5 Easy Steps for Mitigating Your IT Risk Exposure

Things go wrong in IT. This is a given. Hardware breaks, software has bugs, hackers find a way of exploiting security weaknesses (see Heartbleed). Nothing ever goes perfectly, and this is a fact of life. People have two ways of dealing with these technology related issues; 1) they often completely ignore the potential for problems and deal with them in a reactive manner; or 2) they plan ahead and try and get in front of these problems before they become liabilities.

For those who have not taken the time to plan ahead, the rationale given is often either cost or lack of awareness related. Having the in-depth knowledge of a business environment and the foresight to plan ahead on these issues can be expensive and time consuming. Using this strategy often leads to long nights on support calls and large bills at unexpected intervals.

For those who do plan ahead, there is a large investment upfront in avoiding any surprises. While issues can still pop-up that lead to added costs, the potential for gotcha’s is drastically decreased. For larger firms, this is often the method of choice. Any company is impacted by downtime, it’s a matter of risk tolerance for how long a company would be willing to be without their IT services.

If you’re firm is one of the first group there is hope. There are easy ways to keep your company in a risk guarded position that will help you to avoid some of the unnecessary issues that plague companies that aren’t fully planning ahead.

  1. Implement a Security and Software Patch CycleMost software and operating systems have a release cycle for security and software patches. Depending on the product, these can vary anywhere from a monthly release to as-needed releases. Setting a cycle for your business will provide your organization with proper notice on potential downtime.
  2. Develop a Realistic Hardware Upgrade CycleOld hardware can be one of the biggest efficiency killers in an organization. Whether it’s old servers, or Employee computers, upgrading hardware in a planned way will help to increase the efficiency of your organization. Older hardware is not designed to run the latest and greatest software, and this can severely inhibit the capabilities of your employees.
  3. Stay Current on Your Software and Operating SystemWith the planned phase out of Windows XP, there has been a bit of backlash in the business community. The support cycle has been released by Microsoft for years and businesses that did not plan for the change are feeling the sting now. Paying for continued support is costing several government organizations millions of dollars. Staying up-to-date would’ve cost some money up front, but would’ve ultimately saved money in the long run due to the lack of additional incurred support costs.
  4. Keep an Eye on Tech Security NewsMany news outlets have a tech page now (CNN, Fox, ABC etc) , and this is a good place to keep an eye on for awareness of any potential security issues that could impact your organization now or in the future. These issues have a way of coming around full circle and impacting an organization when they least expect it. Knowing what is happening in the world will at a minimum give you a heads up on where there might be the potential for future problems.
  5. Implement a Password Change CycleThis one sounds like common sense, but many organizations still don’t have this set as a requirement. Implementing a password change cycle will allow for added security and will prevent continued security breaches if a password is compromised. As a sidenote on this one, make sure the complexity requirements are sufficient to prevent any data breach from occurring.
  6. Deploy Changes in a Test EnvironmentIf you don’t have a test environment and you have processes that are dependent on servers or applications, this should be a prime consideration moving forward. Having a test environment enables your team to test any changes in a place that will not impact your production environment and will create a place where desired features can be vetted before they are deployed.

This is all about risk tolerance. If you are willing to risk your business and productivity, then there is no need for heeding this advice, but if your organization is not following any of the recommendations above, it is likely that you’re going to incur added costs sooner rather than later.

If you have any further recommendations for added security, please hit the comment button at the top of this post, and be sure to follow me on twitter @burked585.