Nathan Andrew, SJ Andrew & Sons
A director at an industrial supplies company based in Cornwall reveals his dos and don'ts when it comes to how IT suppliers deal with his firm
What does your company do, and what is your role there?
SJ Andrew & Sons is a steel stockholding and industrial supplies specialist based in Cornwall. The company was founded in 1914 and has since remained in the family, growing over the years with numerous investment and expansion milestones. Today it employs 33 staff with an average service of 17 years each.
I am the company director and great-grandson of the founder. I hold dual responsibility for protecting the company's legacy while also propelling the business forward into the future.
What traits do you seek in your IT suppliers?
In the current business environment where cyberattacks are a constant threat, it is more important than ever for organisations to have solutions in place to prevent and prepare for ransomware attacks.
From first-hand experience, I can say that it is crucial for IT suppliers to offer a solution that:
■ Offers powerful and flexible data protection
■ Provides total business continuity and orchestrated recovery with a single click
■ Is capable of restoring entire infrastructures in minutes
■ Ensures minimum data loss and downtime
What are your main dos and don'ts for resellers and other IT suppliers when they are selling to you?
■ Be sensitive to the size of the business and offer a solution that's in line with this.
■ Don't underestimate the opportunity for advising customers how to navigate the technology landscape. If we feel better educated, we are more likely to choose the right technology to fuel future growth.
■ Where feasible, offer a scalable solution that can be dialled up in parallel with business growth.
How can IT suppliers best influence you early in the sales cycle?
From the very beginning of the process, IT suppliers should be transparent and upfront about costs and requirements. The important thing is to build a relationship and establish a trusted partnership with an organisation that can provide comprehensive IT support in order to protect business revenue in the long term. This process begins with an initial proper assessment of the business needs. From there, it's about agreeing on an appropriate solution that meets the requirements, building out a service-level agreement and defining expectations and deliverables. After that, it's all about clean execution. The vendor who consults with me first, outlines their plan and has a clear strategy for implementation is most likely to win my business.
Can you give us an example of a project where an IT supplier has really impressed you? What did they get right?
We were recently the target of a ransomware attack. It was terrible. We were flooded last year, and I remember opening the door to the building and water flowing out. That was awful, but ransomware was much worse. I knew with the flood that we could clean it up, but I was really worried and uncertain about how the ransomware attack would end. What was shocking was that I thought we had taken good security precautions. We'd moved to Office 365, and had good anti-virus and firewall protection in place.
The first action was to shut down the PCs and call the service provider who quickly assessed the damage and concurred with my diagnosis that this was a ransomware attack. As a senior member of staff owned the compromised PC and had high-level access, contamination was widespread.
While a ransomware attack is not something any company wants to experience, for us this was a good outcome.
Do you generally prefer to procure as many IT goods and services as possible from a single supplier, or work with multiple specialists?
It's important to us that the technology we implement is tried and tested, and we also prefer keeping things simple with a limited pool of trusted experts who know our business well and can contribute to our business success. With that in mind, we work with a handful of IT suppliers that are specialists in their respective areas. In our opinion, it's very valuable to have expert guidance on critical business infrastructure.
For example, a general IT contractor might have recommended a different approach to dealing with our ransomware situation. Working with experienced professionals who are not guessing, but who positively know how to resolve a situation we have never experienced before trumps working with a smaller number of suppliers. Your business depends on it.