What red flags show my IT provider isn’t protecting us?

The 7 Red Flags Your IT Provider Isn’t Protecting You (and How to Prove It)

 

If you don’t receive proactive proof each month that your business is protected, you’re exposed. Real protection is visible and measurable: tested restores, fast response time, modern security basics, a written disaster recovery plan, clean invoices, and clear ownership of your systems. Use the seven IT provider red flags below to verify whether your Managed IT Services Provider is doing the job.

This article answers the question: What red flags show my IT provider isn’t protecting us?  

 

 

🚩 RED FLAG 1:

No visibility, no transparency, no early warning

The One-Page Snapshot showing key IT Provider Red Flags metrics.

If you’re paying for IT but never see a one-page snapshot of health, you’re guessing. You should get simple numbers every month that a non-technical leader can read at a glance.

What to ask for (on one page)

  • Uptime percentage (how often systems are available).
  • Average first-response time and time-to-resolve, plus the slowest 10% so delays aren’t hidden.
  • Patch compliance percentage (software updates applied on time)at 30/60/90 days and multi-factor authentication (MFA) coverage percentage.
  • Backup restore pass rate (not just “backup completed”).
  • Early-warning security signals: unusual sign-ins or lockouts; endpoint alerts investigated and closed using endpoint detection and response (EDR) tools; unusual data-transfer alerts.
  • Ticket trends: the top three recurring issues and the permanent fixes shipped.

Why it matters

No surprises. If it appears on this page, you should hear about it before users feel it.  

🚩 RED FLAG 2:

“We back it up” but restores and recovery aren’t proven

Backups that aren’t restored are hope, not protection. You need proof that you can get your data back quickly.

Key definitions

  • Disaster recovery (DR) plan: a short, written checklist of who does what to bring systems back, in what order, and how you’ll communicate status to staff and clients.
  • Recovery time objective (RTO): how fast you’re back.
  • Recovery point objective (RPO): how much data you can afford to lose.

What to ask for

  • Dates and times of the last file-level and full-system restore tests.
  • Your current RTO and RPO, measured against those tests.
  • A DR plan summary with roles, steps, and contact/escalation.

What good looks like

Run a restore test monthly. Rotate targets (user file, database, whole server or virtual machine (VM)). Record the time until people can work again and compare it to your agreed RTO and RPO.  

🚩 RED FLAG 3:

Recurring tickets, slow response, and team churnThe Productivity Drain.

If your team keeps opening the same ticket or waits hours for help, productivity and morale bleed. Constant turnover at your provider makes it worse.

What to ask for

  • A repeat-ticket trend with a plain explanation of the cause and the permanent fix.
  • Response time distribution: median first-response and time-to-resolve, plus the slowest 10% so delays aren’t hidden.
  • Account team stability: who covers you, their tenure, and how to escalate.

Why it matters

Continuity is a control. When you see new faces every quarter, you lose institutional knowledge and your risk goes up.  

🚩 RED FLAG 4:

Outdated security (antivirus only, no EDR/MFA, no training)

“Antivirus and hope” isn’t security. Minimum modern basics are multi-factor authentication (MFA), disciplined patching, staff training, and endpoint detection and response (EDR) to catch suspicious behavior in real time.

Key definitions

  • MFA (multi-factor authentication): adds a second check (like a code or app) so stolen passwords alone can’t get in.
  • EDR (endpoint detection and response): watches devices for unusual behavior and helps stop attacks quickly.

What to ask for

  • EDR coverage percentage and how many alerts were investigated and closed last month.
  • MFA coverage percentage, especially for administrators and remote access.
  • Patch cadence by importance (for example, important fixes applied within fourteen days).
  • Phishing test trend: the percentage of employees who clicked a test phishing email, trending down over time.

Why it matters

These basics close the easiest ways attackers get in: weak passwords, unpatched software, and untrained clicks. When coverage rises and phishing failures fall, your risk drops — and insurers and clients have fewer concerns.  

