Finding the right balance to IT security is critically important:

• Too lax and you’re at a high risk for security breaches
• Too tight and you’ll have an unusable system

Here are some indicators your IT support provider is taking IT security seriously:

• They speak with you about security frequently – and not just about needing more money for some new security service or product. They should be talking about policies, user education, best practices and how to integrate IT security into your organization.
• They have written best practices regarding IT security – and they’re not afraid to share them with you.
• They believe in user education – and tailor that education to work with the people in your organization.
• They never promise you won’t have a breach but do explain where your risks are and how they’ve mitigated them.
• They don’t pass the buck and give excuses (it costs too much, they are too busy, it’s on the roadmap for next year, etc).
  They are open to (and hopefully asking for) internal and third-party audits of your IT systems.

If your IT support personnel aren’t doing all those things, it may be a good sign that they’re not taking your IT security needs seriously.