Security in the IT arena is not a new topic, but corporate awareness of its presence (or lack thereof) is at an all-time high. Not a day goes by without seeing a headline somewhere relating to stolen data, hacked company computers or leaked private information. When Sony’s PlaystationÂ® Network got hacked, there were estimates reported around $ 24 billion in losses. Then there were security breaches at Citigroup or Lockheed Martin. They were both juggernauts of industry with hardened defenses and yet were victims of stolen sensitive information. It appears no one is safe, but does obscurity or anonymity still qualify as protection for your small organization?
A few weeks ago I was sitting in a board room discussion with a couple of partners at a smaller private CPA firm and the topic of their network security came up. Mind you, these two gentlemen had a basic understanding of technology as most business owners do, but could not wrap their heads around why it was so important to purchase and install a firewall. A firewall! The most basic of network security devices and here I was trying to justify such a basic, yet mandatory, investment to any business, much less a financial firm.
It was a confirmation of a truth that is common no matter the size of the company. That truth is simple – most business owners have a difficult time appreciating or valuing technology unless they have experienced some type of pain relating to technology. That pain may be lost data, bad support, frustrating software… etc. Whenever I meet with prospective clients, one of the questions I ask in the beginning is “Are you ‘technology dependent’ or ‘technology strategic’?” This sets the tone for what direction we recommend.
Technology Dependent – This is most common among small, private firms. Your business may rely on your computers and networks, yet your decisions regarding technology are typically reactive and cost is commonly the biggest factor on whether or not you proceed. The inherent problem with technology-dependent firms is the unseen lack of efficiency and super high risk factors. Time and productivity are commonly overlooked as assets to the company. Here are some factors common in technology dependent firms:
a. Computers are older (4+ years old) and sometimes are even beige or off-white (a sign of age).
b. Few important proactive tasks are being performed, such as testing backups, patches and risk assessments.
c. There is no guidance on how to leverage technology to contribute to profits or increased productivity.
d. The company is still paying someone to fix things when they break on an hourly basis.
e. There is little to no network security.
Technology Strategic – A business that has seen the true purpose of technology and has enabled itself to do more is strategic. “More of what?” you may ask. It can be more productivity, more efficiency, more revenue and/or more contented staff. Firms that I work with that are “technology strategic” appreciate what technology can do for them and are not resistant to change. Here are some factors that make up a technology strategic firm:
a. Computers are maintained (optimized, clean and typically under 3 years old).
b. Network operations and security is being actively monitored.
c. Security policies are in place both in hardware and software.
d. An IT budget exists and is fixed.
e. The IT solution is a regular topic in your business planning meetings.
If you want to have growth in your firm, confidence in your IT security, and the best return on investment, you need to find ways to start moving to the strategic side of the spectrum. It will not happen overnight but the process needs to occur or risk falling behind your competition.
Where do you start? You need a trusted technology resource whether it’s a friend, your nephew, your executive assistant, or an established IT firm. Much like your clients rely on you for the best in professional financial advice and guidance, you should expect the same in terms of technology advice from a trusted technology partner. That said, have a look at this technology grocery list. If you don’t have these 10 items in place, you should seriously consider implementing them:
– Documented and tested backup process both local and off-site. You should be getting regular reports of these backups. - Network security policy (passwords, data access, acceptable usage policy are examples). - Basic alerts when there is a failure on your critical systems, such as a server or email. - A firewall - Antivirus and Antimalware software - Anti-spam for email - Data and email encryption - Regular computer and network maintenance - Secured wireless access - Internet filtering
Implementation of the technology solutions above can get your company on the road to reaping the benefits of becoming “technology strategic”. An IT firm with certified engineers can develop a strategic and tactical plan to ensure you are getting the most from your technology.