If your team uses the internet (so, everyone), this one’s worth paying attention to.

What Is a ClickFix Attack?

ClickFix is a social engineering technique that’s been gaining traction since late 2025, and in March 2026, Microsoft and multiple security researchers have linked it to active ransomware campaigns targeting businesses.

Here’s how it works in practice:

1. An employee visits a website, either through a phishing email, a malicious advert, or even a compromised legitimate site
2. A pop-up appears that looks like a CAPTCHA verification, a browser error, or a software update prompt
3. The pop-up instructs the user to “verify they’re human” or “fix an error” by pressing a specific key combination and pasting text
4. What they’re actually pasting is a hidden command that downloads and runs malware on their machine

The clever part? The malicious command is copied to the clipboard automatically. The employee just has to follow the on-screen instructions and paste it. They think they’re completing a routine verification. In reality, they’ve just handed their machine over to an attacker.

Why This Attack Is So Effective

Traditional phishing relies on getting someone to click a dodgy link or open a suspicious attachment. Most employees have been trained to watch for those red flags. ClickFix sidesteps all of that.

It exploits trust in familiar interfaces. Everyone has clicked through a CAPTCHA before. Everyone has seen a “your browser needs updating” message. These prompts feel normal, which is exactly what makes them dangerous.

It bypasses technical defences. Because the user is manually executing the command, your email security gateway never sees it. Your antivirus does not flag it at the point of entry.

It does not require a sophisticated attacker. The ClickFix technique has been packaged and shared across criminal forums. Ransomware affiliates are adopting it because it works and because it is simple to deploy at scale.

Real Attacks Happening Right Now

This is not theoretical. In the first week of March 2026, security firm MalBeacon published research showing that a ransomware group called Velvet Tempest used ClickFix as their primary method of gaining access to a large organisation. They have been behind attacks using Ryuk, REvil, Conti, BlackCat, and LockBit. Now they are using ClickFix with fake CAPTCHA pages to deploy the Termite ransomware.

The attack played out over 12 days: Day 1, an employee encounters a malicious advert leading to a ClickFix page and pastes a command that downloads malware. Days 2 to 5, attackers quietly explore the network, map Active Directory, and harvest saved passwords from Chrome. Days 6 to 12, additional malware is deployed including the CastleRAT backdoor for persistent remote access.

Why UK SMBs Should Care

You might be thinking, “We are a 30-person construction firm in Birmingham, not a Fortune 500 company.” That is exactly why you should pay attention. Ransomware groups increasingly target small and medium-sized businesses because SMBs are less likely to have dedicated security teams, ransom amounts are calibrated to what the business can afford (often 10,000 to 50,000 pounds), SMBs often have weaker backup strategies, and supply chain access matters.

For manufacturing, construction, and engineering firms in the Midlands, the operational impact goes beyond data loss. If your project management systems, CAD files, invoicing, or site communications go down, work stops. Every day of downtime costs real money.

How to Protect Your Business

Train Your Team (But Make It Specific)

Generic “don’t click suspicious links” training is not enough anymore. Your employees need to know:

• Legitimate websites will never ask you to open the Run dialog (Windows key + R) or a terminal
• No real CAPTCHA requires you to paste anything into your computer
• If a website asks you to run a command to “verify” or “fix” something, close the tab immediately
• Browser updates happen automatically. Any pop-up telling you to manually update is almost certainly fake

Restrict PowerShell and Command Line Access

Most office workers never need PowerShell or the command prompt. Consider restricting PowerShell execution policies, blocking cmd.exe and PowerShell for standard users, using application whitelisting, and disabling the Windows Run dialog for non-admin users via Group Policy.

Implement DNS Filtering

ClickFix attacks rely on redirecting victims to malicious domains. DNS filtering services can block known malicious domains before the connection is even made, catching a significant portion of ClickFix infrastructure before the fake CAPTCHA page ever loads.

Keep Endpoint Detection Updated

Modern EDR tools can identify the suspicious command chains that ClickFix attacks use. If you are still relying solely on traditional antivirus, it is time to upgrade. EDR solutions provide the behavioural analysis needed to catch attacks that signature-based tools miss.

Lock Down Browser Extensions and Ads

Many ClickFix attacks begin with malicious advertisements. Use an ad blocker across company devices, restrict browser extension installation to approved extensions only, and configure browsers to block pop-ups from unknown sites.

