  Maybe we're not doing everything we should be doing.”

Nothing was obviously wrong. Systems were running. But underneath that was uncertainty - and when it comes to IT and cybersecurity, “I think we’re okay” isn’t the same as actually being protected.

Sometimes its the "One-man-show bottleneck":

 “We’ve been working with the same IT person for years, but I think we’ve outgrown them. It’s getting harder to reach them, and when something goes wrong, we’re kind of stuck waiting.” 

What most small businesses think “good IT support” means

When we ask what they expect from IT support, we usually hear:

  • “Fix things when they break”
  • “Be responsive”
  • “Keep things running”
  • “Help us with new computers”

That’s not wrong - but it’s incomplete.

That definition comes from how IT worked 10–15 years ago.

You may have the "No one told us" problem.  We see this a lot:

 “Honestly, we didn’t even know what MFA was - or that we needed it. No one had ever brought it up. Same with Windows 10 reaching end-of-life… we just assumed someone was keeping an eye on that.” 

What good IT support actually looks like today

Today, good IT support isn’t just about fixing problems.

It’s about preventing problems, reducing risk, and giving you visibility into what’s really happening in your environment.

Here’s what that looks like in practice:

🔍 1. You have visibility - not just trust

You shouldn’t have to assume things are secure.

Uncertainty - Magnifying Glass

You should be able to answer questions like:

  • Are all devices up to date?
  • Is multifactor authentication enforced everywhere?
  • Has anyone logged in from an unusual location?
  • Are backups actually working and tested?

Good IT support gives you clear answers - not guesswork.

🛡️ 2. Cybersecurity is built in - not bolted on

A lot of small businesses still have:

  • Antivirus
  • Maybe a firewall
  • Some user training

But modern threats (especially identity-based attacks) require more than that.

You may have "Security Uncertainty":

 “I think we’re secure… but if you asked me how or why, I wouldn’t be able to tell you.” 

Volatility - Uncertainty - Notebook

Good IT support includes:

  • MFA (Multi Factor Authentication) everywhere it matters:  Something you know (like a password) plus something you have (like a code on your phone)
  • Email security and phishing protection
  • Monitoring for suspicious behavior (not just alerts)
  • Backup and recovery planning
  • Ongoing user security awareness.  This needs to be part of the company culture.  Cybersecurity depends on EVERYONE. 

Not as add-ons - but as part of a cohesive security approach

🧠 3. Someone is thinking ahead for you

If your IT provider is only reacting to tickets, you’re missing a big piece.

You should have someone who is:

  • Planning hardware lifecycle (not waiting for failure)
  • Keeping an eye on Microsoft changes and risks
  • Advising on compliance requirements (Mass Data Security Law, CMMC, FTC Safeguards, HIPAA, etc.)
  • Helping you make decisions - not just execute them

We hear from a lot of SMBs that their experience is "reactive only":

 “They fix things when they break, but that’s about it. We’ve never really had anyone sit down with us and talk about a plan or what we should be doing proactively.” 

 

📊 4. You get guidance - not just technical fixes

Good IT support translates technology into business impact.

RISK - Dominos

Something we hear a lot is the "Communication gap":

 “Most of the time, we don’t really understand what they’re doing or why. It’s a lot of technical language, and we just kind of trust it’s handled.” 

 Better communication means explaining not just what’s being done, but why it matters - so you’re never left guessing or making assumptions. 

Instead of:

“Your system needs patching”

You hear:

“Here’s the risk if we don’t address this - and here’s what we recommend.  Here's WHY its a problem”

That’s the difference between IT support and IT partnership.

🚨 5. If something happens - you’ll know exactly what happened

This is one of the biggest gaps we see.

Risk - DICE

After a suspicious event, many businesses can’t answer:

  • Was anything accessed?
  • Was data exposed?
  • Are we okay?

Good IT support includes monitoring and visibility tools that can quickly surface what happened and help you take the right next steps.

It’s important to note - while these tools can reveal a significant amount of detail and give you a strong head start, they’re not a substitute for formal digital forensics. In the event of a confirmed incident, your cyber insurance provider will typically guide the response and may bring in a forensics team.

Our role is to help you get clarity quickly, preserve key information, and support that process - so you’re not starting from zero.

We recently worked with a local business owner who clicked on a malicious link and had their credentials compromised - Very smart person, just busy and made a mistake.  Within minutes, we detected an unauthorized login, and using our monitoring tools, we were able to confirm that only a small number of emails were accessed and no files were touched.

That level of visibility made all the difference - and provided real peace of mind.

The real question: Where do you stand?

If you’re reading this and thinking:

  • “I’m not sure we could answer those questions”
  • “We rely a lot on trust”
  • “We haven’t really looked under the hood in a while”

You’re not alone - and it doesn’t mean something is wrong.

It just means it might be time for a closer look.

A simple way to sanity check your IT support

You don’t need a full audit to start.

User Facing Question Marks - Uncertainty

Ask these 5 questions:

  1. Do we know (not assume) that all our systems are up to date?
  2. Is multifactor authentication enforced everywhere it should be?
  3. Do we have visibility into suspicious login activity?
  4. Are our backups tested - not just running?
  5. If something happened tomorrow, would we know what was accessed?

If you’re unsure on even one of these, it’s worth digging deeper.

Final thought

Good IT support shouldn’t leave you wondering if you’re protected.

It should give you clarity, confidence, and a plan.

If you’re not sure where you stand…

We’ve been having more of these conversations lately with local small businesses, and they’re always helpful - no pressure, just a chance to look at things with fresh eyes.

If you’d like a second opinion on where things stand, we’re always happy to take a look.

 

About the author:

Ann Westerheim, PhD is the Founder and President of Ekaru, a Technology Service Provider of cybersecurity and IT services for small and medium businesses in the greater Boston area. Ann is an accomplished technology innovator and leader with three engineering degrees from MIT. She has twenty years of high tech experience in research, advanced development, product development, and as an entrepreneur. Her career has spanned a vast range of technology endeavors including research in thin film semiconductors and superconductors, microprocessor fabrication, development of early Internet medical applications, and now focusing on the application of technology in business. She has an avid focus on the "last mile" of technology and decreasing the digital divide.

 

Topics: small business, small business technology, cybersecurity, tech support

Subscribe by Email





    Browse by Tag

    See all tags...


    Posts by Month

    See all months...


    Connect With Us



    Older Blog Posts

    For older Ekaru blog posts, go to ekaru.blogspot.com.