How to choose small business IT support
Brexit, the pandemic and cyber crime have made finding the right IT more important than ever.
Increasing complexity, costs and pace of change have made it harder to ensure the best return.
This guide takes you through five criteria to use when deciding if an IT provider can help make you a better business.
1. Experience and Expertise
4. Cyber Security
Why small business IT support is so important
Welcome, to our guide on selecting an IT partner, for owners and senior managers who are looking to grow their companies
If you're reading this, you're probably disappointed with your IT. You also probably don’t want to begin the task of searching for a new provider.But you need to.
IT today is a necessary evil. It’s so baked into doing business and serving clients that having poor IT damages your business:
- Poor service is frustrating, halts your work and prolongs problems.
- IT Projects stunt your growth if they under-deliver, take too long and cost too much.
- Poor security means you carry unnecessary risks to your reputation and finances.
These are painful experiences made worse by the fact that IT should be a catalyst to success, not holding you back.
You're not alone in this. London’s economy hasn’t seen productivity growth since 2008. And it’s not because you aren’t putting the hours in.
It’s because, despite having more ‘smart’ tools now than ever, the way we work isn’t smarter. Despite the promise of ‘digital transformation’, there’s still a gap between technology’s potential in the workforce and our ability to grasp it.
Small to medium-sized businesses don’t have the time, budget or inclination to be experimenting with tech’s leading edge.
But nor do they want to lag so far behind the technology that their customer service suffers.
They want what Roxanne Morison, CBI’s Head of Digital Policy, calls “tried and tested technologies”, that keep them competitive and profitable.
Research shows the link between business competitiveness and technological competency is growing stronger than ever.
Goldsmiths University’s Blueprint for UK Competitiveness classified organisations as either frontrunners, challengers, survivors or endangered in 2021 based on their “tech intensity”.“Tech intensity” a term coined by Microsoft CEO Satya Nadella, describes an organisation's ability to “build their digital capability on top of the technology they have adopted.” Nadella argues UK companies need to enhance their “tech intensity” to remain successful going forward.
If you accept the mounting evidence that leveraging IT is a major factor in a company’s success, then you need to look for a partner that can keep you out of the endangered and survivor brackets and sustain you in the challenger bracket.
However, many business leaders only factor in cost when looking for small business IT support. Partly that’s because:
1. Staying competitive is about controlling costs.
2. IT is considered a commodity, rather than an enabler.
3. Because it makes for an easier decision.
If small business IT support isn’t your field, how do you assess if partners are capable of helping you realise your potential?
It’s an important question, made more pressing by the fact IT costs are on the rise as:
- IT complexity increases.
- Cyber security and compliance become increasingly demanding.
- The IT sector is consolidating, backed by private equity that expects a return.
This guide covers five factors we think help you identify providers capable of adding value, keeping you productive and competitive, enabling your growth, delivering your business goals and mitigating your biggest risks.
If you need further convincing on the return to be gained from IT investments or want help in making that argument to a Financial Director you may want to look at our separate article on The Hidden Costs of Poor IT.
If not, then let's begin with our first factor, experience and expertise.
1. The experience and expertise of your small business IT support
Have you ever asked yourself: “surely, there’s a better way to do this?”
In 1990 we joined an IT Peer Group to accelerate our learning of IT best practices. Combining our experiences meant we could improve faster and reduce some mistakes.
While not rocket science, IT is reasonably complex and fast-paced. Technical knowledge is important, but so too is being able to apply that expertise to business goals and embed change so that real people understand and adopt technology.
Experience really counts when you are enabling change management. It’s the key to finding better ways to do things and delivering that “tech intensity” that closes the productivity gap.
Here's what you should look for when assessing the experience and expertise of an IT provider who can leverage IT to your advantage.
Signs you should look for
Troubleshooting isn't guesswork – you have to know the technical detail and be able to think logically. Certifications tell you something about knowledge acquisition and arguably about knowledge retention if there’s a solid history of certification. But they don’t tell you an awful lot about logical and practical thinking.
Training and development
You are going to want to know a bit more about how they train and develop. Asking about how they select and recruit can be instructive about the sort of person you will get answering your call or running your project. But there are lots of possible exploratory questions to ask: what forms of training do they use, how do they research new services, how do they improve projects as they repeat them, do they conduct autopsies without blame?
Efficient and effective help
It’s important to get the right person on the right job at the right time. Processes, scripts and checklists have their place on a helpdesk. None of us wants to fly with the airline pilot who doesn’t see the need to do the pre-flight checklist the day we are onboard.