Implement Proper Backup and Recovery

Even with all the right defences, no security is 100% effective. Follow the 3-2-1 rule (three copies of data, two different media types, one stored offsite). Test your backups regularly. Keep at least one backup offline or air-gapped. Know your recovery time.

The Bigger Picture: Social Engineering Is Evolving

ClickFix is part of a broader trend. Attackers are moving away from purely technical exploits and towards social engineering methods that trick humans into doing the technical work for them. Microsoft’s latest threat intelligence report (6 March 2026) highlighted that threat actors are now using AI to generate more convincing phishing lures and scale their social engineering campaigns.

The takeaway? Technical defences matter, but human awareness is your most important security layer. Firewalls do not help when an employee willingly pastes a command into their own machine.

What to Do This Week

1. Brief your team on ClickFix attacks. Even a two-minute explanation helps
2. Check your PowerShell policies. Are standard users restricted from running scripts?
3. Review your DNS filtering. If you do not have any, get it set up
4. Verify your backups. When was the last test restore?
5. Talk to your IT provider about endpoint detection capabilities

Need Help Locking This Down?

At Magnetar IT, we help businesses across the Midlands, from manufacturing firms in Coventry to construction companies in Birmingham, build IT environments that can withstand modern threats. With over 10 years of experience and a 98% client satisfaction rate, we combine proactive security with responsive support (89% of issues resolved within one hour).

Whether you need a full security review, endpoint protection upgrades, or just want to know where you stand, get in touch for a no-obligation chat.

The post ClickFix Attacks – The Fake CAPTCHA Trick Installing Ransomware first appeared on Magnetar IT.

It sounds like a spy thriller, but it is happening right now, to real businesses, across 40 countries. And if you are a UK SMB hiring remote IT contractors, you need to pay attention.

What Is Actually Going On?

This month, researchers from IBM X-Force and Flare Research published a report that maps out, in detail, how North Korea operates an army of approximately 100,000 fake IT workers. These are not hackers trying to break into your systems from outside. They are people who apply for legitimate IT jobs, get hired, and then quietly siphon data and money back to Pyongyang.

The numbers are staggering. According to the US Government, these workers can earn over $300,000 per year each, generating roughly $500 million annually for the North Korean regime. They are spread across 40 countries, working as remote developers, system administrators, and IT support staff.

That is not a niche problem. That is an industrial-scale operation.

How the Scam Works

The operation is surprisingly well-organised, with clear roles and a structured hierarchy that mirrors a legitimate recruitment business.

The Recruitment Pipeline

• Recruiters screen potential IT workers and record interviews, much like a normal hiring process
• Facilitators review candidates and decide who gets placed, acting as hiring managers
• IT Workers are the operatives, typically skilled in full-stack web development, .NET, and WordPress
• Western Collaborators provide their real identities for the workers to use, sometimes knowingly, sometimes not

Many candidates may not even realise who they are really working for. Recruiters tell them they are joining an “early-stage stealth startup” with no public information. They are given a US or UK-based identity to use, complete with fabricated credentials and work history.

How They Get Hired

The fake workers target freelancing platforms like Upwork, LinkedIn, and Freelancer. Researchers found timesheets detailing how many “bids” workers made on freelancing sites each day and how many messages they sent on professional platforms.

They use counterfeit accounts or verified profiles linked to real people. Their applications look legitimate because they are crafted using professional templates and translated through Google Translate.

Once hired in a full-time role, these workers are often highly productive. Why? Because multiple people may be collaborating behind the scenes to do the work. The goal is to perform well, earn promotions, and gradually gain more privileged access to company IT systems.

Why UK SMBs Should Care

You might think this only affects large enterprises or American tech companies. It does not.

UK SMBs are increasingly turning to remote contractors for IT work. It makes sense: you get specialist skills without the overhead of a full-time hire. But this trend also makes smaller businesses a prime target.

Here is why SMBs are particularly vulnerable:

• Smaller HR teams with less capacity for thorough background checks
• Tighter budgets that make affordable remote contractors attractive
• Less sophisticated identity verification processes
• IT contractors often get broad access to systems, networks, and sensitive data
• Manufacturing, construction, and engineering firms may not consider themselves cybersecurity targets, making them less vigilant

If you run a manufacturing company in the Midlands and you hire a remote developer to build an internal tool, that person could potentially access your production systems, customer data, financial records, and intellectual property.

