10 Red Flags

1. "We've never had a breach."
   Either they're lying, they're not looking, or they don't know what a breach looks like. Every security professional knows: it's not if, it's when.

2. Three-year contracts with heavy termination penalties
   Good providers earn your business monthly. Lock-in contracts mean they're more afraid of you leaving than motivated to keep you.

3. Can't explain their security stack in plain English
   If they hide behind jargon, they're either trying to confuse you or they don't understand it themselves.

4. No references from businesses like yours
   A great healthcare IT provider might be terrible for construction. Industry experience matters.

5. Pricing that's "too good to be true"
   If they're dramatically cheaper than everyone else, they're cutting corners somewhere. You'll pay the difference later.

6. Response to problems is always "we're looking into it"
   Professional providers have processes. Amateurs have excuses.

7. They've never told you "no"
   A provider who agrees to everything isn't managing your risk—they're managing your mood.

8. Turnover in your account team
   If you've had three different primary contacts in two years, something's wrong internally.

9. They disappear between problems
   No proactive recommendations. No quarterly reviews. No strategic conversations. Just invoices.

10. You can't reach anyone after 5 PM
    Business doesn't stop at 5. Neither should your IT support.

10 Green Flags

1. Proactive monthly reports you actually understand
   They're tracking what matters and translating it for you.

2. Documented SLAs with actual penalties
   They're confident enough to put money behind their promises.

3. Regular disaster recovery testing with reports
   They don't just back up your data—they prove they can restore it.

4. Financial guarantee on security
   They put their money where their mouth is. If ransomware gets through, they write a check.

5. Earn your business monthly (no lock-in)
   They're confident you'll stay because you want to, not because you have to.

6. They ask more questions than they answer
   They're trying to understand your business, not just sell you services.

7. They tell you things you don't want to hear
   "Your budget is too low for what you need." "That project is a bad idea." "Here's what you're doing wrong."

8. You know the people doing the work
   Not just the salesperson—the actual engineers who manage your systems.

9. They discuss failures honestly
   Every provider has had problems. The good ones learn from them and share those lessons.

10. They have a vision for your technology future
    Not just maintaining what you have—helping you get where you're going.