Security Practice Outdated IT Provider (⚠️) Modern IT Provider (✅)
Antivirus Only ✔️
Multi-Factor Authentication (MFA) ✔️
Endpoint Detection & Response (EDR) ✔️
Staff Training ✔️
Patch Discipline (timely updates) ✔️

 

🚩 RED FLAG 5:

Surprise invoices and vague line items

If you’re charged extra for basics like backups, security updates, or monitoring, you’re paying twice. Predictable pricing should map to predictable outcomes.

What to ask for

  • A clear list of what is included each month versus what counts as project work.
  • A side-by-side view of downtime and incident trends before and after, compared to what you spent.
  • One invoice paired with the monthly report that shows the value delivered that month.

Why it matters

Tie dollars to outcomes. Fewer outages, faster response, and clean audits mean value. Everything else is noise.  

Learn More About IT Services From 7tech

🚩 RED FLAG 6:

You don’t own credentials, documentation, or an audit trail

If the provider controls the “keys” (admin logins) and won’t hand them over, you’re stuck. Ownership and an audit trail aren’t technical niceties — they’re basic business controls.

What to ask for

  • An admin access list (who has admin rights to each system) and a password-vault export in your company’s name.
  • Proof you own the core accounts: domain registrar, email (Microsoft 365/Google Workspace), cloud subscriptions, backup and security tools.
  • An asset inventory and current network diagram you can keep.
  • A simple change log (audit trail) showing major changes for the last 12 months.
  • When relevant, third-party attestations such as System and Organization Controls (SOC 2) reports or ISO 27001 certifications from the provider or key vendors — or a clear note on who is responsible for which controls.

Why it matters

A trustworthy partner makes exit simple. When you own the keys, the maps, and the history, you can switch providers without disruption and you can prove to clients and insurers that you’re in control.  

🚩 RED FLAG 7:

No roadmap (reactive-only) and one-size-fits-allReactive vs Proactive IT.

If every conversation is a ticket review or a sales pitch and nothing ties to your growth plan, you’re stuck reacting. A “same setup for everyone” approach ignores your real risks and priorities.

What to ask for

  • A 12-month roadmap tied to revenue and risk, with clear owners and dates.
  • A capacity plan that shows skills, staffing, coverage hours, and backup staffing.
  • A short alignment note explaining how your setup meets your compliance and insurer requirements.
  • A quarterly review schedule with a one-page progress update and the next three actions.

Why it matters

Proactive beats reactive. A simple plan reduces surprises, lowers downtime, and keeps your IT spend aligned to business results.  

Free Executive Webinar: 5 Expensive IT Mistakes Texas SMBs Keep Making (And How Smart Leaders Are Fixing Them Before It’s Too Late)

Get the one-page Executive IT Proof template and a cost-savings snapshot you can use immediately.

  • See the five IT mistakes that quietly drain profits
  • Know if your IT provider is dropping the ball
  • Leave with a simple plan to cut risk and regain control
📆 Wed, Oct 8 · 11:00–12:00 PM CT · Live Q&A

Hosted by Neal Juern, 7tech — built for non-technical leaders

Reserve My Seat

 

What Happens If My Backups Fail and Data Is Lost?

If backups fail, critical files can disappear, work and billing stop, and you may miss payroll and face legal trouble.

The fix is simple and disciplined: test restores every month, keep backups in two places (including one copy that cannot be changed), and keep a short, written disaster recovery plan that lists who does what and in what order.

Make it practical: write down who decides what to restore first, where you will restore it, and how you will update staff and clients. Time how long it takes until people can work again and compare it to your goals. Recovery time objective (RTO) is how fast you are back. Recovery point objective (RPO) is how much data you can afford to lose.  

How Do I Know If My IT Company Is Hiding Problems from Me?

If you learn about issues from staff, reports are missing, or answers are vague and full of jargon, problems are being hidden. A good provider shows proof, not promises.

