Is Your IT Holding You Back or Putting You at Risk? (Evaluate These 6 Things)

Periodic Evaluations of Your
IT & Cybersecurity are Critical!

Businesses are constantly evolving and changing, and technology evolves and changes even faster. With all these changes continually in motion, it’s important that periodically (at least annually) you’re assessing the state of your IT & Cybersecurity to ensure you’re not slowing your business down or putting your business at risk.

Successful companies tend to leverage IT as a strategic part of their business plans. However, to maintain great results, you have to ensure that your technology is re-aligned with the ever-changing needs of your business.

Properly managed technology will drive better efficiency and a happier team. Poorly managed technology can lead to constant frustrations or risks that become ticking time bombs in your company.

By doing an evaluation of the following six critical areas of IT, you can assess what is working for your business and what needs improvement. Then, armed with this information you can focus on making the necessary changes to continually drive better results for your company.

1. Cybersecurity

Cybersecurity risks are constantly changing and continue to get more and more dangerous. On at least an annual basis you’ll want to have an IT professional evaluate what your current protections are as well as what current risks and exposures you might have.

Some examples of questions you’ll likely want to ask are:

• Do you have an up-to-date inventory of your IT systems?

• Do you have sufficient systems and processes in place to DETECT a cybersecurity event or data breach?

• Do you have sufficient systems and processes in place to help PREVENT a cybersecurity attack?

• Does your staff have ongoing security awareness training in place to help them avoid accidentally falling victim to a cybercriminal?

• If a cybersecurity event occurs, do you have sufficient processes and systems in place to quickly respond to a cybersecurity event?

• If a cybersecurity event occurs, do you have sufficient systems and processes in place to recover and get your business back up and running as quickly as possible?

• Are there any other cybersecurity protections you should consider?

2. Backups and Disaster Recovery

If something goes wrong (e.g. natural disaster, equipment failure, or cyber attack) it’s important that you have good backups to restore from. On at least an annual basis, have an IT professional review your backups and disaster recovery systems to confirm that they’re sufficient for your needs and are working properly so that they will be there when you need them.

Some examples of questions you’ll likely want to ask are:

• Do all of your systems have sufficient backups for your needs?

• When is the last time your backups have been fully tested to CONFIRM they’re working properly?

• If something went wrong, how long would it take to recover from your backups?

• Do you have offsite backups separate from your business so that a natural disaster wouldn’t damage them too?

• Are your backups separated from your IT systems so that a virus or ransomware attack couldn’t damage them also?

• Are there any other improvements to your backups that you should consider?

3. Insurance

Proper insurance is one of the last lines of defense to help mitigate risks of IT or Cybersecurity disasters. At least annually, meet with a trusted insurance broker to review your insurance policies and ensure you have proper coverage.

Some questions you might want to ask are:

• Do you have cyber liability insurance?
  • If you don’t have cyber liability insurance, we HIGHLY recommend every business work with their trusted insurance broker to obtain it.

• What are the requirements of your insurance policies?
  • Many policies require you to have certain IT protection systems in place for coverage to remain in effect.

• What is the coverage limit of your policies and what are the sublimits?
  • Most insurance policies also have different categories divided into smaller “sublimits”. So, while you may have a $1M insurance policy, there are likely several categories where the coverage is dramatically smaller (such as only $100K). It’s important that you’re aware of what your limits and sublimits are so that you have the right level of coverage that meets your needs

• What is excluded or NOT covered by your insurance policies?
  • Make sure you’re comfortable with the list of things that are NOT covered by your insurance policies.

• Are there any changes in coverage you should consider?
  • Your trusted insurance broker should be able to provide recommendations on any improvement areas for your insurance policies.

4. Hardware / Equipment

All of your IT equipment (computers, servers, firewalls, etc.) will eventually fail and its important that you don’t put your business at risk by continually relying on equipment that isn’t powerful enough or is well past its recommended lifespan. On an annual basis, have an IT professional do a quick check-up on the condition and age of your IT hardware.

Some questions you might want to ask are:

• What’s the age of all your IT equipment? (Computers, Servers, Network Equipment, etc.)
  • Older equipment will typically run slower or be more likely to fail, so knowing the age of all your equipment is the first step toward implementing a process for proactively replacing your equipment.

• Do you have an active warranty for all your IT equipment?
  • Having a warranty in place ensures that your equipment can be repaired/replaced quickly in the event of failure.

• Is any of your equipment past its recommended lifespan?
  • Typically, computers last 3-5 years and servers/network equipment typically last 4-6 years though your exact results may vary based on the environment and usage of your equipment.

• Does your equipment meet the performance requirements of your business?
  • Having computers, servers or network equipment that are too slow for your business needs kills productivity and should be regularly evaluated to make sure you’re not slowing the entire company down due to a few pieces of the wrong equipment.

5. Documentation

Proper documentation is essential to make sure that your business runs efficiently and that your IT systems can be properly managed.

On an annual basis, have an IT professional ensure that you’ve got AT LEAST the following up to date:

• List of Critical systems
  • Your business probably relies on many different IT systems, but more than likely not all of your systems are equal in importance. Identifying the critical systems ahead of time, helps you to be able to ensure that the proper protection levels are applied to the systems that are the most important to the operations of your business.

• Key/Critical Logins Documented
  • You don’t want these to be just in one person’s head in-case that person is unavailable or otherwise leaves the company.
  • Make sure that wherever these passwords are stored (such as a password manager) that access to it is limited to only required individuals and it has proper protection such as MFA (Multi-Factor Authentication)

• Asset Inventory of all your IT assets (Computers, Servers, Network Equipment, etc.)
  • You can’t maintain or protect what you don’t know about. Ensuring that no equipment has “slipped through the cracks” helps to avoid gaps in protection or unknown risks.

• A clear process or checklist for onboarding/offboarding employees
  • Including how to remove their access to accounts and any business systems they use if they leave the company.
  • This ensures that new employees are up and running quickly with all of the items they need to do their job and also ensures that if an employee is terminated or resigns that they no longer have access to your company’s data once they have left.

6. IT Support Resources

Whether you have an internal IT team or an outside IT partner, you should regularly evaluate if the way you’re receiving IT support is meeting the needs of your business.

Some questions to investigate:

• Are they quick to respond?
  • When your staff has IT issues, it’s important that they get solved quickly so that your team doesn’t lose productivity.

• Do they have the right skillsets to support your business?
  • As your business grows and evolves, your IT systems may become more complex and require higher level skillsets than it did previously

• Are they continually working proactively to prevent problems?
  • Your business needs to have as few IT issues as possible, so it’s important that someone is regularly working on ways to reduce IT headaches and create a better IT experience for your team.

• Are they regularly evaluating risks and helping to keep your business safe from cyber-attacks?
  • Cyber risks are continually changing and are a constant threat to your business. In this day and age, every business needs to make sure that someone is regularly assessing their cyber risks and evaluating options to help reduce the risk of you becoming the next victim of a catastrophic cyber-attack.

Summary: Double-check that Your IT is Keeping Up with Your Business

Keeping a company efficient and safe isn’t easy and IT has become a critical part of how we all operate our businesses. Just like regularly assessing your financials is essential to running a good business, regularly evaluating your IT and Cybersecurity has become essential for improving your team’s productivity and helping to reduce risks.

Need Help Putting this All Together? Let Antisyn handle it!

Antisyn works with small-to-medium businesses to help them support, maintain and improve their IT & cybersecurity systems. If your business is looking for better IT results and proactive improvement, we’re here to help! Reach out to our team so that one of our consultants can work with you to put a personalized IT strategy plan together!