January is a great time to set goals for the New Year! But don't let this list become a bunch of "shoulds". Without concrete action, a goal is just a wish. Today's local businesses run on technology and must deal with multiple issues including cyberthreats, competition and regulatory compliance. Therefore, keeping your technology up to date is critical, and a technology audit is the best place to start.
A technology audit for your business can assist you in better understanding and identifying gaps in your organization's security, compliance and backup. An audit helps you address the following key types of issues and get a clearer picture of where you stand:
- Is your current technology set-up vulnerable or lacking in any areas?
- Are there any unnecessary tools or processes that do not align with your goals and vision? Any "technology clutter" you can shed?
- Are you in compliance with applicable regulations like the Massachusetts Data Security Law, HIPAA, CMMC? Are you prepared to defend against security threats and capable of restoring business operations in the event of a system outage or data breach?
- What steps can you take to address the vulnerabilities you identify?
If you don't have a technology background, the results of a technology audit can seem overwhelming. You might be distressed by the number of items that need to be replaced or refreshed, and you might be uncertain about where to even begin. Prioritization and the traffic light approach are particularly useful in this situation. Having a technology service provider like Ekaru on your side will allow you to seamlessly audit and remediate technology issues.
The Traffic Light Approach
The traffic light method is a simple way of categorizing gaps or vulnerabilities into red, yellow and green groups based on their severity and potential impact.
RED: Address the highest vulnerabilities and risks first
Since most businesses cannot address all problems at once, it is critical to focus attention and resources on the most important issues first.
Any technology refresh should prioritize addressing the most severe infrastructure vulnerabilities first. The items below represent things that could put you in an immediate risk of a disaster.
High-priority vulnerabilities that fall into the RED category include:
- Failing or inadequate Backups
- Cleaning up unauthorized network users including former employees and third parties
- Monitoring Login attempts and successful logins by users identified as former employees or third parties
- Unsecured remote connectivity - In today's "work from anywhere" world, this is a quickly increasing threat.
- Documented operating procedures that are missing or inadequate. Is your team aligned?
Yellow: Next, focus on gaps that are important but not urgent
There will be gaps that must be addressed but can wait until the most crucial items get resolved. All of the items listed below are important, but just below the ranking of the red items that could put in at imminent risk of a disaster.
The following gaps and vulnerabilities fall into the YELLOW category and need to be addressed:
- Multifactor Authentication - This is especially important for Microsoft 365, but take a look at ALL your applications and phase this in.
- Security Patch Update failures
- Is your Antivirus software up to date?
- Enable Screen Lockout and Account Lockout wherever possible.
Green: If you have budget, get working on these items.
These are the lower priority vulnerabilities. Implement a timeline to address these items after fixing the high- and medium-priority issues.
The following are some of the gaps that fall into the GREEN category:
- Accounts with passwords set to "never expire"
- Computers with software at the end of its life-cycle. Microsoft typically retires software after ten years - don't get caught by surprise with a big budget hit.
- Follow a practice of "least privilege" to stay more secure. Don't enable administrative access unless it's required to form essential work duties.
Prioritizing Gaps is IMPORTANT!
Local businesses need to run on a tight budget, so it's important to note that the "nice to have" technology wish list will have to wait until security gaps are addressed. Keep a close eye on the budget to make sure you're not inadvertently exposing your business to a major risk.
Furthermore, you can enjoy greater productivity and uptime by prioritizing gaps, and phasing in solutions over time in an organized way that doesn't have to take down your entire network.
Not sure where to get started? Ekaru can help you prioritize technology gaps so you can get the most out of your technology investment while also ensuring uptime and productivity. Contact us for a free consultation.
Also, feel free to download our infographic “Prioritize Technology Gaps to Bridge First” by clicking here.