The Real-World Damage

This is not just about money being funnelled to North Korea. A fraudulent IT worker inside your business can:

• Steal customer data and intellectual property
• Install backdoors for future attacks
• Exfiltrate financial information
• Deploy ransomware (North Korea’s Lazarus Group is already targeting UK organisations with Medusa ransomware)
• Use their access to pivot into more sensitive systems over time

The Stryker cyberattack this month, where Iran-linked attackers used Microsoft Intune to remotely wipe employee devices, shows what happens when hostile actors get inside your management tools. A fake IT worker with admin access could do the same thing.

How to Spot a Fake IT Worker

The IBM/Flare report identifies several red flags that businesses should watch for during the hiring process.

During Video Interviews

• Fake or blurred backgrounds that seem inconsistent with where they claim to live
• Signs of AI face-changing or deepfake technology (unnatural facial movements, lighting inconsistencies)
• AI voice changers (slight robotic quality, delays between question and answer)
• Reluctance to turn on the camera or meet in person
• Discrepancies between their CV and what they say in conversation, especially around location and language skills

During the Hiring Process

• Employment history that does not quite check out when you contact references
• Portfolio work that seems inconsistent in quality (suggesting multiple people contributed)
• Unusually low rates for highly skilled work
• Profiles on freelancing platforms with very recent creation dates but extensive claimed experience
• Multiple accounts or profiles that share similar photos or details

After Hiring

• Unusual working hours that do not match their claimed timezone
• Use of VPN connections from unexpected locations
• Requests for unnecessary access to systems or data
• Reluctance to participate in team video calls or company events
• Performance that varies dramatically (because different people may be doing the work at different times)

7 Steps to Protect Your Business

You do not need to stop hiring remote workers. But you do need to be smarter about it. Here are practical steps every UK SMB should take.

1. Verify Identity Properly

Do not rely on a CV and a video call. Use identity verification services that check government-issued ID. For UK-based contractors, verify their right to work. For international hires, use platforms that include identity verification as part of the process.

2. Conduct Thorough Video Interviews

Insist on camera-on interviews. Ask candidates to show their physical workspace. Ask spontaneous questions that require real-time thinking rather than scripted answers. Watch for signs of deepfake technology or AI voice manipulation.

3. Check References Independently

Do not just call the number on the CV. Look up the company independently and call their main line. Verify that the reference person actually works there. Cross-reference LinkedIn profiles with company websites.

4. Apply the Principle of Least Privilege

Give every contractor the minimum access they need to do their job, and nothing more. This limits the damage if someone turns out to be fraudulent. Review access permissions regularly and revoke anything that is no longer needed.

5. Monitor Access and Behaviour

Use endpoint management tools to monitor what devices are connecting to your network. Log access to sensitive systems. Set up alerts for unusual activity, like data downloads outside normal hours or connections from unexpected locations.

6. Use Managed IT Support

One of the best ways to reduce risk is to work with a trusted, local IT support provider rather than hiring unknown remote contractors. A managed service provider gives you vetted professionals, proper security controls, and accountability. You know exactly who has access to your systems.

7. Train Your Team

Make sure anyone involved in hiring IT staff, whether that is HR, department managers, or directors, knows about this threat. The warning signs are not obvious unless you know what to look for.

The Bigger Picture

This is not just a North Korea problem. The techniques being used, fake identities, AI deepfakes, stolen credentials, will inevitably be adopted by other threat actors. Criminal groups, corporate espionage operations, and other state-sponsored programmes are all watching how this plays out.

The shift to remote work has created enormous opportunities for businesses. But it has also created new attack surfaces that did not exist five years ago. Your hiring process is now part of your cybersecurity strategy, whether you like it or not.

What to Do Next

If you are hiring remote IT contractors, review your vetting process this week. If you are not sure whether your current setup is secure, that is exactly the kind of thing a good IT partner can help with.

At Magnetar IT, we help businesses across the Midlands build secure IT operations without the guesswork. From endpoint management and access controls to vetting and monitoring, we handle the security so you can focus on running your business.

89% of our support tickets are resolved within an hour, and we have over 10 years of experience keeping SMBs safe.

