Every chain relies on every link, and the stronger each link, then the stronger the chain – hence the saying about the weakest link. Your IT chain has people – we need to think about them – the volunteers, the staff users, and of course the management structure around them.
it is common for many NZ businesses to be so busy and so focused on getting through the urgent tasks they face that sometimes the important ones slip. This slippage introduces security risk, and as people are our number one security concern, we need to step up our focus.
Ultimately, IT is all about the people who use it. Given how important people are, it is amazing how often we don’t really think about them – something we’re trying hard to overcome.
Most importantly in Not-For-Profits, there is often a large volunteer base, giving up their time to assist the community doing something that resonates for them. Whether the volunteers are board members, or activists they bring their skills, enthusiasm, and their IT. Their IT skills will vary, and often be quite limited and they may be using their own IT devices, sometimes poorly maintained and out of date. In many cases that is just the price to pay in order to harness their energy and engagement.
Volunteers can be vital. We just have to find ways to mitigate the risk.
If we think about the staff users, they are also a point of concern. For example, it is surprising how many firms don’t have adequate exit procedures in place. They might remember to collect the office keys when someone leaves, but many businesses forget to also cancel the IT access IT keys. When Johnny has left the company, can he still get remote access? Did Johnny have company email configured on his personal phone? What about contacts or calendar? Are we checking that’s wiped before he leaves?
Exit processes are just the beginning, or should we say the end, of the processes around users. From induction training to system enhancements, users need to be central in the IT planning agenda. Providing tools for users is part of the journey, but helping them adopt and take advantage of the opportunities is the most important item and sadly often neglected.
Another example is the management process – if Johnny asks for access to the HR folder, who approves it? Does he just call the IT guy and it gets done? Or are there appropriate checks in place? Most practices, especially smaller ones, are very reliant on only common sense and their processes might be at best informal, and often undocumented. It is a recipe for disaster that’s unfortunately often only discovered after the event.
Often we’ve found that management is unaware of all the tools in use, and all the places data is held, often because some work teams just take the initiative to use various web applications to get on with their responsibilities. That means normal considerations about security, access, validation and so forth aren’t taken into account thoroughly.
We believe a firm’s management has an obligation to its stakeholders to know where their data is, and who can access it, and this simply isn’t addressed unless the business can step back and take an objective look.
I.T Support Staff Risk
Let’s not forget your IT staff in this assessment. IT is changing more rapidly today than ever. To keep up, and to give you the best support, your IT staff need help. They need to be exposed to the evolving best practices, to new ideas and to share and learn with others.
Security is a hot topic today, and the threats and tools are constantly moving forward. Likewise with the move to the cloud, we can do so much more than just transfer the status quo – there are new ways to work, new opportunities and new tools – and your IT staff need help to both lead the conversation if that is what you expect of them, and to support and secure these platforms.
For more information, contact us today.
If you aren’t sure who in your organiusatin is best to answer these questions, it is probably time you tried a contract part-time IT Manager, to help you manage ALL your valuable IT. Check out ourstructured, programmatic “IT Manager as a Service” approach to help you.