I.T. is more than silicon – have you ever stress tested the human side of your I.T?
Every chain relies on every link, and the stronger each link, then the stronger the chain – hence the saying about the weakest link. Your IT chain has people – we need to think about them – the IT staff, the users, and of course the management structure around them.
it is common for many NZ businesses to be so busy and so focused on getting through the urgent tasks they face that sometimes the important ones slip. This slippage introduces security risk, and as people are our number one security concern, we need to step up our focus.
Ultimately, IT is all about the people who use it. Given how important people are, it is amazing how often we don’t really think about them – something we’re trying hard to overcome.
For example, if we think about the users, it is surprising how many firms don’t have adequate exit procedures in place. They might remember to collect the office keys when someone leaves, but many businesses forget to also cancel the IT access IT keys. When Johnny has left the company, can he still get remote access? Did Johnny have company email configured on his personal phone? What about contacts or calendar? Are we checking that’s wiped before he leaves?
Exit processes are just the beginning, or should we say the end, of the processes around users. From induction training to system enhancements, users need to be central in the IT planning agenda. Providing tools for users is part of the journey, but helping them adopt and take advantage of the opportunities is the most important item and sadly often neglected.
Another example is the management process – if Johnny asks for access to the HR folder, who approves it? Does he just call the IT guy and it gets done? Or are there appropriate checks in place? Most practices, especially smaller ones, are very reliant on only common sense and their processes might be at best informal, and often undocumented. It is a recipe for disaster that’s unfortunately often only discovered after the event.
Often we’ve found that management is unaware of all the tools in use, and all the places data is held, often because some work teams just take the initiative to use various web applications to get on with their responsibilities. That means normal considerations about security, access, validation and so forth aren’t taken into account thoroughly.
We believe a firm’s management has an obligation to its stakeholders to know where their data is, and who can access it, and this simply isn’t addressed unless the business can step back and take an objective look.
I.T Support Staff Risk
Let’s not forget your IT staff in this assessment. IT is changing more rapidly today than ever. To keep up, and to give you the best support, your IT staff need help. They need to be exposed to the evolving best practices, to new ideas and to share and learn with others.
Security is a hot topic today, and the threats and tools are constantly moving forward. Likewise with the move to the cloud, we can do so much more than just transfer the status quo – there are new ways to work, new opportunities and new tools – and your IT staff need help to both lead the conversation if that is what you expect of them, and to support and secure these platforms.
If you aren’t sure who in your organisation is best to answer these questions, it is probably time you tried a contract part-time IT Manager, to help you manage ALL your valuable IT.