Get in touch for a free consultation and let us make sure your hiring process is not your weakest link.

The post Fake IT Workers: The Cyber Threat Hiding in Your Hiring Process first appeared on Magnetar IT.

That might make for good television, but it rarely leads to good business outcomes.

In our experience working with organisations on their IT systems, infrastructure, and technology strategy, negotiation is something quite different. It is not about squeezing suppliers. It is about finding the right solution to the problem in front of us.

And that process requires careful listening, clear thinking, and sometimes a little creativity.

IT Projects Are Rarely Simple Purchases

Very few IT decisions are straightforward.

A business might need to modernise its infrastructure, strengthen cybersecurity, migrate systems to the cloud, or replace ageing hardware. But every organisation operates differently, and every environment comes with its own constraints.

When we support our clients, we often find that the discussion involves balancing several factors at once:

• Budget and investment priorities

• Security and compliance requirements

• Operational impact on staff and customers

• Scalability for future growth

• Risk management

These are not decisions that can be solved by simply comparing price lists.

They require discussion, exploration and — importantly — good negotiation between all parties involved.

Listening Comes Before Our Solutions

One of the most important parts of our work happens before any solution is proposed.

We listen.

Understanding what a client actually needs, what challenges they are facing, and what their long-term goals look like is essential. Without that understanding, any technical solution is likely to miss the mark.

Often the first problem presented is only part of the story.

Through discussion and questioning, we can help uncover the real issues and identify options that may not have been obvious at the outset.

That process is, in many ways, negotiation in its most constructive form.

Negotiating With Suppliers on Behalf of Our Clients

Another key part of our role is working with technology vendors, software providers and service partners.

Our clients rely on us to navigate these discussions and secure outcomes that support their business objectives.

That means negotiating not just on price, but on:

• service levels

• implementation timelines

• licensing structures

• support arrangements

• flexibility for future changes

By understanding both the technical landscape and our clients’ priorities, we are able to negotiate solutions that work in practice, not just on paper.

Better Conversations Lead to Better Technology Decisions

Technology investments often last for years.

A poorly aligned decision today can create operational problems long into the future. That is why constructive negotiation is such an important part of our work.

It allows everyone involved — the client, the technology providers and our own team — to explore the options properly and arrive at a solution that genuinely supports the business.

This collaborative approach almost always leads to stronger results than a simple price-driven conversation.

Why Negotiation Is a Skill Worth Developing

Negotiation is not something that only happens in procurement departments.

It happens whenever businesses make important decisions with partners, suppliers, or customers.

The organisations that tend to achieve the best outcomes are those that invest in developing these skills across their teams.

That is one of the reasons we take an interest in initiatives that promote negotiation as a problem-solving skill rather than a bargaining tactic.

For example, organisations such as The Negotiation Club focus on helping professionals develop negotiation capability through practice and real-world exercises rather than theory alone.

You can learn more about their approach here:

• https://www.thenegotiationclubs.com/

Supporting Our Clients Through Better Negotiation

At the end of the day, our role is to help our clients make the right technology decisions.

That often means asking the right questions, exploring the right options, and negotiating with the right partners to ensure the final outcome genuinely supports the business.

If you are considering changes to your IT infrastructure, cloud strategy, or technology environment, we would be very happy to discuss your situation and explore the options available.

A good conversation is often the first step towards a better solution.

The post Why Negotiation Skills Matter in IT… And Why They Matter to Our Clients first appeared on Magnetar IT.

Your business has grown. IT issues are eating up more time. That one person who “knows computers” is getting overwhelmed. Something needs to change.

The question is: Do you hire an in-house IT person, or outsource to a Managed Service Provider (MSP)?

It’s not as simple as comparing salaries to monthly fees. There are hidden costs on both sides, and the “right” answer depends entirely on your business.

Let’s break it down honestly.

The Real Cost of In-House IT

When most people think “in-house IT,” they think of a salary. But that’s just the beginning.

The Visible Costs

• IT Support Technician salary: £28,000 – £40,000/year
• IT Manager salary: £45,000 – £65,000/year
• Employer’s NI contributions: ~13.8% on top
• Pension contributions: 3-5% minimum
• Recruitment costs: £3,000 – £8,000 per hire

A £35,000 IT technician actually costs you £42,000-£45,000 when you factor in NI, pension, and benefits.

