Maintaining best-in-class IT standards is about more than implementing technology and security to provide your company with a competitive advantage. Leadership plays a crucial role in fusing technology with your business goals. The best IT standards include executive engagement, have a strategic vision that aligns with the business and ensures that proper IT policies, procedures, and protections are implemented. Executive leadership must expand their understanding of the role technology plays in their company’s success. It’s about much more than ones and zeros.
Support From the Top is Crucial
Securing executive support of technology is imperative to the success of the IT department. Suppose the executive team views IT as a cost center only. In that case, it will be next to impossible to obtain the necessary budget for solutions and services that will fundamentally move the organization forward. IT can be a competitive advantage for the company with proper support and funding, propelling the business ahead of its competitors. IT is an asset to all departments: from keeping the business’ proprietary data secure and accessible to streamlining processes to providing analytics that can provide unique, actionable insights, IT is much more than just a black hole of expenditures.
In addition to gaining executive support, IT leadership must have a strategic vision that aligns with the company’s goals. Doing this will ensure appropriate technology investments are made, implemented in support, and enable the business to achieve short and long-term goals.
Strength and Centralization
There is an old saying that a “chain is only as strong as its weakest link.” With that in mind, IT leaders should review their team’s capabilities to ensure they have the skills necessary to support the needs of the business.
If there is a critical application or system that is not understood by the team, or the knowledge to support it is inadequate, it can lead to issues such as IT outages and unacceptably long recovery times.
Centralizing the Help Desk and documentation, ticketing system, patching, reporting, can also make it much easier for employees to get the IT assistance they need.
Processes and Procedures
Legal, human resource, and technology leaders often work together to establish important business policies and practices. Proper processes and procedures can protect a business from various threats. Here are several that can’t be ignored:
- Acceptable Use Policy. An Acceptable Use Policy (AUP) should waive your employees’ right to privacy for anything stored on the network, in email, and on company devices. It should adequately define how employees use their devices and what limits should be put on that use. Not having an AUP removes the expectation of privacy and exposes the organization to legal risk.
- Third-party Vendor Access Policy. Risk assessments and due diligence should be done for any third-party vendors before providing them access to the company’s systems and data. Offboarding procedures should be implemented as well as performing regular access audits to ensure that only the minimum necessary access has been granted.
- Employee Offboarding Procedures. Just as third-party vendor access should be carefully maintained, so should employee access. Offboarding procedures need to ensure that any access to systems, data, or buildings is revoked as soon as the employee separates. Schedule access audits to ensure only active, and necessary employees have access to company data.
- Change Control Process. A well-designed change control process can prevent unplanned outages of mission-critical technology systems.
- Asset Management. There are a few things to consider about asset management:
- Maintaining a current inventory of all assets (hardware, software, licensing).
- Periodic updating to reflect changes to the environment (essential for supporting the environment and for compliance and insurance reasons).
- Having a central repository for licenses, product keys, and activation codes (necessary in case of a disaster or for audit purposes).
- E-waste Policy. Every organization should have an e-waste program that will ensure servers and desktops are securely wiped before disposal. Disposing of a server or workstation without doing this could lead to the loss of personally identifiable information. This could result in reporting or severe legal problems for the organization.
- Security Reviews. Performing regular security reviews (admin access, physical access, vulnerability scans, data backups, virus protection) is essential to protect company data and assets.
- BYOD Policy. Organizations should have a clearly defined Bring Your Own Device (BYOD) policy about using personal devices for work-related purposes. Employees will have a clear understanding of which personal devices (if any) can be connected to the company network or have company data stored on them. Any restrictions need to be included, along with policies around wiping personal devices if an employee leaves the company.
Don’t Forget Insurance!
There are so many personal insurance types—car, health, life, homeowners, earthquake, umbrella, renters, travel. There is even coverage for events like weddings, “change of heart,” bed bugs, and (of course) alien abduction! For businesses, however, there are more common types of insurance that you should consider:
- Professional Liability/Errors and Omissions. Organizations that provide professional services, advisory roles, investment advice, and medical care are among those who should investigate whether or not this type of liability coverage is required. Having this insurance in place can protect the business in the event of a negligence claim. An example of this is malpractice insurance.
- Cyber Insurance. In today’s world, with cybersecurity incidents on the rise and technology being central to every company’s operations, cyber insurance is a must for any business. This type of insurance can be the difference in recovering from a severe data breach and closing the business altogether. Cyberattacks can be extremely costly and challenging, and your considerations will include at least the following:
- Data exfiltration, risks, and recovery
- Loss of business costs
- Rebuilding costs – building from the ground up again is the best shot at removing all traces of the attack, but it can come at a steep price
- Negotiating payment, obtaining bitcoin, knowing the “honesty” of the criminals
- Key Man Insurance. Small companies or businesses that rely on a single person for the business’s success should consider “key man” insurance. In the event of the key person’s death, the policy pays out to the company, enabling the business to continue while the search for a successor takes place.
Executives must lead by example and provide support reflecting your company’s values. Integrating IT within your business and supporting it with an adequate budget will protect your company from liability, vulnerability, and inefficient practices. Even though technology is the primary focus of IT, paying attention to the suggestions and ideas above can be the difference in your organization’s success and longevity.