Q&A: Everyday Tech Questions
Technology risk isn’t just an IT topic, it’s a business one.
Below are common questions non‑IT managers ask, with clear answers and simple ways to reduce risk:
Q: What is phishing?
A: Phishing is when someone pretends to be a trusted person or company to trick you into clicking a link, opening a file, or sending money or information.
Tip to stay safe: Pause before acting on urgency. Verify payment or account changes using a second channel (call, not reply).
Q: What does “AI agent” or “agentic AI” actually mean?
A: It refers to AI systems that don’t just answer questions, but take actions on your behalf – like drafting emails, booking tasks, analysing data, or triggering workflows – sometimes automatically.
Tip to stay safe: Treat AI like a junior employee: useful, but not autonomous. Human approval should remain for decisions involving people, money, or compliance.
Q: If everything is in the cloud, is it automatically secure?
A: No. Cloud providers secure the infrastructure, but you are responsible for how data, access, and users are set up.
Tip to stay safe: Limit access to “only what’s needed,” and review who has admin or finance permissions regularly.
Q: Why do we need multi‑factor authentication (MFA)?
A: Passwords alone are easy to steal. MFA adds a second check (phone app, code, biometrics) that stops most account takeovers, even if a password is compromised.
Tip to stay safe: If it protects email, finance, or cloud systems, MFA should be non‑negotiable.
Q: What is ransomware, and why is it such a big deal?
A: Ransomware locks your systems or data and demands payment to restore access. It often starts with a phishing email or stolen password.
Tip to stay safe: Backups must be automated, tested, and stored separately. Untested backups are not backups.
Q: Can employees safely use tools like ChatGPT or other AI apps at work?
A: Yes, if used appropriately. The main risk is pasting sensitive, personal, or confidential data into public tools.
Tip to stay safe: Assume anything entered into a public AI tool could be stored or reused. Don’t input confidential data unless approved.
Q: What is “shadow IT” and why should managers care?
A: Shadow IT is when teams use unapproved software or tools to get work done faster—often with good intentions, but unknown risk.
Tip to stay safe: If a tool helps productivity, raise it. Formal approval protects the team, not slows them down.
Q: Are strong passwords still enough, or is there something better?
A: Strong passwords help, but reuse and phishing reduce their value. Newer approaches (like passkeys) reduce reliance on passwords altogether.
Tip to stay safe: Never reuse work passwords elsewhere, and use a password manager if allowed.
Q: What should I do first if I think something went wrong?
A: Report it immediately, even if you’re unsure or think it might be your mistake. Early reporting limits damage.
Tip to stay safe: Speed matters more than certainty. Silence helps attackers, not the business.
Q: Why do vendors and suppliers create risk for us?
A: If a supplier is compromised, attackers may use that trust to reach customers, invoices, or data.
Tip to stay safe: Be cautious with unexpected changes to supplier payment details—always verify.
No one is expected to know everything about technology.
What matters is feeling comfortable asking questions and raising concerns early.
Curiosity is a strength in a digital workplace—and one of the best defenses we have.
👉 Have IT Questions? Contact us!