The Hidden Costs

Here’s what catches people out:

Training & Certifications

Technology changes constantly. Microsoft, Cisco, and security certifications need renewing. Budget £2,000-£5,000 per year to keep skills current.

Tools & Software

Your IT person needs tools: remote management software, security tools, monitoring systems, and ticketing software. That’s £200-£500/month you might not have considered.

Cover & Redundancy

What happens when your IT person is on holiday? Or sick? Or leaves? You’ve got a single point of failure. Either you pay for backup cover, or you accept periods with no support.

Knowledge Gaps

One person can’t know everything. Networking, security, cloud, software development, phones, etc., it’s too much. You’ll still need external help for specialist work.

Realistic In-House IT Cost

For a competent IT support person with proper tools and training:

• Salary + NI + Pension: £42,000
• Training & certs: £3,000
• Tools & software: £4,000
• Recruitment (amortised): £1,500
• External specialist help: £5,000
• Total: £55,500/year

And that’s for ONE person covering maybe 30-50 users – with no redundancy.

The Real Cost of an MSP

Managed Service Providers typically charge per user, per month. But what do you actually get?

Typical MSP Pricing (UK)

• Basic (reactive): £30-50/user/month → £10,800-£18,000/year for 30 users
• Standard (proactive): £50-80/user/month → £18,000-£28,800/year for 30 users
• Comprehensive: £80-120/user/month → £28,800-£43,200/year for 30 users

For a 30-user business, comprehensive managed IT typically costs £30,000-£40,000/year.

What’s Usually Included

A decent MSP should provide:

• Unlimited helpdesk support – calls, emails, remote fixes
• Proactive monitoring – catching problems before you notice
• Patching & updates – security patches applied automatically
• Backup management – monitoring and testing
• Security basics – antivirus, email filtering, MFA setup
• Vendor management – dealing with Microsoft, ISPs, suppliers
• Strategic advice – planning, budgeting, roadmaps
• Multiple engineers – no single point of failure
• Out-of-hours cover – emergencies don’t wait for 9am

What’s Usually Extra

Watch out for these common add-ons:

• Project work (migrations, new setups)
• Hardware procurement (though some include it)
• Cybersecurity extras (advanced threat protection, SOC)
• On-site visits beyond a certain number
• Line of business application support

Ask what’s included before you sign anything.

Head-to-Head Comparison

Let’s compare like-for-like for a 30-user business:

• Annual cost: In-House £55,000+ vs MSP £30,000-40,000
• Expertise breadth: In-House limited to one person vs MSP team with varied skills
• Availability: In-House 37.5 hrs/week minus holidays vs MSP 8am-6pm + emergency cover
• Scalability: In-House need to hire more vs MSP scales with user count
• Redundancy: In-House single point of failure vs MSP multiple engineers
• Response time: In-House immediate (if available) vs MSP SLA-dependent (usually <1hr)
• Company knowledge: In-House deep over time vs MSP builds over time
• Physical presence: In-House always on-site vs MSP mostly remote, scheduled onsite

When In-House IT Makes Sense

Despite the costs, in-house IT is sometimes the right call:

You Need Constant Physical Presence

If you have complex on-site infrastructure that needs daily hands-on attention – manufacturing floors, labs, warehouses with constant equipment changes, a permanent presence might be essential.

You Have Highly Specialised Systems

Running bespoke software or unusual equipment that requires deep, specific knowledge? An in-house specialist who lives and breathes your systems might be more effective.

You’re Large Enough for a Team

Once you hit 120+ users, a hybrid model often makes sense: internal IT manager plus MSP support. The manager provides company knowledge and strategic direction; the MSP provides depth and coverage.

When an MSP Makes Sense

For most SMBs (20-100 staff), an MSP is the smarter choice:

• You want predictable costs – A fixed monthly fee means no surprises
• You can’t afford gaps in cover – Someone is always available, no panicking when Dave’s on holiday
• You need broad expertise – Modern IT spans cloud, security, networking, and compliance. An MSP brings a team.
• You want proactive, not reactive – Good MSPs prevent problems. In-house IT often becomes firefighting.
• You’d rather focus on your business – Hiring, managing, and training IT staff takes time. An MSP handles all of that.

