Categories
Technology

Business Information Technology Risk Assessment

In the spirit of St. Patricks Day, it is a good time to ask yourself how lucky you are. Since we are an IT consultant, we are going to focus on what that means when we look at an IT network. As an IT company, we get to see how a lot of businesses operate and manage their IT and it ranges from systems that completely rely on luck to operate from one day to the next to businesses that have more layers of redundancy than employees in the company.

Closeup of messed wires connecting computers and printers in office

It is truly amazing how lucky you can be when operating a business with a network that is patched together. Eventually, however, luck runs out and this can be costly. What we have put together is an easy way for you to self-asses how lucky you are. Using a scale of one to ten, run through the follow list of questions and use this metric to give yourself an accurate risk assessment.

The categories below are based on a company that has 10 to 50 employees and is hosting a network internally. Each category will give you 10 points for a total of 50 if you are doing your due diligence to protect your network and your company.

Backups
There are two types of backups. Local and off-site or hosted. A good way to look at an effective backup system is through a layered approach. Ideally, you should have a server that is backed up to a local storage. The local storage should then be backed up off site. This way you accomplish speed and redundancy. Give yourself three points if you have a local backup system, an additional three points if you have offsite backups and four points if you are using a backup monitoring system to ensure that your data is actually backed up.

Network Age
A network is not like a fine wine. It doesn’t get better with age. The older your hardware, the more likely you are to have to respond to downtime and data loss. We recommend that our clients replace their computers on or before the five-year mark and replace servers at three years. Other network hardware such as switches, battery backups, firewalls, routers and WIFI access points should be replaced at the same time you replace the server. To the best of your ability, try and assess the age of your network hardware. If 10% of your network falls within this specification, give yourself 1 point. If 70% then 7 points and so on.

Security
You can never be too secure so it is difficult to score a 10 on this scale. Just doing your due diligence will get you a long way and that is what we are going to focus on here. Give yourself two points if you have each of the following.

  • Anti-virus on each workstation and server.
  • Managed Firewall
  • If you scored over a 6 on your network age
  • If you have passwords on each workstation that expire every 90 days
  • If you are PCI compliant

Software Patch Level
Do you know the current patch level for all of your supported software? This could be the operating system on your server, the firmware on your firewall or the version of anti-virus you are running. Your hardware is only as smart as the software that is running on it. If you are running software that is out of date or is not supported you are at risk. Give yourself two points for each of the following.

  • Is your firewall running the latest firmware?
  • Is your server OS under support?
  • Is your anti-virus running the latest version?
  • Are your computers running the latest version OS?
  • Are you using a line of business application that is up to date?

Vendor Support 
Vendor support for applications plays a critical role in keeping networks running smoothly. If you are using a line a business application for the majority of your day to day operations but haven’t purchased a vendor support package with this product, you are exposing yourself to potential downtime. Partnering with an IT support company will not necessarily fix this issue due to the fact that no support partner will know that important application like the company that created it. In addition to purchasing vendor support for your most important application, you should also work with an IT partner that can provide preventative support for your network to ensure that you are as protected as possible. If you have purchased an application support package then give yourself five points. Also, if you are working with an IT support partner for all of you daily IT needs, give yourself five points.

If you tally up your point and find that you have between 40 and 50, Congratulations! You are doing your due diligence to ensure that your network is running smoothly and you are protected against downtime and data loss. If you are between 25 and 40 you should consider working with a consultant to make a road map for improving your network. If you scored less than 25 you are relying on luck to keep your network operational. In this case, you should reach out to an IT consultant and consider making serious improvements to your network infrastructure and support.