Between updating firewalls, onboarding employees, and thwarting phishing attempts, your IT team's probably strapped for bandwidth. And despite their best efforts, a department that's putting out fires doesn't have time to think critically about long-term strategy. Managed service providers can ease this burden, by working alongside your staff on specific projects or overall infrastructure health.
The sun has officially set on Windows 7 (unless your company has cash to burn on ESUs). Microsoft will no longer provide free security patches for the operating system, but this hasn't deterred people from using it. Unfortunately, when a company as big as Microsoft reallocates bandwidth from one OS to another, opportunistic cybercriminals are going to notice. The legacy OS raises other concerns with hardware compatibility, voided warranties, and slower overall performance. If your company hasn't made the jump to Windows 10, now's the time to take advantage of everything the OS has to offer - from custom user content to access security and cloud scalability.
Mobile devices should be an integral part of your IT strategy: they require less upfront investment than desktop hardware, thinner application stacks, and make it easy for employees to work with clients in real time. Many SMBs are quick to add mobile devices to their networks, but fail to properly secure them. Protect your business data with remote wipe, application-layer security, and identity management. All of which can be found in Microsoft's Enterprise Mobility + Security.
There are list makers, sticky note zealots, and those enigmatic voice-memo people. We all have our preferences when it comes to work. And from an IT standpoint, this vast array doesn't have to be a problem - unless these favorites are off the books. Shadow IT refers to applications that are in contact with, or house, your business data, but have not been formally integrated in your IT infrastructure or tech policies. For example, your employees may store proprietary information in a personal Box account, even though your business uses SharePoint for secure file storage. If there was a breach in one of these 3rd party applications, it would be very difficult to know what date was exposed, for how long, and where it ended up.
When was the last time your disaster recovery plan was updated? Probably not recently enough - especially if your company has adopted mobile solutions, is in a highly regulated industry, expanded locations, or moved on-premise resources to the cloud. Gartner estimates that 65% of SMBs don't have a comprehensive disaster recovery plan in place, and half will experience a backup failure this year. When life throws your business a curveball, you're going to want your assets covered. That means multiple backup locations, leveraging cloud continuity, and viewing tech policies as living documents.
Don't let the ghosts of employees past come back to haunt your business. Many of our new clients haven't updated their employee directories in years. Sometimes this creates benign digital clutter. Other times, admins are sharing accounts, or have undue privileged access. Reduce your attack surface by deleting old contacts, and establishing multi-factor authentication or conditional access for current users. You should also have more than one person running your active directory, in case an employee leaves.
For a first line of defense, firewalls are notoriously high maintenance. Without consistent management, their effectiveness vacillates between 25-90% and can lead to outdated security rules (including threat definitions), missing soft/hardware updates, gaps in protection, friction with line-of-business applications, and regulatory violations. Your firewalls should be mitigating threats at the perimeter, protecting vulnerable end-users, and minimizing the potential for downtime.
If your IT people are swamped with projects, employee training is probably a low priority. But your employees should be an integral part of your IT efforts since they're probably going to cause your next unplanned security event. Regular lunch and learns, or mock phishing attempts foster awareness and can help avoid problems down the line. From Microsoft Teams sessions to email security 101, there are myriad options for customizing your employees' continued education.
Your IT staff do good work - but sometimes the demand curve is just too steep. If you're looking to supplement, or fully outsource your team, we can assist. Our experts have over 25 years of experience helping SMBs thrive through strategic technology. Feel free to reach out for a free business IT consultation today, and get the conversation started.