The Hybrid Approach

Many growing businesses land on a middle ground:

Option 1: IT Coordinator + MSP

Hire someone junior (£25-30k) to handle day-to-day queries, user onboarding, and vendor coordination. The MSP handles technical support, security, and strategy.

Option 2: IT Manager + MSP

Hire a senior IT person to own the strategy and be the internal face of IT. The MSP provides helpdesk, monitoring, and specialist skills.

This gives you the best of both worlds – internal presence and understanding, plus external expertise and coverage.

Making the Decision

Choose In-House IT if:

• You have 100+ users AND can afford a team (not just one person)
• You have highly specialised systems requiring dedicated expertise
• Physical presence is genuinely critical daily

Choose an MSP if:

• You have 20-100 users
• You want predictable costs and coverage beyond 9-5
• You need broad expertise without hiring multiple people
• You’d rather not deal with IT recruitment and retention

The Bottom Line

For most UK SMBs with 20-100 staff, an MSP delivers better value than a single in-house IT hire.

You get more expertise for less money, better coverage and redundancy, predictable costs, strategic input included, and no recruitment headaches.

The in-house route makes sense at scale (100+ users with a proper team) or for very specific requirements. But for the typical growing business? The maths favours outsourcing.

Ready to Compare Options?

If you’re weighing up your IT support options, we’re happy to give you a straight answer.

Book a 20-minute call. We’ll assess your situation, give you a realistic cost comparison, and tell you honestly whether we’re the right fit – or if you’d be better off hiring internally.

No sales pitch. No pressure. Just clarity.

Book a 20-Minute Call → https://magnetarit.co.uk/contact/

The post MSP vs In-House IT Comparison Guide first appeared on Magnetar IT.

Choosing the wrong IT support company costs more than money. It costs you productivity when systems go down, security when threats slip through, and growth when your technology cannot keep pace with your ambitions.

This guide gives you a clear framework for evaluating IT support providers, plus the specific questions that separate competent partners from those who will leave you frustrated.

Why This Decision Matters More Than You Think

The average UK SMB loses £3,600 per hour of IT downtime. But the real cost is not just the immediate disruption; it is the cumulative effect of staff working around broken systems, security vulnerabilities that go unnoticed, opportunities missed because your technology could not support them, and the mental overhead of constantly worrying whether things will work.

A good IT partner eliminates these concerns. A bad one creates them.

The Two Types of IT Support

Break-Fix Support: You call when something breaks. They fix it. You pay per incident. This works if you have simple needs and internal expertise, but it creates a perverse incentive for your provider to earn more when things go wrong.

Managed IT Services: You pay a fixed monthly fee. They proactively monitor, maintain, and support your entire IT environment. This aligns incentives correctly; your provider earns more by keeping things running smoothly.

For most businesses with 10+ employees, managed services deliver better value and outcomes.

18 Questions to Ask Every IT Support Provider

About Their Service Model

1. What is your average response time for critical issues? Look for: Under 15 minutes for critical, under 1 hour for high priority.
2. What hours do you provide support? Consider if your business operates outside 9-5 or has remote workers in different time zones.
3. How do you handle out-of-hours emergencies? Red flag: “Leave a voicemail and we will call back next business day.”
4. What is included in your standard package vs. charged extra? Watch for project work, new user setups, and on-site visits.
5. Do you provide a dedicated account manager? Speaking to someone who knows your business beats explaining your setup every time.

About Their Technical Capabilities

1. What industries do you specialise in? An IT company experienced in your sector understands your compliance requirements and typical challenges.
2. How do you handle cyber security? Look for proactive monitoring, regular assessments, staff training, and incident response plans.
3. What is your approach to backups and disaster recovery? Ask how often, where backups are stored, how quickly you can restore, and when they last tested a full restore.
4. Can you support cloud, on-premise, and hybrid environments? Most businesses run a mix; your provider should be comfortable with all three.
5. Do you offer strategic IT planning or just reactive support? A true partner helps you plan technology investments that support business growth.

About Their Business Practices

1. How long have you been in business? Look for at least 3-5 years of trading history.
2. Can you provide references from businesses similar to ours? Any reputable provider should happily connect you with current clients.
3. What certifications do your engineers hold? Look for Microsoft certifications and security credentials like Cyber Essentials or ISO 27001.
4. What is your staff turnover rate? High turnover means the person who understands your systems today might be gone tomorrow.
5. How do you handle data protection and GDPR compliance? They should have clear policies and appropriate Data Processing Agreements.

