It seems inevitable in this day and age that your business will need to address information technology needs and issues. Virtually every business from the small Shopify store to an international conglomerate needs IT support. In this guide we are going to cover the most common information technology hurdles that as a small to midsize business owner you will encounter, and at what point outsourcing your IT makes sense.
This normally would stop at a simple cost and benefit analysis, Present Value of Future Benefits / Present Value of Future Costs, and you’re done! Now hold on there, the main mitigating factor for justifying IT support may be cost, but few consider the actual IT threats that most businesses face today to realize that value. So, let’s look at the most common:
Phishing Attacks – While the delivery is digital, the success of this type of attack relies on lack of knowledge and our fundamental trusting nature. The attack is crafted as a legitimate email soliciting for private information, asking the recipient to click a malicious link, or open a seemingly legitimate attachment. This is often just the delivery process for what is becoming the most popular type of cyberattack.
Ransomware – With an over 500% increase in ransomware attacks in just the last year alone, this type of malware locks you out from your computer and database(s) and access will only be given back once a ransom is paid. The only good news here is that the average ransom is about $200,000 which means that most of these attacks will target those that they know can pay up. But that doesn’t mean if you are too small a business to afford it you won’t be targeted, it will just be less likely. The next most common IT threat is not without a sense of irony, considering what our main service we offer is.
Fake IT Support – You may have clicked on an ad while searching on Google, which then prompted you to call a bogus 800 number. This type of ad fraud has been a pernicious problem that Google tries to address quickly but they are not usually caught for 24-72 hours before the ad account is locked. You might see a forced redirect popup while on a search browser saying nefarious activity has been detected and contact the number listed. However, the most likely scam will be an unsolicited phone call claiming to be IT support with a large reputable company, perhaps even one you are using.
How fake IT support gets you is by either tricking you into granting access to systems they should not have or prompting you to do a remote viewing session in which you allow them to take control of your computer to “solve the problem”. The really good ones actually place an overlay that doesn’t look suspicious at all while they can use your computer as a veritable playground, installing malware or just simply stealing information.
Those are the most common types of cybersecurity threats and attacks, if you would like a more comprehensive list you can view it here. Now back to evaluating the actual value loss due to these types of scams.
Why don’t we start with what an average stolen identity value means to you as a business owner. At the end of 2020 there were about 206 million working age adults in the US, and yes there are a lot of mitigating circumstances that affect this number but for simplicity we will be using it. The total estimated loss due to identity theft, this is just the United States in 2020, was a little over 714 billion dollars, giving us an average value of $3,466 per person.
If a scammer steals just 100 of your client’s or customer’s identities, you could be staring down a loss of hundreds of thousands of dollars. That is where it starts.
If there is fraud on that scale there will be an investigation to where it originated, and it won’t be long before they find the common thread. If it is found that there was neglect on the part of the business, you can be held responsible for the loss and forced to pay it back. This can be compounded if you are also subject to fines based on the type of business you run.
If you are in the medical industry, you are subject to HIPAA regulations that carry fines up to $50,000 per violation. If you operate in the financial industry you are subject to the Fair and Accurate Credit Transaction Act in regards to identity theft. Those fines can range from a few thousand dollars to millions based on the type of infraction. Doom, gloom, and pitfalls all over the place, why would you even want to start a business? Well…
Realistic Countermeasures & Scaling
Businesses need to do business, even though this is an ever-growing threat it isn’t going away.
While if you are an under 10-person company, it may feel like having an IT partner is not attainable. However, not investing in IT now, could end up costing you greatly down the road in the event of a cyberbreach. It will come as good news that many IT partners like MyTek have models that will scale with you as you grow. This will save you time (and likely money) as a busy business owner or CEO from having to become your company’s IT guru – you wear enough hats already, right? Your IT partner can assume the work of educating you and your employees on what they need to watch out for and how to best set-up your IT infrastructure for optimal security. They can help put into place a cybersecurity action plan and train your employees on cybersecurity best practices.
If you do decide to go it alone, try to make the switch to an IT partner as soon as possible. As you grow, continuing to manage your IT solo will put your business at greater and greater risk for a security breach. If the foundation for IT security is laid early, it will pay off for many years to come. Assess on a regular basis your readiness to add an IT resource, whether in-house or outsourced and do so as quickly as possible.
In-House IT Support
The cost of IT support personnel can vary wildly depending on what level of expertise you need, but the average wage – which in our experience is on the very low end, especially in an environment when tech skills are in hot demand in the job force – in the US is about $20 an hour or $41,600 per year according to Indeed.
That wage is representative of someone who is very entry-level and will likely be qualified to only manage your company’s desktop support. The pro about having an in-house IT resource is that it can be affordable (if you don’t expect a high level of expertise) and you’ll have someone onsite (except when they go on vacation).
