Businesses are more reliant on technology than ever before, and while there is a myriad of benefits to embracing digital transformation, they come with potential pitfalls for those who aren’t properly prepared.
Kyle Holmes, Managing Director of Calne-based Black Nova Technology offers his ten top tips when thinking ‘tech’ for your business in 2022.
1. Be future proof
If this pandemic has taught us anything, it’s that we need to prepare for all possible scenarios. Many companies were not ready for remote working or didn’t have full mitigation plans in place to manage the security concerns which arose from remote working. We recommend utilising as much future technology as possible to become agile – avoid a “it won’t happen to us” mindset.
2. Tech refresh is not the enemy
When we refer to a ‘tech refresh’, we mean upgrading your infrastructure and IT equipment, and we would allow around three to five years to carry out a thorough overhaul of technology, depending on the size of your business. This allows you to stay on top of the rapid movements within the technology world.
A tech refresh will allow you to keep your software and hardware up to date, helping to minimise security flaws and potential hardware failures. Windows 11 is a good example of this. Windows 11 only supports devices which are three years old or newer, meaning many companies will need to upgrade their hardware before they can support the latest software release and benefit from the most up-to-date security patches.
3. Ensure your engineers are efficient
When issues arise or problems cause downtime, are you engineers ready? Quite often we find in-house engineers are well trained in a ‘disaster process’ yet have never actually faced a major outage and put that process into practice.
We strongly encourage companies to simulate major outages, at least annually, so that the engineers can learn to react quickly and efficiently and know what to do. This will minimise downtime and increase recovery speed should a real outage occur. We can even run this exercise for you.
4. What’s your disaster recovery plan?
Do you even have one? If the most extreme IT failure or outage was to happen, does your team know what to do? We recommend all companies have a robust plan of action for when disaster strikes, covering every IT and communications area.
For example, if your phones went down, the plan dictates all lines are diverted to mobiles and members of staff deemed as ‘essential’ in your communications plan have immediate access to a mobile with their diverted line.
5. What’s your backup strategy?
Back-ups are a vital part of IT strategy for all companies, but many don’t use them or don’t verify the integrity of their backup plan if they have one. We can all learn from the many companies that have suffered ransomware attacks.
For them, the best practice would be to return to a previous backup, but in many cases the backups were faulty or didn’t exist.
This crippled many affected companies and, in some cases, caused them to close completely. If they had practiced a robust backup strategy, they could have minimised the fallout and made it far easier to recover.
We recommend a 3-2-1 backup strategy. That means you keep at least three copies of your data, store two backup copies on different storage media, and ensure one of those copies is located offsite.
6. Spending money can save you money
Spending money on your IT infrastructure isn’t a bad thing, in fact spending money on technology will often save you money in the longer term – it’s a wise investment.
That’s especially true for your backup solutions and security software and hardware. When disaster arises, your backups will get you back up and running quickly, and the security features will minimise and proactively protect you from security breaches and flaws.
The latter can be extremely costly if exploited – the combination of ransom demands and calling in professionals to recover data can run up a huge bill just to get you back online.
7. What’s your staff exit plan when it comes to IT?
When a member of staff leaves, do you have an IT plan for disabling accounts/permissions and return of equipment?
Many companies don’t have this kind of plan in place and we have had companies ask for permissions and accounts to be disabled nearly a month after the employee has left!
This can leave a hole in your security infrastructure (especially if that decision to leave was not a happy one), so we recommend a plan of action when a user leaves, and it can be as simple as setting the account to ‘disabled’ as soon as they leave the building.
Or you can build a plan whereby the user’s access is more restricted as they work their notice (they may need fewer permissions etc) and then fully disabled when they leave. Another key step is making sure all IT assets are recovered and wiped.
This ensures items are not lost and reduces the potential for company data being out in the wild, which could be maliciously used. We also recommend carrying out an audit regularly to make sure accounts aren’t missed.
8. Who has access to what in your business?
Do you know who has admin permissions? Out of that list, who truly needs them? We recommend you have up to two master admin accounts but that these are not used on a regular basis, just for emergencies.
All other accounts should have permissions added to them for the required tasks or can have the ability to elevate for the appropriate task with auditing enabled.
No user needs full admin rights, this will also help minimise the spread of viruses and malware that required admin privileges to spread across the network. As above, remember to carry out regular audits.
9. Is a member of your team using their own devices?
This spells danger and we don’t recommend it. We see this happen when companies don’t want to spend money on IT and it’s easier for them to just add permission to a device that the user already owns.
The problem is that you have less, or no, control over that device. There are ways you can secure a staff member’s personal device, but if the company is already trying to save money this is highly unlikely to happen.
If you don’t correctly secure a user’s laptop, they could potentially have admin rights which allow them to install anything they want, which could lead to malicious software spreading through your network.
In addition, when they leave your employment, they don’t have to hand the device back. If the device wasn’t set up correctly, you won’t be able to remotely wipe data, meaning they can keep all synced company data, which then could be passed on to competitors or even criminals.
10. Finally, 2FA & strong passwords
2FA stands for Two Factor Authentication and it is an essential element of IT security due increasingly levels of cyber-attacks and phishing emails.
It inserts an extra step into the login process, giving you an “extra life” if something malicious was to happen. It can annoy team members, however, an outage due to a cyber attack will be far, far worse.
It’s quick to implement in most scenarios and could save your business from potential corruption and breaches.
The other important step for a robust defence is to use strong, complex passwords. We know they are harder to remember, but there are reliable and easy-to-use password managers available for this. Many even have a tool to generate complex passwords too, so you don’t have to try to create them.
A side note is to not use patterned passwords, even if you use complex methods to create them. For example, using P@55W0rd1 and then set the next one to P@55W0rd2. Hackers love a pattern!
To find out more about Black Nova Technology click here.
Pictured above: Kyle Holmes, Managing Director, Black Nova Technology