Question 1

What areas does Metro Point IT serve?

Accepted Answer

We serve businesses throughout Maryland, Virginia, and Washington DC, including Bethesda, Rockville, Silver Spring, Annapolis, Arlington, Alexandria, Fairfax, and the entire DMV region.

Question 2

Do you offer flat-rate IT pricing?

Accepted Answer

Yes. Metro Point IT offers flat-rate monthly managed IT plans with no long-term contracts, so you always know what you're paying.

Question 3

Are you HIPAA compliant?

Accepted Answer

Yes. We support HIPAA-covered entities and execute Business Associate Agreements. Our team has experience with healthcare IT compliance across Maryland, Virginia, and DC.

Question 4

What is HIPAA and does it apply to my medical practice?

Accepted Answer

HIPAA applies to all healthcare providers that transmit health information electronically — virtually every modern medical practice, dental office, physical therapy clinic, and specialist. It covers EHRs, billing systems, scheduling software, email with patient information, and text messages.

Question 5

What is the difference between HIPAA and HITRUST certification?

Accepted Answer

HIPAA is a federal law you must comply with. HITRUST CSF is a voluntary but increasingly expected security certification demonstrating higher security maturity, often required by hospitals, large health systems, and health insurers as a condition of partnership.

Question 6

What happens if my practice has a HIPAA data breach?

Accepted Answer

Under HITECH you must notify affected patients within 60 days. If 500+ individuals are affected you must also notify HHS and prominent media. Penalties range from $100 to $50,000 per violation with annual caps up to $1.9 million.

Question 7

Do you sign a Business Associate Agreement?

Accepted Answer

Yes — Metro Point IT signs a BAA with every healthcare client before any work begins. We also help practices identify all other technology vendors requiring BAAs and assist in executing those agreements.

Question 8

How quickly can you get our practice HIPAA compliant?

Accepted Answer

A full HIPAA Security Risk Assessment and initial remediation typically takes 4-8 weeks depending on environment complexity. We prioritize highest-risk gaps first so your practice reaches a defensible compliance posture quickly.

Question 9

Does GLBA apply to my financial advisory or CPA firm?

Accepted Answer

Yes. The FTC Safeguards Rule applies broadly to registered investment advisors, mortgage brokers, CPA firms that prepare tax returns, and others. If your business handles customer financial information as a material part of operations, the Safeguards Rule almost certainly applies.

Question 10

What technical requirements does the updated Safeguards Rule require?

Accepted Answer

The 2023 rule requires a written Information Security Program, a designated qualified individual, a risk assessment, MFA for anyone accessing customer information, encryption at rest and in transit, annual penetration testing, activity monitoring and logging, a written incident response plan, and annual board reporting.

Question 11

What is SOC 2 and does my firm need it?

Accepted Answer

SOC 2 demonstrates your organization maintains effective security controls over customer data. Not legally required, but increasingly demanded by enterprise and institutional clients. It gives significant competitive advantage and reduces insurance premiums.

Question 12

How do you protect client financial data on our network?

Accepted Answer

Defense-in-depth: next-gen endpoint protection, MFA on all accounts, encrypted communications, network segmentation, real-time threat monitoring, and regular penetration testing. Employee security training is included because phishing remains the most common entry point.

Question 13

What happens if our firm experiences a data breach?

Accepted Answer

Under the updated Safeguards Rule, notify the FTC if 500+ customers are affected. SEC-registered firms must disclose material incidents within 4 business days. Metro Point IT incident response plan defines exactly what to do, who to notify, and how to document the response.

Question 14

Are law firms required to have cybersecurity measures?

Accepted Answer

Yes. ABA Model Rule 1.6(c) requires reasonable efforts to prevent unauthorized disclosure of client information. Maryland, Virginia, and DC bar associations have all issued reinforcing guidance.

Question 15

How do you protect attorney-client privilege in our IT?

Accepted Answer

Encrypted email and file transfer, access controls restricting matter file access to authorized personnel only, MFA on all systems, network segmentation, comprehensive audit logging, and attorney training on behaviors that can inadvertently waive privilege.

Question 16

Do you support legal practice management software?

Accepted Answer

Yes — Clio, MyCase, PracticePanther, NetDocuments, iManage, Worldox, and Relativity. We handle setup, Microsoft 365 integration, troubleshooting, data migration, and user training.

