As our world becomes more connected, the remit of IT is broadening. When we talk about ‘IT’, we mean everything, from telephony, networking, managing a multitude of devices, and the stack of systems and software that keep our businesses running. That’s a lot of responsibility for the person, or people, tasked with keeping the machine running.
So, if you’re that person, what should your priorities be? The truthful, albeit unhelpful, answer is ‘it depends’. You see, prioritisation has to start with your business objectives, which, of course, are different for each enterprise. However, there are a few fundamentals that are relevant to every business, regardless of size, location or industry. So here goes:
No. 1 Get organised – what, where and who
Every company has several systems and processes that are rarely fully documented. It’s common that the knowledge around the purchase, implementation, management and use of these systems is stored in silos – typically by department, making the IT team’s job a little trickier.
So, why’s this important?
Take, for example, a piece of software purchased by the finance team to run management reports. It generates beautiful graphs at the touch of a button, just the way the MD likes it. The setup is simple – no need to involve IT as that will only delay things. The product does its job very well, but then a new accounts system is introduced that makes it obsolete. It now sits idle on several PCs in the finance department. As they never use it, they’ve missed the security notifications telling them to upgrade to patch a security flaw. Now I think we can all see the issue!
Documenting your software, including licensing, installations and use, is a reasonable first step. Next, proactively reviewing this list will enable you to do some simple housekeeping – removing unused software, applying updates when needed or planning for upgrades in advance. Don’t think this is necessary for you? Well, did you know that Microsoft Windows 7 will be retired on the 14th January 2020 after which there will be no security updates? That could have a significant security impact for many companies. Those who are proactively reviewing their software have plenty of time to organise and fund the necessary upgrades.
No. 2 Test your security
How confident are you that your system is secure? That’s an uncomfortable question for many people, and one that many will avoid altogether.
You may not believe that your business is a target for hackers, but in truth, every person and company is a potential target. Many scams are not intended to swipe millions of pounds from your bank account, but to take small, often overlooked, sums from millions of accounts. Now, if someone can trick you out of £5, you may not be too concerned, but if they have access to do that, what other damage could they cause and is there an obligation to inform the ICO?
Now consider GDPR. You’ve attended the seminars; you’ve trained your team on the dos and don’ts of sharing information – but is your CRM safe enough to store all that data?
If this question has you thinking there’s a simple solution – give our team a call on 0333 016 4170, and they can talk you through our testing process. After all, wouldn’t you prefer to find out from a trained professional that there’s a problem? Oh, and they can help you with a fix, too!
No. 3 Invest in your staff
Most IT budgets include software and hardware and not a lot else. Well, time to have a chat with the boss and extend that to include staff training. We help train the IT people we support.
One of the most straightforward solutions to security flaws is training your staff to spot them, report them or avoid them altogether.
Consider this to be an ongoing investment. A rolling programme of cyber security training will protect you, your business and your staff from the latest threats and the whole team will benefit from a reminder of the fundamentals of staying safe online.
Our team provide on-site training as part of our service; if you’d like to learn more, please get in touch.
No. 4 Understand your cloud journey
I’m going to make the bold assumption that at least some of your data lives in the cloud. You might not even be aware that your information is stored in the cloud – and that’s the crux of this point.
We all have a responsibility to protect the data that is entrusted to us. A fundamental part of that is to know where it is and the security that’s protecting it, not just in its final destination but also on the journey it takes to get there.
There are some very significant benefits to cloud technology. It simplifies the hardware requirements within businesses, saving the initial investment and ongoing maintenance. The responsibility is passed to the cloud service provider.
One of the downsides is that there can be little regulation or oversight around cloud service provision and you have to be confident that you’re working with a reputable firm, one that complies with GDPR, security standards and has a thoroughly tried and tested system.
An audit of the service provision within your business is all that’s needed to highlight potential issues. Ask your service providers to supply you with their standard protocols for transfer and storage of data. Also, be sure to check what their obligations are for notifying you of changes – so if their process changes, you have the opportunity to move away from the service, if it no longer meets your needs.
No. 5 Test your disaster recovery plan
Congratulations – you have a disaster recovery plan! If you don’t have one, you need to take care of that as soon as possible. If you need some help, give our friendly team a call.
So, how good is your plan? Sadly, there are no points for a beautiful presentation – this is all about functionality.
I recommend having it independently reviewed – yes, there is a cost implication, but this is an investment. An external viewpoint can shine a light on areas you might overlook, and you wouldn’t want them to trip you up later.
Test the system at least annually with your team. The only way to know if you’re ready is to simulate a disaster. There are several approaches you could take, and they largely depend on your setup and requirements. If you want to simulate a data breach, this is possibly a little more complex than ‘the network is down’. Talk to our team about your needs and they can guide you to a suitable solution.
During a test, you want to be ready to document the activity and outcome – a disaster recovery plan can always be improved.
While the needs of each business vary, these are my five top tips for any person responsible for IT. By implementing simple processes and procedures, you can save yourself time, money and headaches, and get your IT running like clockwork.
Have a comment? We always welcome feedback – please do get in touch.