In our last post we discussed how IT best practices can reduce costs while improving system availability and efficiency. The next step toward IT industry best practices is to ensure that everything in IT infrastructure is secure. Organizations should take a multi-pronged approach that is designed to protect against both external and internal threats. That is why IT best practices include developing a set of policies so that employees know what is acceptable and what is not.
Business owners often make statements like, “We are so small, no one is going to hack us,” or “I know none of my employees would ever intentionally hurt the business.” This is just not true. In today’s connected world, hackers are constantly looking for security holes and employees, intentionally or not, frequently engage in practices that put systems and data at risk.
Organizations should develop information-centric policies that acknowledge and align with the needs and realities of the business. Once such policies are in place, companies should constantly measure actual user behavior against established policies and use what they learn to implement smart policy changes that minimize risk and maximize business productivity. When security is as convenient as possible for end-users, they are less likely to work around security policies.
IT best practices also call for a thorough assessment of the IT environment in order to inventory all assets and identify security issues. The organization can then determine which security tools to implement.
A basic first step is to scan all incoming e-mail for viruses. There should also be a centrally managed antivirus/antispyware solution with agents on all desktops and servers. Next, look at the connection to the Internet — every organization needs a business-class firewall that inspects all incoming and outgoing traffic. A Web filtering solution can prevent employees from surfing questionable Web sites. According to IDC, organizations that use these security operations reduce downtime by up to 12 percent annually.
Critical data must also be backed up. It is safe to say that just about every business out there does some form of backups. Unfortunately what most businesses don’t have is a plan to recover their data if a disaster occurs. Ultimately, organizations need to ask, “Are we 100 percent positive all of our critical data is safe? In the event of a disaster, can we be back up and running within our recovery time objective?’”
A key aspect of security and disaster recovery is documentation. Organizations should have a list of all IT assets as well as high-level documentation of network and server configurations. There should also be a list of all administrative passwords so that the organization cannot be held hostage by IT staff. Finally, there should be a detailed contact list of all vendors and contractors that provide IT support. All of this information should be readily available.
Atlantic-IT.net, your outsourced IT department, takes a holistic view of the IT infrastructure that incorporates best practices, commonsense policies and industry-leading security tools. Let us show you how our business-centric approach can help you improve security, availability and data protection.