About Working Together

1. What does your onboarding process look like? Good signs: thorough documentation, clear communication plan, defined timeline, minimal disruption.
2. What is your contract length and notice period? 12-month initial terms are common. Avoid 3+ year commitments. Notice periods over 90 days are a red flag.
3. How do you measure and report on service quality? Expect regular reports on ticket volumes, response times, resolution rates, and system health.

Red Flags That Should Make You Walk Away

• They cannot explain things in plain English – you need a translator, not a lecturer
• They are vague about pricing – you should understand exactly what you are paying for
• They badmouth their competitors – confident providers focus on their own strengths
• They promise everything with no trade-offs – the cheapest, fastest, most comprehensive service does not exist
• They are hard to reach during the sales process – imagine how it will be after you sign
• No evidence of security practices – any IT provider without Cyber Essentials certification is not taking security seriously

Green Flags That Indicate a Quality Provider

• They ask about your business goals, not just your IT problems
• They are honest about what they do not do well – self-awareness indicates maturity
• They document everything – making transitions smoother and troubleshooting faster
• Their current clients stay for years – high retention indicates consistent quality
• They proactively suggest improvements – reactive support keeps you running, proactive partnership helps you improve

What to Expect on Pricing

UK IT support pricing varies significantly based on scope, but here are typical ranges for managed services:

• 10-25 users: £800 – £2,000 per month
• 25-50 users: £2,000 – £4,500 per month
• 50-100 users: £4,500 – £9,000 per month

Factors that increase cost: multiple locations, complex compliance requirements, 24/7 support needs, legacy systems, and high security environments. Be wary of quotes significantly below these ranges—they often indicate reduced service levels or hidden charges.

Making the Final Decision

After gathering all information, the decision often comes down to trust. Ask yourself: Do I believe this team will be there when things go wrong? Do they understand my business, not just my technology? Can I see us working together for years, not just months?

The best IT relationships are partnerships, not vendor arrangements. Choose accordingly.

Ready to Find Your IT Partner?

If you would like to discuss your requirements with a team that has supported UK businesses for over 10 years, with 89% of issues resolved within an hour and a 98% satisfaction rate, we would welcome the conversation.

Book a Free IT Consultation – https://magnetarit.co.uk/contact/

No pressure, no hard sell. Just an honest conversation about whether we are the right fit for your business.

The post How to Choose an IT Support Company Guide first appeared on Magnetar IT.

Before we get into the fixes, it helps to understand why this has happened.

Between 2019 and 2022, cyber insurance claims exploded. Ransomware attacks weren’t just hitting enterprise companies; they were crippling SMBs. And insurers paid out billions.

The result? Insurers rewrote their underwriting rules. They started asking detailed technical questions. They began requiring specific security controls as conditions of coverage.

Today, if you don’t meet their baseline security requirements, you’ll either get rejected, be quoted an astronomical premium, or be given coverage with so many exclusions it’s barely worth having.

Let’s look at what they’re actually checking.

1. No Multi-Factor Authentication (MFA)

The Problem: This is the number one reason for rejection. If you’re not using MFA on email, remote access, and admin accounts, most insurers won’t even consider you.

Why it matters to insurers: MFA stops over 99% of account compromise attacks. Without it, one phished password = full access to your systems. That’s too much risk.

The Fix:

• Enable MFA on Microsoft 365 / Google Workspace for all users (not just admins)
• Require MFA for VPN and remote desktop access
• Use authenticator apps (Microsoft Authenticator, Google Authenticator) rather than SMS
• Document your MFA policy for the application

Timeline: You can implement MFA in a week. There’s no excuse not to have this.

2. No Email Security Beyond Basic Spam Filtering

The Problem: Email is still the number one attack vector. Basic spam filtering isn’t enough anymore — insurers want to see advanced threat protection.

Why it matters to insurers: Phishing and business email compromise (BEC) cause huge losses. A single fraudulent invoice payment can cost tens of thousands.

The Fix:

• Implement Microsoft Defender for Office 365 or equivalent advanced email security
• Configure DMARC, DKIM, and SPF records (prevents email spoofing)
• Enable Safe Attachments and Safe Links
• Consider an additional email filtering service for layered protection

Timeline: A few days to implement and configure properly.

