The end of the year and holidays spell a busy time for many. Like most people, you probably just wanted to survive and get through it. Now that it is 2017, you can get back to business and think about a few things you may want to include in your IT plans for 2017. Information Technology can be a tough subject because so often, it’s hard to know where to start. So, I’d like to help you look at this in a logical fashion and help you get your bearings.
At the beginning of each year, I find it’s beneficial to do some house cleaning and start out the new year with a fresh slate. House cleaning is also a great way to identify liability exposures—you know the things that keep you awake at night. There are some relatively simple tasks you can perform that will provide a decent return on your effort as well as a provide a good starting point for your 2017 IT initiatives.
One of the most valuable things you can do for your business is to have an assessment performed on your IT infrastructure. You need to know what’s going on in your IT environment and an assessment is a great way to have your infrastructure compared to industry best practices through an unbiased eye. What better way to know what systems need to be upgraded or what discrepancies need to be addressed than a report consisting of a thorough documentation of your network and systems? Receiving recommendations on action items and next steps will help you make concrete decisions and assist with prioritizing upcoming initiatives.
If you already have a well-documented network and are more concerned with how secure your environment is, then you should consider a “Vulnerability Assessment” instead. The Vulnerability Assessment is a good way for you to get a quick read on where you have potential threats, both internal and external to your network. This is typically a must have for businesses that need to adhere to some type of regulatory compliance, and equally important for those that don’t.
Another very important, but often the most overlooked, initiative you can take is educating your employees. While you can and should invest in technical security controls, they need to be complemented with good policies & procedures. After all, good security is really all about people and processes. Believe it or not, your users are the most important element to having a good posture when it comes to thwarting off cyber-attacks. With the continuous outbreak of viruses, malware and phishing attacks, one of the simplest and most effective things you can do is educate your user community through “Security Awareness Training.” An educated end user is often the most effective defense when it comes to spotting anomalies and keeping malware out of your network.
Once you have a well-documented network with recommendations on the best course of action to tighten up security holes, it’s time to take action. Remember, the longer you wait to correct issues, the more at risk you are. One of our philosophies here at MA Polce is to focus on the low hanging fruit first. Doing so not only gives you a starting point, but it also helps you to not feel so overwhelmed with the monumental task of securing your network. Network and Vulnerability Assessments along with Security Awareness Training are a great way to get quick results with minimal investment.
If you still feel like you don’t know where to begin, let us help you develop a plan with some goals and timelines. Sleep better at night, you owe it to yourself. Happy New Year!