Developing a network security policy (and its companion network security policies) begins with establishing guidelines for creating, reviewing, revising, and retaining your information security policies and procedures. Since information is accessed and stored on your...
How to Assess IT Effectiveness
It’s tough for C-Level executives at SMBs to honestly know the IT department has everything covered.
Are we protected against the latest security vulnerabilities? Do we have a fool-proof backup and disaster recovery plan? Is my team qualified to manage Microsoft 365? Can they confidently answer questions on our cybersecurity policy renewal application?
Questions like these are top of mind when you have an in-house IT Department. Consisting of a director and an IT support specialist, these two work in tandem, call all the shots, and outsource anything they can’t figure out to an independent break-fix IT guy or a very small IT service provider.
Sound familiar? It may ring a bell because this arrangement is commonplace at SMBs with 25-100 employees.
What’s the problem?
If your IT systems are easy to access, fast, quiet, and your employees aren’t complaining, it’s reasonable to assume you’re all set.
However, it’s impossible to verify you have the best people, processes, and technology to advance your strategic goals without detailed reporting, including KPIs.
Naming conventions will vary from one company to the next. And so will the contents, thanks to APIs and customizations. But one plot point remains constant: anything worth investing in is worth measuring, documenting, and refining for increased accountability.
The following pillar categories appear in many popular IT reports. And you don’t have to be technical to grasp the business rationale for each topic quickly.
IT Strategic Roadmap
This executive report usually includes everything else we mention below. It’s a comprehensive and dynamic “medical IT record” for your organization.
A roadmap is an action planning tool that integrates your budget and strategy to address three primary concerns: What business outcomes are we trying to achieve? What technologies do we need to accomplish these outcomes? How should we make our technology selection decisions?
These questions should be reviewed with C-Level executives and IT Steering Committees monthly, quarterly, or bi-annually. (Annual reviews are not frequent enough, but this is a good start if you’re a newbie. Better late than never!)
Initiatives are presented and prioritized according to business risk (low, medium, and high) and business impact (lower risk, improve efficiency, strengthen compliance, and reduce cost). Think of this as a colored-coded punch list.
With increasing pressure from cybersecurity insurance providers, companies constantly review hardware and Software as a Service (SaaS) options to harden security.
Learn More: Minimizing Cybersecurity Insurance Risks
Current PowerPoint or Visio exhibits of your network make complex, far-flung IT system interdependencies accessible for all audiences to understand.
A network diagram may initially include three icons representing bare metal servers. Two years later, three cloud icons may appear in their place because more secure, flexible SaaS alternatives have supplanted the machines.
Learn More: Network Diagram Examples
Managed Assets & Warranties
Network elements like firewalls, storage appliances, backup devices, Wireless Access Points, switches, printers, servers, VMs, cloud apps, and user devices are continuously tracked, monitored, replaced, and upgraded according to their useful life. Each is cataloged by:
- Device Class
- Device Name
- Serial Number
- Operating System & Service Pack Status & Age
- Purchase Date
- Expiration Due Date
- Last Logged In User
- Warranty Expiration
- Last Discovery Date
Microsoft User Directory
Employees come and go especially today’s younger workforce. When someone leaves, they should be immediately removed from the domain. This practice enhances security, reduces clutter, and lowers expenses for unused subscriptions.
Microsoft charges different rates depending on the licenses you select. And the rates are going up on March 1, 2022!
Some users need Microsoft 365 Business Standard, while others require Microsoft 365 Business Basic. The former is $7.50 more per month. See why it pays to get these subscriptions right?
Learn More: Microsoft 365 Business Licenses
Every IT activity should be categorized, prioritized, and remediated according to its business severity. Everything from automated system updates (that happen behind the scenes), IT planning, procurement, project management, and just-in-time user support should be charted and presented in an Executive Summary for review.
Is your IT department efficient? One measure of this is the rate they open and close tickets from one month to the next.
Are they attentive? If the average time to acknowledge a request is trending lower from one month to the next, that’s a good sign.
Do you know how they spend the majority of their time? Down to nitty-gritty percentages?
- Audio Visual
- Cloud Servers
- Cyber Security Awareness Training
- Remote Support – Work From Home
- Security Vulnerability Events
- Server & Workstation Patching
- VoIP Support
- Wireless Access
- Workstations/User Support
Every one of these line items fits into a pie chart to help answer the burning question: What have you done for me lately?
For example, data that reflects 100% up-to-date workstation and server patch status is a security hot button that will instantly increase everyone’s peace of mind.
(Since much of this activity is automated and automatic, it may appear as a lower percentage on the chart.)
However, workstation support is a different matter. If your ticket volume for user support is trending higher every month, and its root cause is a file share on a server approaching its expiration date, IT can make a strong business case for replacing that asset.
Learn More: Client IT Reporting
Client Sign-Off Form
Finally, every plot point and proposal needs to be recorded. It’s easy to forget what you didn’t approve and easy to get mad when something blows up because you didn’t authorize a replacement recommended by IT.
Are you confident you can trust your IT team? Do they have any of the reporting capabilities we just presented? They may be working with some fantastic third-party resources but not taking full advantage of their offerings.
There may be several reasons for this. However, don’t discount the role of self-interest. IT Departments lacking confidence in their professional capabilities may be reluctant to highlight vendors who may make them look bad.
Forward-thinking MSPs aren’t out to replace in-house IT. They have service plans and consulting services to make your IT department stronger.
Learn More: Fractional Chief Information Security Officer Services
There’s another challenge with building an in-house IT team. You may have recruited engineers and directors from a best-in-class MSP, but their skill set will need updating every eighteen months.
And with the current labor shortage affecting the tech workforce, especially cybersecurity, it’s impossible to prevent employees from jumping ship for an instant $25,000 annual increase somewhere else.
In 2022, Integris is investing big in cybersecurity. In fact, we’re expanding our team of highly trained virtual CISOs (Chief Information Security Officers). With the extra capacity, we're offering our CISO experts as a service line for all our locations.This is a...
Why would an MSP publish an article sharing ten best practices from the top cybersecurity training companies? Because we partner with most of the computer-based educational providers quoted in this article or help administer their cyber training services for clients....