And we all know the pain of the scripted helpdesk person who won’t, or can’t, put us through to someone else. Possibly because they are not trusted with the contact details of their senior colleagues!
Good helpdesks and project teams have methods they are proud to discuss for measuring and re-calibrating responses. They will also routinely give you regular updates and reports.
If they retain clients whose needs are like yours, for extended periods, this is a strong indicator they can provide the experience and expertise you need.
At the time of writing Microsoft365 has 1,669 updates in play on their official roadmap:
- 606 in development
- 243 rolling out
- 814 launched and available
This gives us some idea of IT’s potentially overwhelming complexity and pace. It's easy to miss what is fundamental to success and not work out how to mould emerging tech into the “tried and tested” that Roxanne Morison mentions.
For you to benefit you want someone who has turned learning and adapting into something of a process. To deliver efficient and effective customer service to you they will have become continuous learners and improvers.
As they mature IT providers develop a set of standards that they know well and the ability to keep an eye on what will become a new standard. The training and development mentioned above will play an important role. They may inspire a sense of having “an inside track” on IT, from peer group membership, sitting on industry advisory boards, managing user groups, facilitating industry events, winning awards etc.
A paid, discovery audit with analysis and recommendations is an effective way to assess a provider’s expertise and experience. Its breadth and depth should illustrate the capabilities of the provider to investigate, analyse and backup their recommendations.
Many IT audits are free and because of that tend to be superficial or sales-oriented. So you are unlikely to gain much insight into their experience and expertise. Paid audits mean you get to test the mettle of senior techs and consultants before you commit to a year’s contract. It’s a good way to grow confidence in your choice before you sign up for a year or more.
Another indicator of a small business IT support provider's level of experience and expertise is their responsiveness, which brings us to our next important factor to consider.
2. The responsiveness of your small business IT support
You want a help desk that is designed to be easy to contact and provides some choice in how you contact them. Some help desks seem designed less with the customer in mind and more to protect those answering calls.
You want to speak quickly with a real person. Not waste time remembering ticket numbers and navigating call queuing systems. Being able to speak with someone senior and share information securely means you won't be spending time repeating yourself.
Responsiveness is not only about being easy to contact. Once your request is in the system there has to be some intelligent organisation. In other words, is the right person doing the right job at the right time?
We all know the frustration of feeling that we still “own” a problem, despite having carefully explained it to a helpdesk responder. Somehow you end up being the one to chase it or question if a different approach wouldn’t provide a better, more timely solution.
The next level of responsiveness is scaleability. This goes back to experience and expertise. Does this provider have the breadth and depth to look after you now and several years in the future? Can they respond as you grow and develop? Do they have a roadmap of where IT is going and a plan to keep up with it, so that you can benefit from it?
What signs can you look for in a small business IT support provider that indicate how responsive they are?
Signs you should look for
Feedback and customer satisfaction scores
Reviews, Service Level Agreement targets and other help desk statistics are good indicators of responsiveness, despite the saying about lies, damn lies and statistics. A certain volume and authenticity of reviews are very reassuring. As is the ability to talk to an existing client who is happy to provide a reference.
Regular, personalised reporting
Are the reviews and stats just for prospects visiting the website or do you, as a client, get them regularly? Getting monthly reports and face to face meetings on your IT’s performance is an indicator of an ongoing commitment to service. You don’t want service to be back of mind until it’s time for the contract renewal.
More mature IT providers have systems in place to analyse patterns in support calls, look at root causes and find effective ways to shorten support times or even eliminate the need for the call in the first place. For providers focused on customer service, this is pretty much a continuous activity.
Response to negative feedback
No provider is perfect so it’s good to ask what happens when things go wrong or feedback isn’t so positive. Do they have a customer service manager? How do they investigate poor feedback? What processes do they have for continuous improvement? Are you subject to contractual lock-ins?
The breadth of thought given to small business IT support services
Are they holistic and joined up? Do you have options on how the service is delivered? Robust, well-thought-out processes are important. It’s difficult to keep clients happy and be responsive unless you have checklists, templates, dashboards and monitoring.
However, the process should be at the service of the outcome. Good providers will realise when something is not as good a service for the client as it should be and take it upon themselves to make changes.
That requires intelligence around processes, which often depends on culture.
3. The culture of your small business IT support
Key performance metrics can be motivating, but without the right culture, they can have unintended consequences. Here are some examples of how things go wrong in IT:
- First responders hit their required daily quota of “call intakes” and some engineers then slow down or stop answering phones.
