Welcome to the top 10 IT best practices to adopt right now. This simple, non-technical “listicle” (updated annually) covers some of the most valuable technology tips we can assemble into a five-minute read. Some of the recommendations are a little obvious. However, the trick is to combine each bit of evergreen advice into a unified and repeatable process.
IT Best Practice #1 – Embrace Strategy
A strategy is the best foundation for creating IT systems and security solutions that align with your business goals.
Does your 5-year business plan inform your IT?
If not, it’s time to establish a Technology Planning Committee to integrate the two. And institute policies, planning, procedures, collaboration, tracking, and accountability across each functional area or department of your organization. Repeating what you’ve always done without a strategic blueprint and team buy-in is risky.
Learn More: Missing the Strategy Piece?
IT Best Practice #2 – Establish a Budget
IT should be an investment similar to real estate and human resources. With the emergence of mobility solutions and work-from-home trends, technological innovations will likely reduce your dependence on real estate and increase your dependence on new cybersecurity protections.
Do you have agile systems in place if you need to pivot? Are you familiar with the differences between an IT budget and a security budget?
Start getting comfortable with formulas that apply to hardware, software, warranties, services, cybersecurity, and IT salaries. As a benchmark for establishing an annual technology budget, Gartner Group cites a cross-industry average of 3.3% of sales.
If you can’t commit right away, develop basic guidelines to inform your future aspirational state.
IT Best Practice #3 – Adopt Standards
Standards increase the likelihood that all moving parts of your IT environment communicate efficiently and securely.
Are your servers, workstations, wireless access points, cloud applications, switches, and firewalls a mixture of business class and home/office “prosumer” class?
By upgrading each piece to business class, you’ll improve operations, reduce cyber risk, and enhance employee morale.
Learn More: Technology Standards
IT Best Practice #4 – Eliminate Single Points of Failure
Two scenarios make you vulnerable to potential disruption: The first is putting one person in charge of handling IT in-house. The second is assigning an individual to oversee the relationship with your managed services provider (MSP) AND running interference on every user request for technical support. Quarterbacking every last ticket is unsustainable, exhausting, and creates huge bottlenecks.
- Will your MSP allow each user to open tickets directly?
- Do you have a meaningful way of assessing the skills of your in-house IT employee?
- Is everything documented (in case they leave)?
Unless your answer to all three questions is “yes,” you have some trouble spots to address.
IT Best Practice #5 – Master Cybersecurity Frameworks
Are you crystal clear on the cybersecurity frameworks that are best suited to minimize your regulation and compliance exposure?
The current digital landscape is a double-edged sword. Threat actors use social engineering to bypass cutting-edge security solutions to compromise your assets. Then government agencies hit you with fines if there’s a breach.
There is an alphabet soup list of framework options to juggle: NIST, CIS v7, ISO 27001, SEC, SOC 2 Type 2, CMMC, GDPR, HIPAA, etc. Make sure you are actively engaged and up to date. You also need to ensure your team receives ongoing cybersecurity awareness training.
Learn More: Cybersecurity Frameworks
IT Best Practice #6 – Optimize The Technology Lifecycle
Every component in your IT stack has a useful life. Replace equipment before it fails.
The following IT infrastructure examples are not exact extinction dates but approximate lifespan guidelines:
- Laptops – three years
- Workstations – three to four years
- Servers – three to five years
- Wireless Access Points – three to five years
- Firewalls – five to seven years
- Switches – seven to ten years
- Cabling & Wiring (Low Voltage) – seven to ten years
Warranties and renewals of service and support agreements also require careful attention.
Learn More: The Technology Lifecycle
IT Best Practice #7 – Leverage The Cloud
Every application not currently hosted in the cloud will be moving to the cloud in five to ten years.
This shift is good news for companies that want an alternative to the complexity and expense of premise-based solutions. It also portends well for the proliferation of Single Sign-On solutions that allow users to reach their applications through one secure portal.
The shift is inevitable as mainstream developers focus on designing solutions for web browsers and Software as a Service (SaaS), deployed from hyper-scale, public cloud providers like Amazon and Microsoft.
Learn More: All Roads Lead to SaaS
IT Best Practice #8 – Elevate Backup & Disaster Recovery
According to IBM, “The subprocesses—’backup’ and ‘disaster recovery’—are sometimes mistaken for each other or for the entire process. Backup is the process of making the file copies. Disaster recovery is the plan and processes for using the copies to quickly reestablish access to applications, data, and IT resources after an outage.”
Backup is one of your best defenses against intentional or accidental data loss. And yet, many organizations still have significant room for improvement.
According to Help Net Security, “85% of organizations aren’t backing up multiple times per day, 26% back up daily, 28% back up weekly, 20% back up monthly, and 10% aren’t backing up at all. These lapses can lead to days, weeks, and months of lost data with a low probability of a complete recovery.”
Peter Krogh, a well-known photographer, popularized the concept of the 3-2-1 rule, which recommends having at least three copies of your data, storing the copies on two different media, and keeping one backup copy offsite.
IT Best Practice #9 – Maximize Business Continuity
Forward-thinking companies grow by maximizing business continuity and minimizing disruptions, especially avoidable ones.
As Datto explains, “A business continuity plan (BCP) is an organization-wide strategy, setting out the procedures and steps to maintain the business’s critical operations and keep them running during an unexpected interruption or a disaster. The process of creating this detailed plan is known as business continuity planning. The BCP is more extensive than a disaster recovery plan, which primarily focuses on the restoration of data and access to the IT infrastructure following a disaster. BCPs include contingencies for business partners, assets, processes, operations, human resources, and every other business aspect that may be affected.”
If your organization were to suffer a catastrophic event like a flood, data breach, or fire, would you be able to continue operations?
Very few companies would be able to carry on without incident. Think about how much downtime you can bear and fill in the gaps by evaluating and strengthening your position with the other considerations on this list.
IT Best Practice #10 – Prosper with a Trusted Advisor
The United States is home to thousands of IT support companies. The various players include:
- Sole proprietors
- Break-fix providers
- Five to ten-person shops
- Larger regional firms
- National MSPs owned by private equity firms and public conglomerates
There is tremendous turmoil in the space as smaller providers struggle to keep up and larger entities make acquisitions.
Can your IT provider scale with you as you grow? Is their ownership changing anytime soon? Are they listening before making recommendations or making product pitches on autopilot?
Make sure you partner with a company that demonstrates discernment and can serve as an objective consultant.
Learn More: 4 Different Kinds of IT Support
Moving Forward with IT Best Practices
I hope our recommendations will inspire you to begin making improvements within your organization right away.
If some of the guidelines seem unrealistic, you’re not alone. Even companies in the Fortune 500 have gaps. The goal isn’t perfection. The main objective is to move forward one step at a time.
Are you ready to organize a plan to assess where you stand? I suggest you consider the following first steps:
- Ask your in-house IT department or MSP if they have detailed documentation on each initiative: (network diagrams, IT roadmaps, service catalogs, contracts, vendor directories, etc.)
- If they do, make sure you employ a scoring system to rank and improve your standing in each category.
Get a third-party assessment if they don’t have detailed documentation and a scoring system in place. A second opinion is advisable every few years. Many MSPs will conduct a comprehensive technical assessment for a nominal fee.
Please schedule a discovery session if you need assistance organizing your approach.