Rodefer Moss | Certified Public Accountants and Business Advisors

IT: Best Practices for your Business

Written by Kathy Tomaszewski | Oct 28, 2014 1:39:54 PM

What are your first thoughts when you think of protecting your company?

Perhaps physical protection comes to mind like weathering a severe storm or keeping things safe from theft. Do you think of protection from the information technology (IT) standpoint?

Below are some best practices for you to review and compare to your current policies in place for IT.

The IT Department

What's your IT department's story? Is this department getting along with one another, engaging in constant communication with each other and providing updates to senior staff? This department is essential to the vitality of your company, so being 100% sure you know what they are doing is key. Continuous improvements in this area will keep your files and software safe from intrusions and possible security breaches.

  • Are you in constant communication with your IT personnel?  If not, you should be. Find out what they are up to. Meeting with your team on a consistent basis can keep communication open and transparent. Find out their agenda and what projects they might be working on, what systems they may be updating and how they are improving efficiency.
  • Is your IT team an asset or liability to your company? If your IT team is not improving systems and efficiency, keeping your company safe from intrusions, providing staff assistance with updates and updating software on a consistent basis, you may need to reconsider their role in your company.
  • Is your company prepared for the sudden departure of a key IT team member? Does your IT team have their files, plans, system update dates and more saved in a specific location for other supervisors to access? Having things in place in the event of a sudden (not always on bad terms) departure is an important to-do item that would not be very time intensive.

Vulnerability/Testing (Routine maintenance)/Risk

We are all highly aware that there is greater chance these days of a security breach. If you haven't heard of Home Depot's recent turn of events, this article can provide some insight for you. It seems that it's happening more often than not. We know how much of an issue Target had earlier this year.

  • Create a policy for a data breach. Think about the way you store your data and analyze how you would gain access to that data should your information be hacked into unexpectedly.
  • Perform routine vulnerability scans to put your security measures to the test. This will assist you when you analyze how secure your networks and servers actually are.
  • Detect your intrusions - create a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.
  • Prepare your firewall for the chance of intrusion - Are only the necessary ports open on the Firewall?  It is safer to allow programs through the firewall instead of opening multiple ports?
  • Ask an outside consultant to come in annually for testing and to provide an honest assessment of your network’s vulnerabilities.
  • Back-up your files often –  Set a reminder each week/bi-weekly/monthly, whatever works for you, and create back-up folders of all of your files. It might be nice if our computers sent us little messages reading, “Dear user, your computer will crash, deleting every file, promptly at 8:09AM on Tuesday, October 14, 2014," but unfortunately they don’t. Always better to be safe than sorry.

Reporting/Policy

Keeping record of system and software updates is a vital part of a smooth running IT department. This ensures that all department staff are on the same page and all moving in a forward direction. Ask your team about what types of reports you want to receive from your IT Department.  Report and track purchased equipment, loaned equipment and renewals/subscription by keeping a log of:

  • Who is loaning what equipment and for how long.
  • Equipment purchases and which department/team member is using it. This may also help when deciphering depreciation of certain pieces.
  • Purchases and renewals of software. Store this document in a place that may be seen by other team members for progress but allow 1-2 team members to be in charge so that there is no lapse in subscription or decrease of discounts.

Business/Decision Making

Is your team making conscious decisions based upon math? By math I mean basing decisions on cost, risk, and availability. If you are not analyzing the cost of purchasing equipment against your budget for doing so you might be in trouble. Consider other departments that might also be affected by your decision to install new software, purchase new equipment and change your company’s choice of backup software.
This decision making can also be used in creating a more efficient work atmosphere for your company. Ask these questions to help improve growth in this area.

  • Is my IT team analyzing business process improvements? If they are not researching new ways to do the same work in a more efficient way in regards to time and performance, find out why. Could it be a budgeting conflict?
  • Does the team feel motivated to research and better the company through process improvements?  Keeping a positive team morale is important in this department. If these employees aren't happy it could eventually result in overlooking key updates or other malpractices that could jeopardize your company.

Password Protection
Securing passwords that are not easily recognizable is important for the employee’s safety as well as the company’s. When passwords are created that can be easily decoded, files and sensitive information are at risk of being placed in the wrong hands. Below are several password applications that are effective in keeping your passwords safely secured in one location. We all know it is hard to keep up with sometimes 20-30 different passwords for websites, social media sites, email and more. Here are some great password tools that we’ve found:

Another tip is to offer staff members ideas about their passwords. Encourage them to create passwords that don’t include their home address, spouses name, children’s names, birth dates and anniversaries. Get their creativity flowing by offering some suggestions like this:

  • Do they enjoy watching baseball?

Maybe have them choose their favorite team and then intertwine numbers and symbols. Tenn898ball!Smo Sometimes having unique passwords like this or even something like nk3zg6 are actually easier to remember once you use it several times.

Use these great tips as a conversation starter with your company’s IT Department or supervisor. Let these guide you into protecting the future of your employees and your company.

 
View full post