Question 17

What should a law firm do after a data breach?

Accepted Answer

Isolate affected systems immediately, call Metro Point IT for incident response, preserve forensic evidence, document all known facts, and consult ethics counsel about notification obligations. Maryland, Virginia, and DC have notification timelines as short as 30 days.

Question 18

How do you handle after-hours IT emergencies?

Accepted Answer

Metro Point IT provides a 24/7 emergency line at (443) 741-0823. Critical issues are responded to around the clock with on-site emergency visits when remote resolution is not possible.

Question 19

What is CMMC and which contractors need it?

Accepted Answer

CMMC 2.0 applies to virtually all defense contractors. Level 1 covers contractors handling Federal Contract Information. Level 2 covers those handling CUI — most contractors on sensitive defense programs. If your contracts include DFARS 252.204-7012 you likely have CUI and need Level 2.

Question 20

What is the difference between CMMC self-assessment and third-party certification?

Accepted Answer

Level 1 allows annual self-attestation. Level 2 for most CUI contractors requires triennial third-party assessment by a C3PAO. Inaccurate self-attestation can trigger federal fraud investigations under the False Claims Act.

Question 21

Does my nonprofit need HIPAA or other compliance frameworks?

Accepted Answer

Nonprofits providing healthcare or handling PHI are subject to HIPAA. Those accepting credit card donations need PCI-DSS consideration. State privacy laws apply if collecting personal data from Maryland, Virginia, or DC residents.

Question 22

How do you help nonprofits reduce IT costs?

Accepted Answer

We qualify nonprofits for Microsoft 365 Nonprofit plans (up to 300 free licenses), Google for Nonprofits (free Workspace), and TechSoup discounts. Our flat-rate plans are structured for smaller headcounts.

Question 23

What is a System Security Plan and do I need one?

Accepted Answer

An SSP describes your information system, applicable security requirements, and how they are implemented. NIST SP 800-171 requires one for any contractor handling CUI. Metro Point IT develops your SSP as part of CMMC readiness.

Question 24

How common is wire fraud in real estate and how do we protect ourselves?

Accepted Answer

Over $400 million lost annually in reported cases alone. The primary attack vector is business email compromise. Most effective protections: MFA on all email, advanced email security filtering, DMARC/DKIM/SPF configuration, and out-of-band wire instruction verification procedures.

Question 25

Does GLBA apply to my real estate brokerage?

Accepted Answer

GLBA applies to firms that provide or arrange financing. If your brokerage arranges mortgages, offers financing programs, or refers clients to lenders as a material part of business, GLBA likely applies.

Question 26

What real estate IT systems do you support?

Accepted Answer

Salesforce, kvCORE, Follow Up Boss, Dotloop, DocuSign, Zipforms, Buildium, AppFolio, Yardi, RealPage, and MLS platform integrations. Setup, troubleshooting, Microsoft 365 integration, and user training for all platforms.

Question 27

How do you support agents working across multiple locations?

Accepted Answer

Secure VPN for remote office access, Microsoft 365 cloud productivity from any device, mobile device management for company phones and tablets, and multi-site network management for brokerages with multiple office locations.

Question 28

What should a brokerage do after discovering wire fraud?

Accepted Answer

Immediately contact your bank to attempt fund recall. File a report at ic3.gov. Contact your state real estate commission if client funds were involved. Call (443) 741-0823 for immediate incident response.

Question 29

What is included in your flat-rate managed IT support?

Accepted Answer

Our flat-rate managed IT plans include unlimited helpdesk support (remote and on-site), 24/7 infrastructure monitoring, automated patch management, antivirus and endpoint protection, backup monitoring, vendor management, and quarterly technology reviews. There are no per-ticket charges for covered services.

Question 30

How quickly do you respond to support requests in Maryland and Virginia?

Accepted Answer

Critical issues (server down, ransomware): remote response within 30 minutes. High-priority issues (multiple users affected): within 2 hours. Standard requests: within 4 business hours. On-site visits are available same or next business day throughout Maryland, Virginia, and Washington DC.

Question 31

Do you require long-term contracts?

Accepted Answer

No. Our managed IT plans are month-to-month. We earn your business every month by delivering consistent, high-quality support.

