A Step in the Right Direction: Assessing Your Information Technology Infrastructure

A Step in the Right Direction: Assessing Your Information Technology Infrastructure

Perhaps you constantly have an IT crisis on your hands or perhaps you have many questions and realized that you have shortcomings within your IT organization. Either way, a systematic and organized examination of your organization’s information technology systems and operations needs to be conducted to start the process. For many larger organizations, this may be attempted in-house, but a fresh perspective is extremely valuable. This is where the services of an IT consultant become very helpful.

The initial step is to arrange a meeting with an IT consultant who can help identify potential problem areas. This is most commonly called a “discovery meeting” for obvious reasons. For my clients, these meetings are informally structured so that issues and concerns will easily surface. General questions are asked, and if problems are identified, then follow-up questions become more specific and directed at relevant areas. Conducting on-site tours of the functional areas and data centers may also reveal other areas of concern. These meetings often require just a couple of hours and can yield a substantial amount of information and insight.

During constrained economic times and robust economic cycles alike, organizations often have difficulty spending time and money on IT development and maintenance. I see very few organizations that have a dedicated budget allocated to information technology itself. Instead, they throw money toward IT only when urgencies or emergencies occur. By then, the costs of fixing a problem as opposed to preventing it in the first place have escalated significantly. Choosing to assess and audit your IT department operations is without question a step in the right direction financially and strategically for the organization.

Finding a qualified IT consultant (especially one who fits well with your organization) is important and often difficult. Qualifications and certifications are far from standardized within the industry. In addition, this individual will have access to some of your organization’s most valuable information. This person should not only be someone with whom you can easily interact but also someone whom you can completely trust. There are many factors in selecting an IT consultant, but in general, word-of-mouth referrals are often the most reliable.

For more information, see my book www.ITSurvivalGuideBook.com

The Disaster Recovery Plan

The Disaster Recovery Plan

Identifying short term and long term needs, current vulnerabilities and helping develop a strategic plan may require help. Especially true if internal resources are concentrating on running the business and putting out fires. Having the important decision makers present at the meeting is also very helpful as you get a unified direction and it helps increase the productivity of the meeting. Of course the biggest challenge is the allocation of financial resources and a lot of IT departments find that to be quite the brick wall they run into. Having key decision makers present helps greatly as they gain understanding explained to them in a non-technical sense. One important document that can help put things into perspective is creating a disaster recovery plan (DRP).

The disaster recovery plan is probably the most important as it helps address short term crisis’ that are acute and potentially catastrophic to an organization. Things like response time, disaster detection, and resource allocation are just a few of the hot topics that need to be addressed as part of the disaster recovery plan, frequently referred to as the DRP. Unfortunately most organizations do not have such a plan. The DRP helps identify unknown weaknesses in the IT system and also strongly helps documenting what’s currently in place.

For example I had a client with over 12,000 people on their payroll. These workers were all out in the field. This was at a time when it was difficult to hire people. It was of critical importance to never miss a pay run. If they missed one, people were sure to walk. Those were the type of workers they had in their employment. We ensured that part of their disaster recovery plan was hosted at an alternate geographic site, somewhere away from their main location. Their entire accounting system, such that they could do a full pay run, was replicated offsite including physically having a printer with some cheques. In the event that something happened, it can be difficult to gain access to your own financial resources. Having all that in place is something that you need to think about right down to who do you call, which manufacturers can you call, what equipment do you have, what models were they, and what are their serial numbers, are they on warranty, where do you call for that, are there 24/7 phone numbers…

This really brings forth a lot of questions that you might not have asked or that you might have taken for granted. They are brought to surface and decide whether or not you even want to deal with it. We call that risk analysis or risk management; you’re deciding whether or not a particular concern or product or software or service or some data within the organization, what is the amount of risk within that topic, what is the amount of risk associated with losing it, and how much time can you be without it, and what you are willing to spend to address the issue. A few years ago, a person could be without their email for days or a week, it was no big deal. Now I have many clients where they cannot live without it! If they’re without email for a day it’s almost a disaster in itself. All the communication is done that way and there are actual costs attributed to it. Some organizations can attribute actual dollars lost due to missing a piece of equipment or someone’s time. Loss of productivity with your own staff where you actually have to shift what they’re doing away from billable work into non billable work because something internal has to take priority (such as reconstructing valuable data) can be costly.

For more information, see my book www.ITSurvivalGuideBook.com
Having a DRP document in place, even to raise questions that have never been considered, can be very valuable.

The IT Discovery Meeting, Interviewing Your Consultant

The IT Discovery Meeting, Interviewing Your Consultant

As a business owner or executive there is a lot of value in bringing in someone for an outside opinion. The analogy would be other professions that are more mature for example law, medicine, and accounting. It is expected that you go out to a chartered account and get your books reviewed, or you go to a professional engineer to review and stamp a drawing of a bridge, or you go to a doctor and the doctor refers you to a specialist. It’s the same thing with information technology. I feel that the IT field is very immature, it’s very new; it’s growing at an exponential rate and a lot of the best practices that other professions have, or that you should go out and get an expert opinion. It is not necessarily someone who is your uncle’s neighbor whose son that is really good in computers. I’m talking about someone professional who does this as a living.

Knowing where to begin can be very overwhelming but you can keep it simple by bringing in a consultant in what I call a discovery meeting. This should be a short two hour meeting with no agenda where some basic areas covered. It is a question and answer period where the consultant asks questions to paint the picture of what the organizations IT systems look like. Not everything will have an immediate answer. Certain areas may be focused more heavily based on the answer. The meetings are very organic. They usually help bring to surface unexpected areas of concern. The entire meeting might be sidetracked into a certain topic, but that’s okay, it’s just the first meeting.

