Q&A with Shay Stoddard: How to Audit Your IT Infrastructure for Business

The survival of your business depends on a robust IT plan. From simple things like two-factor authentication, to more complex hardware overhauls, there’s a lot you can do to keep your business secure. 

No matter the size of your business, having a clear IT strategy is vital to the success of your business. Just think, can your business survive without operating for the next two weeks, the next two months? Without an IT security strategy in place, you run the risk of being hacked and shutting down your business for good.

In this Q&A session, Shay Stoddard draws on her experience in IT management to explain why you need to focus on your company’s IT. She also outlines helpful tips and the steps you can take to audit your IT infrastructure and keep your business secure.

Let’s dive into the essentials with Shay Stoddard.

Why is it important to audit your IT infrastructure?

Stoddard: An audit of your IT infrastructure gives you an overview of what you currently have in place, the age of devices, whether your devices can receive the necessary updates, whether the equipment is reaching End of Life, and what makes you vulnerable. It also allows you to create a plan of action for the fiscal year and should help mitigate surprises from equipment failures.

How does auditing your IT help your business grow?

Stoddard: When you know where you are vulnerable, you can spend resources to enhance your technology infrastructure, which can help you future-proof your business. It allows you to plan and budget for the future.

What are the most common mistakes businesses make when setting up their IT infrastructure?

Stoddard:

I think that there are several items a business needs to consider when setting up their IT infrastructure. Here’s some common mistakes I see:

  1. Not having a firewall with Unified Threat Management
  2. Not knowing or understanding that any physical appliance connected to your network needs to receive firmware updates to address security concerns (printers, security cameras, switches, firewalls, wireless access points).
  3. Not understanding your compliance and what steps you need to take to ensure that your IT infrastructure remains compliant.
  4. Not using multifactor authentication.
  5. Not having centralized Management over your devices.
  6. Not having an IT Budget or a Disaster Recovery plan in place.

In which industries is it most important to conduct an IT audit?

Stoddard: I think it’s necessary across the board, no matter your industry. Anyone with specific compliance regulations that their business needs to abide by, such as HIPPA, CARF, CMMC, PCI, etc. Hackers don’t care if you are a small business with only five employees; everyone is at risk, so it’s crucial to ensure your infrastructure is secure.

How can small businesses that can’t afford large IT teams keep their IT infrastructure secure?

Stoddard: You can start by doing some of the abovementioned items. I would also consider hiring an Managed Service Provider. It’s cheaper than hiring a full-time employee, and you have the benefit of having a dedicated, knowledgeable team to handle all your IT needs.

What should a customer consider before getting Managed IT?

Stoddard: First and foremost, know your budget and your expectations regarding what you are looking to gain. Some people like to remain hands-on and do the small, day-to-day tasks of IT, while others want to pay someone to handle it all for them. Clearly understand what the MSP will and will not support and how you will work together.

What kind of support do they offer? Are they familiar with your industry and your compliance regulations? Will they have a review with you every quarter? How will you contact them? What is their SLA? What is their response time for something critical? Will you have a dedicated team member, or will it be someone different every time? Does the MSP offer an array of services you can bundle, making it easier to manage?

Ask for references. I recommend having a list of questions prepared to ask. Are they actively listening to and addressing your concerns when they talk to you?

What are the main ways Managed IT can help a business run its IT infrastructure?

Stoddard: I think having an MSP gives you a sense of security. You have a team you can rely on to have your business’s best interest at the forefront. A good MSP will be proactive. They will help you have a disaster recovery plan in place, help you create and plan out an IT budget, and let you know where you should be focusing your money on growing your technology needs. MSP monitors and maintains your network infrastructure so that you can concentrate on growing your business. What happened with Microsoft and CrowdStrike is an excellent example of why planning for the unexpected is essential.

How often should a business be auditing its IT infrastructure?

Stoddard: The standard is that most people do an audit once a year. I recommend it every six months. With the advancement of AI comes more advanced attacks against businesses and their IT infrastructure. It’s essential to assess the strength of your network and your end user’s ability to detect phishing events.

Secure Your Business
Keep your business running securely with customized
managed IT solutions tailored to your needs.

What does a business risk by not auditing their IT?

Stoddard: Everything. Not auditing leaves your business susceptible to breaches by having outdated equipment. Based on my research, more than eight out of 10 businesses that are compromised end up going out of business within that six-month period.

What happens when businesses neglect their IT infrastructure?

Stoddard: Neglecting your IT infrastructure puts your business at significant risk. If your equipment fails, you risk the corruption of critical data and considerable downtime. Not maintaining the necessary firmware updates makes you vulnerable to being hacked.

What are some simple steps businesses can take to improve their IT infrastructure?

Stoddard:

  • Have a firewall with Unified Threat Management.
  • Have virus protection designed for businesses that offer cloud app and email security with real-time scanning and crypto lock protection.
  • Make sure your devices are up to date.
  • Make sure that your internal network is locked down.
  • If you offer Wi-Fi to customers or guests, it is essential to ensure it is separate from your internal network.
  • Set up multifactor authentication for everything. I realize it’s a pain, but it can save your business.
  • Do not save your password in your web browser.
  • If you travel with a laptop, ensure your hard drive is encrypted.
  • If you save sensitive information to your computer, make sure you have that in a folder or file that is also password protected.
  • Have secure offsite backups of your crucial data.
  • Go a step further and have a separate network for IOT devices. I do this at home for my TVs, Wi-Fi cameras, thermostats, doorbells, Alexa, and now my stove.
  • I always tell people that they are their first line of defense. Just being mindful of what you are clicking on can significantly impact the type of day you have.

Table of Contents