Question 32

What cybersecurity services does Metro Point IT provide?

Accepted Answer

We provide EDR, MFA implementation, email security, phishing filtering, security awareness training, vulnerability scanning, patch management, dark web monitoring, and incident response planning.

Question 33

What is EDR and why is it better than antivirus?

Accepted Answer

Endpoint Detection and Response (EDR) uses behavioral analysis and machine learning to detect threats based on what they do — including zero-day attacks and fileless malware that traditional antivirus misses.

Question 34

Can you help with cybersecurity compliance in Maryland or Virginia?

Accepted Answer

Yes. We help with HIPAA (healthcare), GLBA Safeguards Rule (financial services), CMMC 2.0 (federal contractors), and Virginia CDPA data protection requirements.

Question 35

Can you migrate our business from Google Workspace to Microsoft 365?

Accepted Answer

Yes — Google Workspace to Microsoft 365 migration is one of our most common projects. We migrate all Gmail, Drive, Calendar, and Contacts data with zero data loss, typically over a weekend.

Question 36

What Microsoft 365 plan do you recommend?

Accepted Answer

For most compliance-sensitive businesses (healthcare, legal, government contractors), we recommend Microsoft 365 Business Premium — it includes Microsoft Defender EDR, Intune device management, and Azure AD Premium P1.

Question 37

Do you provide Microsoft Teams Phone setup?

Accepted Answer

Yes. Microsoft Teams Phone replaces your traditional PBX. We handle licensing, number porting, auto-attendant configuration, call routing, and voicemail setup.

Question 38

How do I know if my office network needs to be redesigned?

Accepted Answer

Common signs: Wi-Fi dead spots, slow speeds despite fast internet, frequent dropped connections, no separation between guest and staff networks, or network hardware more than 5-7 years old.

Question 39

What Wi-Fi equipment do you recommend?

Accepted Answer

For most offices we deploy Ubiquiti UniFi or Cisco Meraki access points with a managed PoE switch and Meraki or Fortinet firewall — exact configuration depends on site survey results.

Question 40

Do you provide structured cabling installation in Maryland and Virginia?

Accepted Answer

Yes. We install Cat6 and Cat6A structured cabling, patch panels, server rack organization, and cable management for new offices and buildouts throughout Maryland, Virginia, and DC.

Question 41

How often should business data be backed up?

Accepted Answer

For most businesses, daily backups at minimum — with more frequent backups (every 4 hours) for critical servers running databases, EHR systems, or financial applications.

Question 42

Can you recover our data after a ransomware attack?

Accepted Answer

Yes — if you have properly isolated offsite backups in place. Our solutions use immutable cloud storage that ransomware cannot encrypt. Recovery typically takes 4-24 hours depending on data volume.

Question 43

Does Microsoft 365 back up our email and files automatically?

Accepted Answer

No — Microsoft provides service availability, not data backup. You need a separate Microsoft 365 backup solution for your Exchange mailboxes, SharePoint, OneDrive, and Teams data.

Question 44

What VoIP phone systems do you support in Maryland and Virginia?

Accepted Answer

We install and support Microsoft Teams Phone, RingCentral, Zoom Phone, 8x8, and other leading cloud VoIP platforms.

Question 45

Can you port our existing business phone numbers to VoIP?

Accepted Answer

Yes. Number porting transfers your existing numbers to your new VoIP system — the process typically takes 2-4 weeks and we manage it entirely.

Question 46

Will VoIP work with our current internet connection?

Accepted Answer

A 20-person office typically needs 1 Mbps upload per 10 concurrent calls plus QoS configuration on your router. We assess your connection during pre-deployment review.

Question 47

How many security cameras does my business need?

Accepted Answer

A typical 2,000 sq ft office or retail space requires 4-8 cameras. We perform a site walkthrough and provide a camera placement recommendation before any equipment is purchased.

Question 48

Can I view my security cameras remotely from my phone?

Accepted Answer

Yes. All modern IP camera systems include mobile apps for iPhone and Android with live and recorded video access. We configure two-factor authentication for secure remote access.

Question 49

How long is security camera footage stored?

Accepted Answer

A typical 8-camera 4MP system stores approximately 30 days of continuous footage on a 4TB NVR. Motion-triggered recording can extend this to 60-90+ days.

