Home » Q&A with Shay Stoddard: How to Audit Your IT Infrastructure for Business
The survival of your business depends on a robust IT plan. From simple things like two-factor authentication, to more complex hardware overhauls, there’s a lot you can do to keep your business secure.
No matter the size of your business, having a clear IT strategy is vital to the success of your business. Just think, can your business survive without operating for the next two weeks, the next two months? Without an IT security strategy in place, you run the risk of being hacked and shutting down your business for good.
In this Q&A session, Shay Stoddard draws on her experience in IT management to explain why you need to focus on your company’s IT. She also outlines helpful tips and the steps you can take to audit your IT infrastructure and keep your business secure.
Let’s dive into the essentials with Shay Stoddard.
Stoddard: An audit of your IT infrastructure gives you an overview of what you currently have in place, the age of devices, whether your devices can receive the necessary updates, whether the equipment is reaching End of Life, and what makes you vulnerable. It also allows you to create a plan of action for the fiscal year and should help mitigate surprises from equipment failures.
Stoddard: When you know where you are vulnerable, you can spend resources to enhance your technology infrastructure, which can help you future-proof your business. It allows you to plan and budget for the future.
Stoddard:
I think that there are several items a business needs to consider when setting up their IT infrastructure. Here’s some common mistakes I see:
Stoddard: I think it’s necessary across the board, no matter your industry. Anyone with specific compliance regulations that their business needs to abide by, such as HIPPA, CARF, CMMC, PCI, etc. Hackers don’t care if you are a small business with only five employees; everyone is at risk, so it’s crucial to ensure your infrastructure is secure.
Stoddard: You can start by doing some of the abovementioned items. I would also consider hiring an Managed Service Provider. It’s cheaper than hiring a full-time employee, and you have the benefit of having a dedicated, knowledgeable team to handle all your IT needs.
Stoddard: First and foremost, know your budget and your expectations regarding what you are looking to gain. Some people like to remain hands-on and do the small, day-to-day tasks of IT, while others want to pay someone to handle it all for them. Clearly understand what the MSP will and will not support and how you will work together.
What kind of support do they offer? Are they familiar with your industry and your compliance regulations? Will they have a review with you every quarter? How will you contact them? What is their SLA? What is their response time for something critical? Will you have a dedicated team member, or will it be someone different every time? Does the MSP offer an array of services you can bundle, making it easier to manage?
Ask for references. I recommend having a list of questions prepared to ask. Are they actively listening to and addressing your concerns when they talk to you?
Stoddard: I think having an MSP gives you a sense of security. You have a team you can rely on to have your business’s best interest at the forefront. A good MSP will be proactive. They will help you have a disaster recovery plan in place, help you create and plan out an IT budget, and let you know where you should be focusing your money on growing your technology needs. MSP monitors and maintains your network infrastructure so that you can concentrate on growing your business. What happened with Microsoft and CrowdStrike is an excellent example of why planning for the unexpected is essential.
Stoddard: The standard is that most people do an audit once a year. I recommend it every six months. With the advancement of AI comes more advanced attacks against businesses and their IT infrastructure. It’s essential to assess the strength of your network and your end user’s ability to detect phishing events.
Stoddard: Everything. Not auditing leaves your business susceptible to breaches by having outdated equipment. Based on my research, more than eight out of 10 businesses that are compromised end up going out of business within that six-month period.
Stoddard: Neglecting your IT infrastructure puts your business at significant risk. If your equipment fails, you risk the corruption of critical data and considerable downtime. Not maintaining the necessary firmware updates makes you vulnerable to being hacked.
Stoddard:
980 Hammond Drive, Ste 400
Atlanta, GA 30328