- Keen engineers hang on to problems beyond their experience and implement non-standard “solutions” that create further problems.
- Project techs over-engineer solutions, getting carried away by technical features rather than on delivering business outcomes.
Such problems wear away at your budget, productivity, time and patience.
Culture is something frequently overlooked when it comes to picking small business IT support, but it really shouldn’t be. The culture of the organisation you're partnering with tells you so much about how reliable, trustworthy and high quality their service will be.
An IT provider with a business-focused culture regards technology as a tool to further your business aims, instead of a passion project implemented for its own sake. A necessary starting point to you receiving good service from an IT provider is them having happy and stimulated staff.
A healthy organisational culture develops individuals and teams so they are higher performing, more productive and responsive, providing higher quality support.
- The New Century Financial Corporation found that employees who are actively engaged at their job, feeling happy, supported and secure, outperform the competition by 20% and are 2.1% above industry benchmarks. They are also likelier to solve difficult problems faster.
- If you want further proof of why culture is so critical, ask your peers. According to Deloitte, an estimated 94% of executives believe a distinct workplace culture is important to business success.
An ideal provider wants their staff to fulfil their potential, so their clients can too. Here are some signs an IT provider has the culture to make your partnership successful.
Signs you should look for
Low turnover rates
IT is extremely competitive and demand for techs, especially experienced ones, remains high. If staff have been at the company for years, especially if they are a smaller provider, the culture there is likely to have something to do with this.
Staff rise up the ranks
This shows that they recognise potential internally, nurture staff to achieve their best and again, retain employees.
Typically displayed on the provider's site, these are curated so take them with a grain of salt, but they are an indicator of the client's experience with the company.
References from current or former clients
Feedback directly from current or former clients can help you discern a provider’s culture. Even if their business partnership didn’t work out, the provider is still likely to be spoken of in favourable terms.
Not all problems are IT problems
Many companies have values they hold to even if it is at a certain cost to themselves. IT providers should have examples of where they have not recommended a technical solution they could provide because it is not the best way to achieve the business goal and recommending doesn’t build a trusted partnership.
Here's an example from our own experience:
A client had crucial monthly payments to make on a certain date. A payment system failure would be a major problem, so as part of their business continuity plan they asked if a mirrored server might be a solution. That’s an expensive, permanently available IT solution to cover an outage that would only be a problem one day a month. All the other days there was enough time to recover using their existing recovery plans. Our Technical Account Manager (who is not commissioned on sales) suggested confirming the bank would repeat the previous month’s payments and correct once systems were back online. This was acceptable to all parties as a plan.
Another major factor in choosing an IT provider, which is deeply linked to culture, is cyber security.
4. How your small business IT support handles security
With a lengthy list of IT services your business needs, this section comes down to one question.
Why single out cyber security as particularly important when choosing a small business IT support provider?
- It’s one of your company’s biggest risks financially and reputationally.
- You have a legal and moral duty to protect the data you create and hold on others’ behalf.
- The Government and the Information Commissioner’s Office define it as a board-level responsibility.
- Increasingly businesses are assessing your security measures to decide whether or not to do business with you. Senior people and fee earners being able to speak knowledgeably and reassuringly about security is important, particularly after a breach.
- Most breaches happen because of human error. Strong leadership and example-setting from the top help define a security-first mindset that protects you, your staff and your clients.
- Sadly, it’s not a static requirement. It requires regular attention, maintenance and evolution.
These are good reasons to spend some of your precious time on setting standards and prioritising how to mitigate risks. However, leaders are understandably reluctant to spend time on an area they probably have little expertise in.
We think it crucial that you find IT support with a consultant whose advice you value and who you believe will be worth spending time with. Can they succinctly and non-technically advise you so you can make a well-informed decision for your business?
Aside from this, what other criteria indicate an IT provider can deliver the security you need to mitigate risk as you develop your IT?
Signs you should look for
IT’s complexity makes security harder. The number of applications we log in to, the variety of devices to be secured, the expanding times and locations where we work, the amount of data we are obliged to protect, the increasingly sophisticated ways we are conned. Every IT project needs to consider security by design and default. But if security locks you down too rigidly people will stop using it, work around it or be much less productive.
You will want an IT provider who has security elements built into all their projects and is skilled at change management processes. People need to understand, learn and adapt to new technology if it is to make you more secure.
Even a security tool as apparently simple as password management software needs to be introduced in a way that ensures people understand and use it, even though it puts them to extra steps and effort. There is no point buying it, not making the most of it and then paying for a breach, yet that often happens without a security-first mindset.