Ask for this

  • A ticket aging report that shows how long each open issue has been waiting.
  • A list of patch exceptions with the date and reason for each skipped update.
  • Failed backup logs and what was done to fix each failure.
  • A change history for major systems that shows what changed, when, and who made the change.

If the reply is “we’ll get back to you” without documents, that is your answer.  A good managed IT services provider is transparent and keeps clear documentation. 

What IT Metrics Should I Demand From My Provider?

Ask for six numbers every month: uptime, average first-response time, time-to-resolve, backup restore pass rate, patch compliance, and multi-factor authentication (MFA) coverage. If these numbers are not improving month over month, you are not protected.

Early warning to include

  • Unusual sign-ins or account lockouts.
  • Unusual data-transfer alerts.
  • Count of endpoint detection and response (EDR) alerts that were investigated and closed last month.

 

When Is It Time to Fire Your IT Provider?

Fire your provider when issues repeat, response is slow, invoices surprise you, or you don’t own the keys. Make the call based on facts, not feelings.

Clean exit checklist

  1. Collect admin credentials and a password-vault export in your ownership.
  2. Export the asset inventory and current network diagrams.
  3. Get the last 12 months of uptime, response time, patch, and backup restore reports.
  4. Overlap the new provider with view-only access for 30 to 60 days.
  5. Disable the old provider’s access after the switch.

If you’re wondering when to fire your IT provider, it might be time to switch your managed IT provider.  

How 7tech’s Technology Alignment works (7 steps, about 30 days)

IT Provider Red Flag Checklist.

A plain-English Managed IT Services onboarding that aligns your technology with your business goals. We follow a 175-plus step checklist and review progress with you every quarter during your QBR.

Step-by-step

  1. Discovery
    We review your current setup, risks, and priorities. We collect access, inventory systems, look at past outages, and note what slows your team down.
  2. Alignment
    We agree on goals and success measures, set budget guardrails, and create a rolling 90-day action plan that supports growth and reduces risk.
  3. Implementation
    We deploy core tools with minimal disruption and document what changed. You keep ownership of accounts and credentials.
  4. Security setup
    We turn on the basics: multi-factor authentication (MFA), timely software updates, and endpoint detection and response (EDR) to spot suspicious behavior on devices. If you use a security operations center (SOC), we connect alerts so they are watched and handled quickly. We also schedule monthly backup restore tests.
  5. Training
    We equip your team with short guides and quick sessions. We run a simple test phishing email to set a baseline and plan follow-up training.
  6. Monitoring
    We watch systems around the clock and respond fast when something needs attention. Each quarter we deliver a one-page Technology Alignment scorecard in your QBR covering uptime, response times, patch and MFA coverage, backup restore results, key security alerts, and the top recurring issues with fixes.
  7. Optimization
    Each quarter we review results, update the scorecard, and refresh the next three priorities with owners and dates. We tune tools, close gaps, and prepare for upcoming changes in your business.

Deliverables you keep

  • Your quarterly Technology Alignment scorecard (template and latest report).
  • An admin access list and a password-vault export in your ownership.
  • An asset inventory and current network diagram.
  • Backup restore test results and a short disaster recovery plan summary.
  • Your rolling 90-day action plan with owners and dates.
  • A training plan and your phishing test baseline.
“Since partnering with 7tech, we have NOT been hacked and can sleep easier at night knowing that we are protected 24/7.” — Brenda Kudrna, Portfolio Specialist, Trinity Real Estate Finance

Ready to finally know if your IT provider is protecting you?

If these MSP red flags struck a nerve, your next step is clear. Get a free IT Risk Exposure Assessment & Cost Savings Report. In plain English, we’ll show whether your current provider is leaving gaps, what those gaps mean to the business, and where you can cut waste without adding risk. 👉Book your assessment now: https://go.appointmentcore.com/IT-Risk