Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042


Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

Receive our IT best practice health assessment

This short survey can be completed by anyone in your organisation that has a responsibility for IT – you don’t need to be a techie. It takes you through some key questions around IT practices which will help us to provide a report about your overall IT estate.

Once completed, we will run a report which we will send back to you via email. Of course this is based on your responses and ideally we would have an opportunity to carry out an in person IT audit. You may qualify for this to be done free of charge, please get in touch to find out more.

If you are unclear about the answer to any of these questions – or if you think that something is happening but realise you can’t actually be certain it is, it’s best to choose ‘unsure’ as an option. If you are unsure about how to answer any of the questions, feel free to call us on 01483 412 040 and we will be happy to talk you through the questions.

    IT best practice health assessment

    This short questionnaire aims to assist you in evaluating how your organisation performs against a range of identified good practice standards within the commercial use of technology. You do not need to be an IT expert in order to complete this assessment, but it's useful if you have some understanding of the policies you already have in place.

    Once you have pressed submit, we will analyse your answers and produce a report full of actionable insight and recommendations for improving IT health, resilience and security. One of our consultants will be in touch with your report within 24 hours.

    It will take about you 5 minutes to complete the questionnaire

    Your Progress:

    Do you have a strong password policy in place?

    Passwords are the first line of defence and the simplest protection for keeping user data safe. You need to ensure that end user passwords are controlled centrally, so that users are forced to use complex, unique passwords and to change them regularly. Humans will follow the path of least resistance, so simply telling them to do this is not enough, your password policy needs to be enforceable. To answer 'yes' to this question your password policy should be: Controlled centrally so users are enforced to comply, it should insist on complex passwords and should ensure that passwords expire after an agreed period of time.

    Are you using Multi Factor Authentication (MFA) for access to key systems, such as Office 365 and CRM databases?

    With more and more data stored in the cloud, in particular in Office365, organisations are using traditional security measures, such as VPNs, less frequently. If the only thing a cyber criminal needs in order to login as you, is your email and password, this is fairly easily cracked. With multi factor authentication (MFA) a user also needs a secondary device, normally a mobile phone authorised by your organisation, from which the user generates a one-time passcode which is needed in addition to the password. This has been proven to reduce successful account hacking by up to 99%.

    Are all your PC & laptop's hard drives encrypted?

    Whilst you may have a password policy in place, if a device is stolen, it's possible to circumvent that password by removing the hard drive and installing it in another device. If the hard drive itself is encrypted, this further protects all the data stored on the disk. Cybersecurity and data control are legislated under GDPR which became law on 25/05/2018. Under the law directors of the business are personally liable (with potential imprisonment) for any breaches. The significance of encryption is that should a machine be lost or stolen, the breach must be reported to the ICO with 72 hours of the loss becoming known; if the machine is encrypted then that is an end to the responsibility, however, if the machine was not encrypted then the loss also has to be reported to all of the companies contacts whose details may have been compromised, a step you don't have to take if the device was encrypted. The negative PR associated with having to notify all your contacts is possibly more damaging than the breach itself!

    Are all of your devices upgraded to the latest operating system?

    Old operating systems are an immediate risk to the security of your data, because they are no longer patched and updated by the manufacturer to protect you against the latest cyber threats. By now you should ensure that all Windows devices are using Windows 10 technology, and that all MAC devices are updated to Mac OS Catalina.

    Are you using a third party backup service to back up all of your data?

    Backup of data remains a mission critical activity, and this is just as important in cloud based networks as it is with traditional server based computing. Data gets lost or compromised for many different reasons. The most common data loss is accidental deletion, but increasingly cyber attacks work to encrypt data, with a ransom being demand for the safe decryption of data - the ability to quickly restore is much more cost effective. And of course hardware corruption, theft or destruction still happen too. Storing data in the cloud does not mean it's automatically exempt from the need for a third party backup! In the case of malicious data encryption for example, cloud stored data is just as much at risk of attack. Whether it's a traditional tape backup, or an online cloud solution, there should always be a second copy of your data, with an 'air gap' between the live data and the backup. It should cover email accounts, file storage be that on servers or in SharePoint or cloud stores, as well as CRM, HR and finance databases.

    Do you know how long it would take to restore key elements of your current system or data?

    Most organisations recognise the importance of backup, but in reality, it's the ability to restore data that is important when something has gone wrong. Your business continuity plan should include a statement from your Chief Executive to state how long it takes to restore key systems, and a confirmation that this time scale is acceptable to the organisation. Think about different parts of your system, for example CRM, Finance, Files & Folders. What is the impact of a restore that may take several days for example? If it takes 5 days to run a cloud restore of your finance system, that might be fine, unless that's at month or tax year end. What's an acceptable period of downtime for your organisation?

    Is someone responsible for ensuring all devices, including routers and firewalls, are updated with the latest patches and updates?

    Manufacturers release patches and updates regularly, in order to fix both performance issues, but also to patch against newly discovered security vulnerabilities. It's important to ensure that your organisation has someone responsible for regularly auditing all devices, that's PCs, laptops, tablets as well as networking equipment such as firewalls, routers and switches, to ensure that they are protected with the latest manufacturer update.

    Are you using a centrally managed antivirus/anti-malware tool, suitable for the commercial environment?

    Antivirus or anti-malware software has been around for as long as any of us can remember, but not all versions were created equally! This software is probably more important to your organisation than the lock on your front door - so don't use the cheapest option - you get what you pay for! As a minimum your antivirus software should be approved for use in a commercial environment and should be centrally managed - which means your IT administrator should have a central console that they can log in to which reports back on what devices are being used across the business, and checks that all are running the most recent release of the manufacturers software. it should never be left to end users to manage this themselves because we can guarantee, they will never do it regularly enough!

