Frequently Asked Questions

General Questions

We do offer hourly IT services for IT consulting, project consultation, and project execution. New clients sign a retainer agreement and provide a deposit before work can begin. 

Yes, with a basic monitoring plan + “as needed” hourly IT support services. 

Monitoring allows us to:

  • patch your devices.
  • maintain your antivirus.
  • get problem alerts.
  • run updates & fix issues remotely. 

You will have less problems and lower IT support costs overall. 

Get in touch to learn more.

We offer on site IT services in Toronto and Mississauga, North to Highway 7, east across North York and Scarborough, and along the 401 throughout Durham Region.

We offer remote support services across Canada and to your staff across the globe.

We are 100% owner operated. 

Yes. We offer IT consulting for NIST, COBIT and Information Security Frameworks and Screenings. Get in touch.

TUCU offers PCI compliance to our clients who have fully Managed IT Services with us. 

Our partners provider PCI compliance consulting to everyone else. Get in touch for a referral. 

Yes, please get in touch.

We are Certified Partners for both platforms.

We go deeper into IT security, risk management, governance and compliance with Microsoft 365. 

Network Security Questions

Intrusion Detection Systems are a software component on some firewalls. They are a layer of overall network security aimed at preventing unauthorized access. As an older solution, IDS is unable to view encrypted data.

Since HTTPS, SSL certificates and data security became common, IDS solutions can only see and defend against a very small portion of network traffic.  

Network firewalls help protect ports on your network. IDS solutions help view and approve or deny unencrypted data travelling over your ports and network.

Both are layers of physical network security. Neither is a strong stand alone solution.

Every device and account is a vulnerability point. A firewall does not protect all these points of access.

Best practices today include multiple layers of protection at the domain level, email level, account and endpoint level, and so on.  Each layer is finely tuned and better at catching specific threats. All layers working in tandem provide a strong defense against cyber threats.

In the past, perimeter security like IDS and firewalls worked alone, defending company network from the outside web and external threats.

Today, we know that approximately 30-40% of network security breaches are caused internally, both accidentally and intentionally.

We also know that over 70% of cyberthreats are fileless, can easily bypass antivirus software, and can spread laterally from one computer to another, or one email account to another.

Zero Trust Security principles help combat both external and internal security threats by assuming a breach will happen, and limiting the damage radius with security controls and policies on every device and account, not just at the firewall.

Cloud Security Questions

It is a common misconception that using a popular SaaS such as HubSpot or QuickBooks means that your data is secure.

Cloud security liability is shared between yourself and the providers of the apps and software you use.

For any cloud app you use, the security of that specific application will be maintained by the app developer.

You are responsible for securing the computer, email account, local internet connection, local network and passwords used to access that secure cloud app. 

Related Articles: 

Strong cloud security is layered and targets every point of entry.

Strong passwords, secure self hosted password managers and cyber awareness training for all staff are important strategies for protecting cloud accounts.

Creating explicitly authorized devices and users (Identity Access Management) goes a long way to controlling who can access your company email accounts, and from what devices.

CASB solutions are yet another powerful solution we deploy with some of our clients. Learn more here.

Speak with us about your needs today.

Managed IT Services Questions

MSP stands for Managed Service Provider. MSP’s offer outsourced IT services to other companies, usually for a fixed fee per month. Often, there is a set term as well, such as one year.  Services commonly include firewall and network management, server patching, updating, backup, troubleshooting common errors, and computer support.

An MSSP is a Managed Security Services Provider. They provide outsourced IT security monitoring and management services. Services include endpoint management, cyberthreat monitoring, ransomware prevention, email security, user management, data security policies, data loss prevention, SIEM, or Security Event & Incident Monitoring and more. 

TUCU is both an MSP and an MSSP with expertise in Microsoft 365 and Azure Cloud solutions. 

The cons of outsourced IT services for small business are few. For business owners who are not comfortable switching from doing IT themselves, or “in-house” or from the “transactional” service models to the managed services model, the cons are a feeling of losing control, or being unable to trust, or not wanting to pay for something they don’t need.

The reality is most small business owners do not have a qualified IT staff member in house, and are therefore lagging in important cybersecurity practices. Their staff are also not receiving the support they need.

The pros of outsourcing IT services are numerous, including:

  • instant access to trained IT professionals with experience
  • improve your cybersecurity posture
  • verified security patching
  • verified backups
  • help desk support for all staff
  • IT resources + how to articles at your fingertips
  • IT documentation (see your assets, users, and devices in or out of security compliance)
  • IT planning tools
  • Focus and productivity
  • IT security as a strategy that can help you win bigger clients and increase revenue

What is included in Managed IT Services will vary based on provider.

Managed IT Services commonly include computer management, patching and support, network management and troubleshooting, and if you have one, local server management, backup, patching and troubleshooting. Fees will vary based on your network and needs.

Some providers may or may not include server or email backup, and basic support for common applications such as Google Workspace, Microsoft 365 and Outlook.

Managed IT Services cover maintenance and support of your existing network only. Making moves, additions or changes to your network (commonly known as MAC’s) are considered billable services. That may include setting up a new computer or network printer, migrating data from a server to the cloud to retire the server, or creating a plan to move from basic cybersecurity tools to comprehensive cybersecurity posture. This type of work is is invoiced hourly, separate from your monthly IT management fees.


 

Here at TUCU, we offer multiple levels of Managed IT Services and Managed Security Services to meet your unique needs. We can devise a plan for you that addresses:

  1. Computer antivirus, patching, health monitoring only.
  2. Server management with antivirus, patching, and health monitoring only.
  3. Network firewall, printer, WiFi management + server + computer management.
  4. Cloud security management basics like basic user management and simple conditional access policies using Active Directory on your server or Azure Active Directory in the cloud.
  5. Cloud security with advanced Identity Management and advanced conditional access policies + data retention and data loss prevention policies.
  6. Fully managed IT Governance, Risk and Compliance management services.

 

Contact us to discuss your needs.

Information Security Screenings (also knows as InfoSec screening, Vendor Screening, CyberSecurity Attestation, IT Risk Questionnaire and various other names) are becoming more common as a prerequisite in business partnerships today. 

These vendor screenings are meant to determine your organizations level of IT risk.

The screenings are tools to determine if you are at high risk of cyber security incidents, which can move from your organization to another that you work with.

Information Security screenings are usually based on an IT security framework such as NIST or COBIT, though they may be modified based on the industry or client. 

You will need to review your security controls to answer each question and name the technology in place for each security control. The questions are technical, which poses a challenge for most business owners.

It is common for this type of risk assessment to be outsourced to a MSSP like TUCU.  We can complete your questionnaire for you, and advise you on what steps you may need to take in order to pass the screening. Contact us for a quote.

A service level agreement (SLA) is a documented agreement between a service provider and a customer that identifies both the services required and the expected level of service, including response times.

An SLA is usually part of a larger contract like a Master Service Agreement.

Yes.

Some clients are starting out with basic IT management and opt for no SLA which keeps costs quite a bit lower.

All clients with Managed Security or Managed IT Governance with us have a  Service Level Agreement in place.

Each SLA will have its own service guarantees and recourses outlined within the document.

Here at TUCU, meeting SLA’s is a priority. All our services are month to month, so you are never locked in. This means that at any time, you have the option to give us 30 days notice to end your services with us.  

If at any time, you feel we are not meeting your needs, please do schedule time to discuss our performance and your expectations. We would want to speak with you about remediating that failure right away.

Our client retention rate is over 97%. 

Hello

How can we help?