Question 50

What does smart office and device setup include?

Accepted Answer

Conference room displays and AV equipment, wireless printers, POS systems, MDM enrollment for company smartphones and tablets, VoIP desk phones, and network-connected IoT devices.

Question 51

Can you set up a conference room with video conferencing?

Accepted Answer

Yes. We install complete conference room AV — large format displays, ceiling microphones, cameras, and integration with Microsoft Teams Rooms, Zoom Rooms, or Google Meet hardware.

Question 52

Can you help set up a new office from scratch in the DC metro area?

Accepted Answer

Yes — new office IT buildouts are one of our most common projects. We handle cabling, network infrastructure, workstation deployment, phone system, conference room AV, and printer setup.

Question 53

What business IT services does Metro Point IT provide?

Accepted Answer

Technology assessments, IT budget planning, office move IT coordination, hardware procurement and deployment, software license management, vendor management, and strategic IT consulting.

Question 54

Can you help plan and execute an office move in the DC metro area?

Accepted Answer

Yes — office move IT coordination is one of our most common projects. We handle cabling, equipment transport, reconnection, testing, and ensure day-one connectivity at the new location.

Question 55

Do you provide IT consulting for businesses with an internal IT team?

Accepted Answer

Yes — co-managed IT supplements your internal staff with 24/7 monitoring, after-hours helpdesk, advanced security operations, or specific project expertise like cloud migrations and CMMC compliance.

Question 56

Do you provide managed IT services in Gaithersburg, MD?

Accepted Answer

Yes — Metro Point IT provides on-site IT support, managed services, cybersecurity, and Microsoft 365 throughout Gaithersburg and the I-270 corridor. Our technicians can be on-site same or next business day.

Question 57

Do you support CMMC 2.0 compliance for Gaithersburg government contractors?

Accepted Answer

Yes. We help Gaithersburg-area defense contractors achieve and maintain CMMC 2.0 compliance — including NIST SP 800-171 implementation, documentation, and preparation for third-party assessments (C3PAO).

Question 58

Can you support life sciences and biotech companies in Gaithersburg?

Accepted Answer

Absolutely. We have experience supporting biotech, medical device, and pharmaceutical companies in the Shady Grove Life Sciences Center — including 21 CFR Part 11, HIPAA, and FDA cybersecurity guidance compliance.

Question 59

How quickly can you respond to IT emergencies in Gaithersburg?

Accepted Answer

We offer same and next-day on-site response for Gaithersburg businesses. For critical system outages, our remote support team can typically begin troubleshooting within 30–60 minutes of your call.

Question 60

What is the service coverage area around Gaithersburg?

Accepted Answer

From our Gaithersburg service territory we cover the full I-270 corridor — including Germantown, Rockville, North Potomac, Montgomery Village, Clarksburg, Damascus, and surrounding communities.

Question 61

Do you provide IT support in Columbia, MD?

Accepted Answer

Yes — Metro Point IT provides on-site managed IT support, cybersecurity, and cloud services throughout Columbia and Howard County. Our local technicians serve businesses from Downtown Columbia to the Gateway commerce park.

Question 62

Can you support Columbia businesses with HIPAA IT compliance?

Accepted Answer

Yes. We provide fully HIPAA-compliant managed IT for medical practices, dental offices, physical therapy clinics, and healthcare organizations throughout Columbia and Howard County. Business Associate Agreements included with all healthcare contracts.

Question 63

Do you serve businesses in Ellicott City and the surrounding area?

Accepted Answer

Yes. In addition to Columbia, our Howard County service territory covers Ellicott City, Jessup, Savage, Laurel, and the Route 29 and Route 108 corridors.

Question 64

What industries do you serve in Columbia, MD?

Accepted Answer

We serve all major industry sectors in Columbia — healthcare and medical practices, financial and insurance firms, legal offices, federal contractors, technology companies, and professional services. We have specific expertise in HIPAA, GLBA, and CMMC compliance.

CMMC 2.0 Level 2 Certification for a Herndon, VA Federal IT Subcontractor

The Situation Before Metro Point IT

What Metro Point IT Implemented

Measurable Outcomes

Similar Results for Your Government Contracting Business

Explore More

Our IT Services

Industries We Serve

Service Areas