    Do you have a policy in place for managing mobile devices?

    In this 'software as a service' world, increasingly your company data is being accessed by your staff, from more devices than ever before. Whether you issue mobile devices to your colleagues or whether people are using their own, it's a given that people will be at the least, accessing emails and calendars via their smart phones, and many will also be accessing files and CRM data too. It's important that you have process for managing mobile devices which enables you to determine who can access what, the minimum security requirements of each device that accesses your data (e.g. does that phone have a six digit PIN and is it running an up to date operating system) and that enables you to restrict access and block access to data should an employee leave you, or lose their mobile device.

    Do you have a current register of all the places your data is stored?

    Under the requirements of GDPR, it is important that you maintain an accurate register of all your company data and that you know exactly how and where that data is stored. You should have a documented data asset register, thinking about email, file storage, CRM, HR and marketing data. Think not only about emails and files, but what tools your people are using to communicate and share data, be that messaging tools, conference services etc. You should be confident that all your third party suppliers are taking appropriate steps to store your data securely, you should also be confident that you know where that data is physically stored. You may outsource services to software companies but you cannot delegate your responsibilities under the data protection regulations, and the Information Commissioners Office can issue significant fines and penalties if you are found to be breaching good practice.

    Are you carrying out regular cyber security awareness training?

    IT security is 50% technology and 50% human factors! You need to train your staff to become your 'human firewall' ensuring they are vigilant to the type of attacks that exploit these human factors. The threat landscape is changing all the time, it's not enough to just run a 30 minute session as part of induction. Training needs to be current, regular and relevant.

    Are you carrying out test phishing exercises?

    Phishing emails are becoming more sophisticated and harder for a user to spot, resulting in an increase in successful cybersecurity breaches. The key to protecting your data is ensuring that your staff know how to spot a fraudulent email and how to keep your business safe. It's a great idea to carry out periodic tests, sending our spoof phishing emails and tracking who falls foul of the test so that you know where to focus on staff training.

    Do you have physical servers within your organisation?

    Are all your servers under a current manufacturers warranty?

    ramsac recommends that all ‘production environment’ servers are covered by a manufacturer’s warranty. If a server fails, multiple users would be affected so it’s important that a fix can be applied quickly. If a server is covered by a manufacturer warranty, the manufacturer is responsible for ensuring that replacement parts are available, normally within 4 working hours. We would therefore recommend that you look to either extend the warranty or consider replacing this server or migrating it on to different hardware.

    Do you have a properly configured Uninterruptible Power Supply (UPS)?

    A UPS is an external battery which is designed to protect sensitive network equipment from power faults. In the event of a power cut that lasts longer than the battery life, the idea of te UPS is that it recognises that it’s running out of battery, and it starts to gracefully shut down servers, in the order that is specified in the management console, to ensure that all servers are neatly closed before the battery power also fails.

    About you

    Please provide us information about you and your company so we know where to send the report.

    GBH Law
    GBH Law
    11:29 22 May 20
    Changing IT support providers, like changing lawyers, is not a decision any business takes lightly or frequently. The decision is fraught with numerous questions such as whether the new team will understand my business needs, will it cause teething problems, and more importantly, will the reality match the sales pitch! We took that decision to move to Ramsac in January after ten years with another provider and we have not regretted that choice for a moment. Ramsac are simply great! From the get go we have been very well supported from the front line very helpful telephone support team right up to our relationship manager. We feel that the Ramsac team are very much an integral part of us . What however has driven us to write this review is the fabulous support we have received following a cyber attack this week. Something no business wants to happen but is increasingly a sad factor of modern cyber life. The Ramsac cyber support team were superb and really gave us first class support and guidance through what was frankly a horrible experience. Thank you Dan! Denise Herrington
    The HR Services Partnership
    The HR Services Partnership
    17:59 16 Jan 20
    We have worked with Ramsac since 2015. They offer a truly winning formula. We have been delighted by their support at all three levels: our network consultant (Colin) understands our set up and is great when we need to upgrade our infrastructure; we have ready access to our account manager who has been great with supporting our growth; and the helpdesk is always so patient for the day-to-day glitches. Very professional and supportive – thank you team ramsac!
    Zoe Brooks
    Zoe Brooks
    13:02 16 Jan 20
    Sam on the support desk is extremely knowledgeable and helpful. Every time I have rung with an issue and she has helped the problem has always been rectified smoothly and quickly!
    Sarah-Jane Calloway
    Sarah-Jane Calloway
    16:02 06 Jan 20
    Ed spent two days with us following an office reshuffle. He worked to a very high standard and was very helpful, courteous and happy to sort out anything we asked of him!
    Luke Hoey
    Luke Hoey
    14:20 07 Nov 19
    Always very helpful and will work hard to resolve any issues you have.
    Richard Renson
    Richard Renson
    16:54 10 Dec 18
    Great, helpful IT Kings and Queens
    Andrew Worth
    Andrew Worth
    12:37 30 Aug 18
    fine bunch
    Colin Warner
    Colin Warner
    08:46 06 Dec 17
    Excellent managed service provider.
    Selom B
    Selom B
    11:58 10 Dec 16
    First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
    Ian Windle - Inspiring Leadership
    Ian Windle - Inspiring Leadership
    08:53 04 Jul 16
    Great IT business, with a powerful management team. Could not recommend them more highly.
    Patrick O'Luanaigh
    Patrick O'Luanaigh
    10:55 01 Jul 16
    A truly fantastic IT support company - I can't speak highly enough about them.
    Sarah Whitemore
    Sarah Whitemore
    11:59 20 Jun 16
    I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
    Jonathan Richards
    Jonathan Richards
    12:14 31 May 16
    I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
    See All Reviews
    © 2021 ramsac. All rights reserved.