For some companies, on-site can be comforting when you want to have someone on-hand when an issue arises. Got a blue screen of death on a computer? Hand it to them and the issue can be solved in hours. Need collaborative troubleshooting? They are on hand to help. So, what are the downsides?
Do you need your in-house IT resource to be strategic? To know how to draft an IT infrastructure strategy or security plan? Do you need them to redesign your entire operating system and processes to maintain security, efficiency, and adhere to regulations that your industry is governed by? The salary ticks up with each level of expertise needed. It’s also hard to find (and expect) one IT person to have all of the skills you’ll need for an optimal IT infrastructure.
The more complex the IT problem the more specialized the skill set the individual must have to solve it. Making unexpected costs even more surprising when you need to hire a specialist to resolve an issue.
Your typical IT support personnel are only available during regular business hours. Leaving that data breach that happened on Friday night to be resolved on Monday morning.
Of course, we need to factor in the cost of benefits. If you opt to include benefits in your employment package, or if your state laws require you to, you will be incurring a significant increase in the overall price of that employee. In the private sector the average additional cost of benefits is 42%, making the actual cost of that $41,600 employee around $59,000 and oftentimes upward of the top end. Now on to outsourcing.
Outsourcing IT Support
The potential costs associated with outsourcing your IT support can vary wildly based on your needs as well, but for a very different and mostly positive reason. There are many pricing models but the most common are a la carte and flat rate, allowing them to be a very predictable expense.
- A la carte, or one-off jobs, and paying for specific services, is often the more expensive option up front. But if you just need a one-time installation and set-up of a data warehouse it doesn’t make sense to employ someone full time to do so. This model is mostly used when you need a specialist for a short period of time.
- Flat rate pricing comes in two models, either a cost-per-user or a monthly retainer. The rates you see in a cost-per-user range from a radically low $50 per user, all the way up to $200 per user per month. Monthly retainers are particularly hard to nail down since an individual business’s needs are so diverse. Easily ranging from as low as $2,000 a month to $20,000 a month or more depending on your size and needs.
Oftentimes, you as a business owner don’t have a solid idea what you really need to bring your cybersecurity up to par to be protected in the current market, or to be compliant with a regulatory agency. This is where the right managed IT support partner is so important, and this leads us into the next upside of outsourcing, flexibility.
When you are looking at most flat rate pricing models, being able to utilize specialized services as needed, staying on top of new tech and compliance requirements, and being available 24 hours a day, makes outsourcing a very cost effective and flexible option for most businesses. And you are not paying for benefits either. On to the downsides.
Many companies fear losing control of their IT when outsourcing. Of course, this really has to do with the quality of your IT service provider and how well they keep you in the loop and how transparent they are. The wrong provider may not provide the quality, communication, and service you have paid for. That is why it is so important that you vet them thoroughly, and we will be covering how to do that a bit later.
There is an inherent risk to outsourcing – security. You are going to be giving access to people’s private data to a third party, hence why being able to trust them in the first place is paramount.
Mismatched timeframes and deadlines can often occur. At best it is because there are mitigating circumstances you were not aware of or did not expect, this also happens on the service provider side as well. At worst they are a low-quality provider or don’t have access to the assets and talent you need. But this can be mitigated with good communication and proper vetting.
With all of that out of the way, why don’t we dive into what you should be looking for in an outsourced IT support provider.
Vetting the IT Provider
This starts with you. It will be up to you to outline what you think your business needs first. Having this list of needs defined is necessary to help guide you through the vetting process. So, answer a few questions yourself.
- What kind of services do I need and at what level?
- Do I need a local provider (in your city, state, or country), or can I go offshore?
- What is my budget?
Though you don’t need to have an expert understanding of your needs initially, having an answer to these questions will reduce the time it takes you to find an appropriate provider and reduce the risk of hiring an incompatible one. The rest can be summarized in a few key questions when looking for an outsourced IT service provider.
- Do they have experience in your industry? Is that important or not?
- Is their price range and service offering commensurate with similar vendors?
- What is their reputation? Ensure you ask for references that you can independently verify.
- What are the terms of their contract? Long-term or month-to-month?
- Will you have optimal transparency into your IT at all times?
- Do they communicate difficult ideas, processes, and deliver reports in an understandable manner?
- What do they outsource themselves and what is kept in house?
- Can they scale with you?
Besides the monetary value that a service provider can bring to your business, question six is by far the most important. If you don’t understand what they are doing, how do you know what you are paying for?
In summary, evaluating whether you should outsource your IT support can be a bit of a tricky task due to the somewhat nebulous nature of quantifying what exactly you need. But being vigilant on your end, finding a good match, and knowing what regulations you need to adhere to in your industry will help you find the perfect information technology service provider.
Need a free quote for managed IT services? Give MyTek a call today at 623-312-2440 and see what we can do for you!