Accreditations and Credentials
Accreditations, like ISO 27001 and Cyber Essentials Plus signal that a provider has a foundation of expertise that you can trust. Naturally, like help desk certifications, they don’t tell you the entire story, but they are an indicator of a provider understanding and following a proven security framework.
Security Best Practices
Whilst a focus on the technical is natural from an IT provider, security is a combination of people, processes and technology. Whatever framework an IT provider is using should integrate these elements. Unfortunately, it is all too easy to have a boardroom policy’s standards become so diluted in the implementation and maintenance, that it quickly becomes ineffectual.
Training and testing
Most breaches happen because of human error. Even if you are not going to take up any testing or training (and, by the way, we don’t think that is a good idea – we test our employees and we work in IT) it’s a good sign if your provider has several different ways to train, educate and test staff specifically around security.
Risk management and being in the loop
Security is about risk management. Your provider should explain an iterative process that determines where you are, your current biggest risks with options to mitigate them and regular reports on how existing measures remain up to standard.
Even a limitless budget cannot guarantee total security. Be wary of providers offering magic bullets that take the headache entirely away from you. Realistic providers will recommend a contingency budget item for security. At some point, something bad is going to happen, that will drain time, energy and budget.
It’s not only security that benefits from a process of planning, doing, reviewing, prioritising and re-planning. All of your IT should be subject to continuous improvement in this way. This brings us to the last of our five factors.
5. The roadmap you get from your small business IT support
Leveraging your IT to grow, become more productive and become more competitive cannot happen without an holistic long-term plan.
It’s critical that you're at the helm of this plan.
Often, senior members of a business want to spend no time on IT. This is an unwise decision, but you need to know your time, your most valuable resource, is being well spent.
You need to have verified that your provider can provide the strategic input to leverage your IT and create a long-term plan. And that you can work effectively and efficiently with them.
So, here are some indicators an IT provider can deliver on these fronts.
Signs you should look for
They have robust planning frameworks
Frameworks don’t need to be complex, just to keep things organised and focused. Your IT provider should use one that involves regular explaining, planning, prioritising and decision making around IT. It should include the delegation of actions and report up in a way that demonstrates return on investment.
Ideally, the framework will collate information from a number of perspectives in your business. Different roles perceive IT and make decisions about it, very differently (see diagram). If you are a small business one person may take on more than one of the roles illustrated. But for most of our clients working with the framework we use boils down to these commitments: one annual report and Q&A for the board, twelve hours per year of a senior manager’s time, and twenty-four hours per year of their deputy’s time.
They translate complexity into simplicity
Setting aside time to make your IT strategic is important, but if that strategy is to be realised business and IT have to speak the same language – which they often fail to do.
An IT provider capable of translating your business goals and problems into IT solutions alleviates bottlenecks that often arise from the fact business and IT move in different directions.
Audits and IT that is Fit for Purpose
Audits and IT that is Fit for Purpose
Audits are not particularly exciting. But if one person tells you things are “OK” and another tells you the same thing but in addition shows you things are “OK” – which one will you trust more?
There are a number of different audits that will illustrate how fit for purpose your IT is and its current state of health. They help senior decision-makers in a variety of ways:
- Plan replacement well ahead with a 12-36 month budget and roadmap.
- Ability to set office insurance at an appropriate level.
- Move towards standardisation on kit to reduce total cost of ownership
- Assist with wise and controlled purchasing decisions.
- Set acceptable downtime and data loss limits and know you can hit them.
- Test recovery processes and confirm they are achievable.
- Ability to set business interruption/continuity insurance at appropriate level.
- Confirm whether compliance requirements are met.
- Determine the correct type of cyber insurance.
- Ability to reassure your clients about security policies.
- Determine whether Cyber Essentials Plus or ISO certification can be achieved.
- Confirm if key processes have been documented.
- Determine whether there is an over-reliance on a key person or resource for knowledge.
- Identify which policies or procedures are missing.
However, for the purposes of selecting an IT provider the most commonly used audit is the Discovery one we mentioned in our first selection criterion (Experience and Expertise).
If you want more details have a look at this case study, but Peter Martin, the director of Finance and Operations at Intermusica, summed up the benefits from being considered “as a business, not just as an IT client.” Saying that “There were insights into the nature of our business, consideration of what makes us successful and what we want to achieve in the next five years set in the context of where IT stands now. The combination of business understanding, and audit helped us find our path.”
A small and medium business IT provider that can bring together business understanding, strategy and intelligent use of IT, is especially valuable for any business seeking future growth.