As a result of that meeting, you’re going to get some homework. I find that frequently in those discovery meetings it’s very helpful to actually sketch out how the IT systems are related, what components are in play, and what your understandings are. It helps bring forth a lot of issues to surface as many organizations don’t have proper documentation. Organizations are literally flying by the seat of their pants and they’re in firefighting mode. The documentation they have is several years old.

The discovery meeting will bring to surface a number of hot topics. Some might be immediate short term issues and others which are longer term. The discovery meeting also helps establish a new relationship between the organization and the consultant to see if there is a fit. When it comes to IT systems, you really need to trust the consultant as you are divulging a lot of critical information about the way your organization is run. Many times it involves more access, user names, passwords and knowledge than the owner or president of the company. You really want to have a solid relationship in place with the consultant. These meetings helps determine if either want to move forward and in what capacity.

The other benefit from starting with an initial discovery meeting is due to most organizations not wanting to make a big investment. They don’t have budget for this. They’re worried this is going to cost a lot of money. You don’t want someone coming to change everything. Having a two hour meeting is a very minor consultation fee that many organizations use discretionary funds in order to initially pay. Then you can get a sense of feeling whether or not you want to move forward.

For more information, see my book www.ITSurvivalGuideBook.com

How to Keep Your Business Safe Online

How to Keep Your Business Safe Online

The Internet is a great tool and resource for your business but viruses, identity theft and online fraud can place your business at risk. The best way to protect your business is through prevention. Multi-layered defenses, staff training, policies and business-class computers are what you need to be safe online.

Take a look at your IT security, including your hardware, software, staff, and policies. Think ahead and make a plan to prevent fraud, viruses, data loss, and identity theft. If you think that you can make some improvements, start making all of the necessary changes to ensure the utmost safety for your business. Consider what you most need to protect and what you need to ensure that your business operates.

Theft is more likely to occur than hacking. It’s a good idea to use cable locks to ensure that your PCs and laptops are secure when they aren’t in use. Make sure that office windows and doors have sturdy locks and install an alarm system if you don’t already have one. Consider storing a backup of data away from the office just in case. It may also be useful to write a list of serial numbers to recover any stolen hardware.

Protect your computers by installing security software, including firewall, anti-virus, anti-spyware, and anti-spam protection. Also ensure that all of your software is kept up-to-date. You should also protect your company’s information by encrypting any wireless networks by using strong passwords and erasing data on old computers before you send them to be recycled.

Ensure that your staff receives clear guidelines about what is acceptable to do online. You may want to restrict access to social networking sites and ban software piracy or other inappropriate content. Also, make sure that you train your staff so that they understand office policies and know who to contact if they have any questions or concerns.

It’s always worth it to get good advice as well. Call your local IT Specialist who understands small businesses and communicates in simple, jargon-free language. Your business and staff will thank you.

Protect Your Employees Against Identity Theft

Protect Your Employees Against Identity Theft

Since identity theft has become more and more common, employees are now becoming increasingly aware of the precautions they should take to prevent this serious, prevalent crime. Thousands of Canadians are victims of identity theft each year. How do you protect your employees against it? I’ll tell you how.

Do you have a Human Resources (HR) department within your business? If so, there are probably operating procedures set in place that detail how employee information should be handled. Ensure that all employee files, both active and terminated, are kept safe under lock and key. Also, make sure that only HR has access to the key and employee files as they should be the only ones that need these files.

You should avoid releasing any confidential employee information to anyone except if it’s an employee who requires this information or if an officer of the court issues your business a subpoena. Always ask questions if an employee file is requested to be seen, taken, or copied for any reason.

Does your company have a clean desk rule? If not, ensure that this rule is implemented as soon as possible. Why? It ensures that any employee who works with sensitive information clears their desk of these files and places them under lock and key before they leave the office for the day. Most financial and housing institutions follow this rule.

Social Security or Social Insurance Numbers are mostly used to identify an employee. Since identity theft is on the rise and accessing SIN’s are used to steal identities, employers use number masks. This means that instead of using the actual SIN as in 145-654-002, the numbers XXX-XXX-002 are used to identify the employee. The masking works well when you send information via mail or email.

Ensure that your office has a reliable paper shredder. Once sensitive information is used for work purposes, it should be destroyed using a paper shredder. It will go a long way to protect your employees from potential identity theft. These documents should be shredded every day after use as this prevents information from being stolen.

With these simple steps, you can help protect your employees from identity theft. Make sure your employees know about the dangers of identity theft and what they can do to protect themselves at the workplace and at home.

Social Networking in the Corporate Environment

Social Networking in the Corporate Environment

Most people are now involved in one or more of the social networking sites that are available online such as Facebook, LinkedIn, MySpace, and Twitter to name a few.

The focus behind social networking is building an online community that shares some common interest. They are mostly web-based and provide a variety of ways to interact such as through your web browser, instant messaging and by email. This isn’t necessarily accessed through your computer, a lot of is now through mobile devices such as iPhones and Blackberries.

Social networking is excellent at reviving old contacts, helping advertise you and your business, and maintaining contacts. It can also be seen as time theft. I would go so far as saying many people even have an addiction that needs to be addressed. There are also risks that need to be considered such as data leakage, identity theft, and virus infections.

Policies should be added regarding your corporations position on social networks as employees may assume that it is authorized without a corporate policy governing acceptable use of the technologies. There are also ways to block access to certain sites through your Internet connection.

One should be careful to ensure these technologies are appropriate for your organization and that the risks do not outweigh the benefits.