Would you go to a restaurant if you knew that the kitchen was a mess? Not only would you have questions about sanitation, but the quality of the food would be inconsistent and the staff grumpy because of the circumstances that they have to deal with every day.
Now consider a messy IT environment. It might not be noticeable on the surface, but just as opening the door to the kitchen will tell you a lot about how a restaurant is run, there are signs that sloppy IT management is compromising your technology experience – and the operational success of your business.
Here at XPERTECHS, we often see the signs of sloppy IT management when we onboard new clients. Many of the initial tasks that we take care of right away are very basic but they remedy situations that have a ripple effect on the whole organization.
If the performance of your IT systems is disappointing, then your IT provider may be dropping the ball on essential IT management. This could be because they don’t have the bandwidth or they just don’t know about IT best practices and their role in managing an IT environment.
Use the following signs of sloppy IT management to see if your IT team is dropping the ball.
1. Poor IT Documentation
Your IT department should have written documentation regarding all the components of your network, all the devices connected to it, and all of the software used to run it.
When documentation is missing or not up-to-date, you could have equipment that’s not managed; licenses that you’re not using; and surprises as you’re onboarding with a new IT provider when all of your network assets are uncovered.
It’s important to have all your software licenses properly documented so that you can make sure that you’re not paying for more than you need, and so that you can manage expenditures when it’s time to renew. Likewise, having hardware that’s switched on but no longer being used, could be eating up resources and creating unwatched holes where cyber criminals can sneak in.
2. Improper Configuration of Hardware and Software
Configuration simply refers to how the device or the software is set up. Proper configuration will make sure that the computer is operating efficiently and securely. It will also assure that you’re getting all of the capabilities that you want and need from the equipment and the programs you use.
Some configuration tasks are manual and some can be automated. Not all IT professionals know how to implement configuration best practices, and some just don’t have the bandwidth to take care of it because more urgent issues are always demanding their attention.
Configuration should actually be considered before you make technology investments. Whether it’s a server, a workstation, a switch or a firewall, everything is going to work better if they’re compatible, so configuration should be a factor in the network design process.
3. Outdated Software and Neglected Patch Management
Not keeping software up to date with the latest patches and versions is a big deal. It’s one of the simplest things that you can do to enhance the performance and security of your network. Unfortunately, software and patch management is often ignored because people think they’re saving money by running their programs beyond their supported life.
Software companies release patches for their products as security vulnerabilities are found. Cyber criminals are always looking for ways to get into networks, and these vulnerabilities are like unlocked doors for them.
If you are required to comply with privacy regulations, then you’re automatically out of compliance if you’re running any unsupported software, or you are not staying up to date with patches.
Security isn’t the only reason to keep software updated. You risk performance issues and failures, which can be even worse if you’re not keeping your hardware up to date too.
4. Inadequate Physical Security
When you’re thinking of cyber security, it’s easy to forget about the environment where all of your people and equipment are located. Controlling access to your building and having processes to welcome and document visitors are equally important to data safety as are your firewalls.
Can someone just walk into your facility without a key? Are visitors or intruders going to be able to easily view computer screens? Do employees have passwords on post-it notes? Are there locks on interior rooms that house servers?
Some weaknesses in your physical security can be addressed with locks and access control. Others can be addressed with policies and employee training. For example, employees should be required to lock their screens when stepping away from their workstations, and they should be using identity management tools like Multi-factor Authorization (MFA) as an added layer of security for their accounts.
Just because your people are working from home, doesn’t mean that they can be lax about the security of their environment. These issues can also be addressed with policies and training, in addition to equipping people with the right technology tools.
5. Messy Cables and Uncontrolled Server Rooms
While lots of companies have all or part of their infrastructure in the cloud, there are still many that have servers at their office location. If that’s you, go open the door and examine the condition of the server room. A cursory glance will tell you a lot about how much attention the servers are getting in regard to their environment.
Computer equipment needs certain temperature, humidity and airflow conditions to perform optimally. When servers get too hot, or if temperatures aren’t consistent, the server could overheat and even fail. Then you’re dealing with downtime while you get a new server up and running from your backup.
It’s not great to have a rats’ nest of cables coming out of the back of the servers either. When it comes time to make changes, it will take IT a lot longer because they have to track down where each wire is headed. It’s much better to have cables labeled or documented, and to have a standard of colors to help identify each cable’s use.
6. No Emergency or Disaster Response Plan
If you had some sort of cyber incident or accident situation that took down your business, you’d find out pretty fast if you had a Disaster Response Plan and if it worked. When an emergency happens, emotions are high and people need to act fast. They’re more likely to make better decisions in these circumstances if they’ve been trained to follow your Disaster Response Plan.
You should have a response plan that documents what employees should do if there’s a fire, a natural disaster, a plumbing leak, severe weather, or a cyber incident. Instructions on how communications will be handled during a crisis are very important both in the heat of the action, and afterwards to manage the fallout.
In the case of a cyber attack, your Incident Response Plan should answer questions like: What should I do if I suspect a cyber attack? Who should be notified after IT? Who is going to communicate with employees and customers, what do we need to tell them?
Here’s Your ACTION ITEM to Uncover Sloppy IT Management
Ask your IT team about any of these six signs that IT management is slipping. If you’re not happy with the answer you get or you don’t know how to interpret what they give you, get an IT assessment.
Contact us to schedule a meeting.