SMBs: What Your IT Contractor Should Be Telling You

Every business needs IT help, but not all are big enough to have an in-house IT staff. We asked an IT contractor about the advice he gives and how to hire wisely.

Contractor Advice

Peter Lopez, founder of Brooklyn Tech Guy, is a certified Apple specialist, a self-declared "local Mac guy" and an expert Brooklyn businesses call when they're established enough to have tech needs but too small to have in-house IT staff.

His clients are primarily businesses such as architecture, design and law firms, as well as fine art studios, shared office spaces and private clients.

"A C-level executive may have a four-story brownstone," Lopez explained, "and he wants the WiFi to be strong and secure on each floor. And, like he does at work, he wants to have a person he can send a one-line text to and then not have to think again about a problem, whether it's getting a printer to work or setting up a new iPad."

Having dealt with a variety of clients, and cleaned up situations left behind by other contractors, Lopez agreed to chat about what small businesses should consider when bringing in outside IT help, and what recommendations a consultant should be making to small-business customers.

1. Use Software for Passwords

"I have a client, let's call it Business X, and all of their passwords were Business X1. I said, 'What's your server password?' 'Business X1.' 'What's your Google password?' 'Business X1.' That's a big mistake," said Lopez. "And I get it, because you need to keep track of it all, but it's really leaving yourself a huge security hole."

If an employee leaves and is disgruntled, the cost of addressing a problem he or she could create—both financially and from a stress perspective—is enormous.

"Instead, the next time you go to the server, take the two minutes to change the password," said Lopez.

There are a few software solutions that generate and keep track of secure passwords, such as 1Password and Dashlane. A handful share the market, he said. Which one you choose is less important than that you choose one.

"All you have to remember is one password, and it unlocks the database of all the other passwords," Lopez said.

1Password, for example, creates a 30-character password and inserts it and the username into a site when users click the installed button in their browser.

"My password, for every place I go, is gigantic and unique. And it takes very little maintenance once you get it set up," Lopez said. "I recommend that all the time for businesses, because they say, 'We want to be more secure, but we don't want a spreadsheet that we have to update every five minutes.' And they don't have to. This kind of software takes care of it, and it syncs across your phones, your tablets—everything."

2. Use Two-Factor Authentication

"All the software companies offer this now. But I'd say about 12 percent of the clients I see actually take advantage of it because it's a little bit of a pain," said Lopez.

But it's worth it.

"I'd say twice a year, I see clients get their Google accounts hacked. Not that anyone's stealing their information, but someone's using their email to send out spam. And it totally screws up their email for about two weeks. With two-step verification turned on, that wouldn't happen," he said.