3. No Offline or Immutable Backups

The Problem: If ransomware hits and your backups are connected to your network, they get encrypted too. Insurers know this – and they’re asking specifically about backup isolation.

Why it matters to insurers: Companies with proper backups recover without paying ransoms. Companies without them face huge losses – and huge claims.

The Fix:

• Implement the 3-2-1 backup rule: 3 copies, 2 different media types, 1 offsite
• Use immutable backups (can’t be modified or deleted for a set period)
• Test restores regularly – at least quarterly
• Keep backup credentials separate from main admin credentials
• Document your backup and recovery procedures

Timeline: 1-2 weeks to set up properly with testing.

4. No Endpoint Detection and Response (EDR)

The Problem: Traditional antivirus isn’t enough anymore. Insurers increasingly require EDR – software that actively monitors for suspicious behaviour, not just known malware signatures.

Why it matters to insurers: EDR can detect and stop ransomware before it spreads. Traditional AV often misses zero-day attacks entirely.

The Fix:

• Deploy EDR on all endpoints (Microsoft Defender for Endpoint, SentinelOne, CrowdStrike)
• Ensure 24/7 monitoring (either in-house or via managed service)
• Configure automated response rules for common attack patterns
• Keep all devices enrolled – no exceptions for “trusted” machines

Timeline: 1-2 weeks for deployment and configuration.

5. Unpatched or End-of-Life Systems

The Problem: Running Windows 7? Server 2012? Office 2010? That’s an automatic red flag. Unpatched systems are sitting ducks for known exploits.

Why it matters to insurers: Most ransomware exploits known vulnerabilities with patches available. If you’re not patching, you’re choosing to stay vulnerable.

The Fix:

• Audit all systems and create an inventory
• Replace or upgrade end-of-life operating systems
• Implement automatic patching with a 30-day maximum delay for critical patches
• If you can’t replace legacy systems, document compensating controls (network isolation, extra monitoring)

6. No Security Awareness Training

The Problem: Your staff are your first line of defence – and your biggest vulnerability. Insurers want to see you’re training them to spot threats.

Why it matters to insurers: Human error causes most breaches. A trained workforce is dramatically less likely to fall for phishing or social engineering.

The Fix:

• Implement regular security awareness training (at least annually, ideally quarterly)
• Run phishing simulations to test and reinforce training
• Include training on password hygiene, spotting phishing, and reporting suspicious activity
• Keep records of training completion for the application

7. No Incident Response Plan

The Problem: When something goes wrong, do you know who to call? What to do first? Insurers want to see you have a plan, not just hope.

Why it matters to insurers: Companies with incident response plans contain breaches faster and at lower cost. Panic makes everything worse.

The Fix:

• Create a written incident response plan covering common scenarios
• Define roles and responsibilities (who decides what, who contacts whom)
• Include contact details for your IT support, insurer, legal advisor
• Test the plan at least annually with a tabletop exercise

Quick Checklist: Are You Insurance-Ready?

Before your next application, make sure you can answer “yes” to all of these:

• MFA enabled on all email, VPN, and admin accounts
• Advanced email security with DMARC/DKIM/SPF configured
• Offline or immutable backups tested within the last 90 days
• EDR deployed on all endpoints with 24/7 monitoring
• No end-of-life operating systems in production
• Security awareness training completed within the last 12 months
• Written incident response plan in place

The Bottom Line

Cyber insurance isn’t optional anymore, especially if you handle client data, financial information, or have contractual obligations.

The good news is that the security controls insurers want aren’t just checkboxes for an application. They’re the same controls that actually protect your business. Getting insurance-ready means getting secure.

Most of these fixes can be implemented in 4-8 weeks with the right support. And once they’re in place, you’ll not only get better insurance terms, you’ll be far less likely to need to make a claim in the first place.

Need Help Getting Insurance-Ready?

We help businesses implement the security controls they need to pass cyber insurance applications — without the jargon or overselling.

Book a 15-minute call. We’ll review your current setup against typical insurer requirements and tell you exactly what needs fixing.

No audit fee. No pressure. Just a clear list of what you need.

The post Why Your Cyber Insurance Application Keeps Getting Rejected first appeared on Magnetar IT.