This week Code 42 who do enterprise security shared the following numbers with me:
- 12,000 laptops will be stolen this week
- 3 out of 4 companies worldwide are failing at disaster readiness
- Malware strains have increased year-over-year by 77%
- The average US corporate breach cost $3.5 million in 2014
While not all these numbers might relate directly to your business here in Australia they are a reminder for all of us that poor IT practices impact our business with reduced productivity and increased risk.
Fixing productivity starts with good IT hygiene and the numbers above are suggesting that most of us do not have it right and that the cost of having our business systems underdone is significant, while the risks are increasing exponentially.
There is nothing new about the suggestion that we take IT security and disaster recovery more seriously than we do. What we are seeing is that many small businesses still do not receive the advice they require to make the best decisions about how to manage these issues.
Some steps to consider in building robust IT environments are:
Remove flaky old systems
There are still thousands of businesses in Australia running outdated servers and software and putting up with multiple system outages each week. Yes computers still crash, but it needn’t be every week. In fact, servers really should be running at least 99.9% of the time. Less than that is a fair indication that you are losing productivity that is simply unnecessary.
Include security and redundancy in the initial systems design
Often IT systems are built to a budget and in smaller businesses that can mean leaving out redundant power supplies, robust drive arrays for storage and high availability designs using virtual machines and the like. We typically find that when the cost of downtime is factored in and the designs are done right, the extra cost of these robust systems is justified in all but the smallest of businesses. Often of course selecting cloud solutions can remove all of these issues for a relatively small cost.
Backup everything often
We still see situations where systems and data are lost due to a lack of planning and investment in the right recovery solutions. With threats to data integrity and availability on the rise it has never been more important to design the right solutions to have multiple versions of systems and data so that a speedy recovery can be made when data is lost from a device or a server.
Plan the recovery
Having your backup is a great first step in recovery, but until the plan is written how you will access alternate hardware or platforms and load data onto it and connect your staff to it? yYou have no certainty that you will be able to keep working when disaster strikes.
Test the plan
Until you have actively tested the recovery plan it is just a guide. In the testing phase gaps will be found, procedures revised and realistic recovery times will be established. Now you really know what will happen when disaster strikes.
Assess the security risks
Where there is data or communications there is risk of loss, theft or corruption. These threats can be malicious or accidental, targeted or opportunistic. Your business needs to be constantly aware of the threats and assess the appropriate level of protection that needs to be put in place and maintained.
Balance the double-edged sword of security
Each protective measure you put in place will require extra administration and management by your IT team and/or your staff. If the processes created are too onerous people will find ways around them or ignore them or simply stop using the systems. Hence it is important to select appropriate systems. It is also important to train your staff so they don’t make critical mistakes such as opening emails with executable attachments, that evaded your antivirus software, and launching a virus.
Some security measures will slow down performance of networks or computers and so the hidden cost is in requiring faster systems to support the extra load. Understanding the potential impact of the security systems you are implementing will reduce budget blow outs and resistance to further improvements.
Keep monitoring risks and keep mitigating
IT security is never finished as the threat matrix is constantly evolving. Every business connected to the internet now needs to have their systems monitored, managed and updated by a team that is conscious of the changes happening in the outside world. A tactical response to problems is not likely to maintain stability or security.
This may all seem complex and difficult but actually it is an extension of what IT people have been doing for decades already. The issue is just that the rate of change now requires a more proactive approach than it did before.
For most organisations that means external assistance from specialist resources as it is too hard for internal staff to manage for just that one entity.
David Markus is the founder of Combo – the IT services company that is known for business IT that makes sense. How can we help?