Poorly implemented & managed IT systems put your business at risk!
Yet more than 80% of business owners that we speak with have not considered their risks and/or do not know if anything is being done to mitigate them.
Just prior to writing this copy I was speaking with one of my clients. He was asking me if they are protected against “CryptoWall” (Ransom-ware). The reason for his concern was that an associate company (Name Withheld) had just last week been hit with a serious ransom-ware virus.
The virus had encrypted all shared network files and also the Server Backups, grinding their business to a holt. Sadly, their IT guy had to recover from an old backup. I imagine this would have impacted heavily on the business and their reputation with clients.
Interestingly, the company he spoke of is a large accounting firm with 30+ accountants. His comment to me was
They are a large company, how can this happen? If it can happen to them, surely it can happen to us.
The bottom line is that this should not have happened to such an extent. It is not always possible to prevent virus attacks. However, you can certainly ensure that the impact is minimised and that Server and Data backups can not be compromised. Quite simply, their systems were not set up effectively by their IT provider.
So who is at fault here?
Without knowing the specifics of this company, in my opinion both the IT provider and the company management are probably both at fault.
The IT provider could and should have done more to ensure the systems could not be so badly compromised.
However, the company management should be taking responsibility for their own risk profile. They should be asking their IT provider the hard questions and making sure that they are in control. You don’t just hand your bank account to your accountant and say “Run my business”, so why would you hand your critical IT systems to someone and say “Run my business”?
As a business owner/manager what risks must you consider?
Viruses & Malware
- Do you have a company policy for Antivirus on devices?
- Is your email scanned for Viruses, Scams and SPAM?
- Is your Antivirus Managed & Monitored?
- Do you have Web Protection for malicious websites?
Loss of data
- Is your business data stored on multiple drives (Redundancy)
- Do you have a documented data backup plan
- Are your backups tested on a regular basis
- Are your backups monitored for success or failure
- Do you have an off-site backup of your data
Data / IP Theft
- Do your staff sign an email and data usage policy
- Is confidential data encrypted and secured
- Is data segregated into categories and restricted to groups
- Do you have a documented employee exit policy
- Do you have a Plan B if your IT systems are unavailable
- If a Server fails do you know how long it will take to be operational
- Do you have redundant/backup systems
- Can your staff work from other locations
- Do you store confidential client data
- Do you collect client information from a website
- Do you collect credit card or bank details
- How do you store confidential information and who has access