It’s road construction season in Northeast Ohio! I live near a massive widening project that’s halfway to a 4-year completion goal. It can be inconvenient, but I’m already experiencing the positives, including fewer backups and smoother roads. Your IT is similar. As systems age and technology advances, weaknesses and gaps become more apparent. Your IT provider can help you identify and prioritize the technology gaps in your business to fit your needs and budget.
How to Identify Technology Gaps
Why do you need a technology gap assessment? You may need to meet:
- cyberliability insurance requirements
- goals for your organization’s growth
- your customers’ vendor IT security requirements
- regulatory compliance requirements
- best-practice IT standards to protect your customers’ data as well as your own.
This is the time to be honest about how your IT is functioning now. What works? What’s frustrating? Can your current IT meet the demands of your business goals? How are outside changes (such as software end-of-life) going to have an impact?
Your network diagram, asset inventory, security assessments and software summary will also come in handy during your review. You may find the gaps are relatively easy to close, or you may need to create a multi-year plan.
Why You Should Prioritize
Refreshing an entire IT infrastructure at once is rarely practical — both financially and in terms of user experience. Plus, one improvement often builds on another, so it makes sense to work in stages.
Prioritizing technology gaps helps you:
- fix the most critical gaps immediately. These will generally relate to cybersecurity.
- make reasonable and attainable budget decisions. Make sure that every IT dollar you spend today will continue to serve you well in the future.
- improve control over transformation and upgrade. Logical and orderly upgrades ensure everything runs smoothly.
- avoid overburdening key stakeholders. Let’s face it – learning new systems can be time-consuming and frustrating. Make it as easy as possible for your employees and clients to adjust.
Use the “Red, Yellow, Green” Approach
In the IT world, red lights are generally “bad” and green lights are “good”. (It would be great to have a yellow “caution” before something turns red – maybe someday.) It makes sense to take a similar approach to categorizing gaps or vulnerabilities based on their severity. Some actions will need to be taken immediately and some may be rolled out over several years.
Before you begin, be aware of these hazards as you work with your IT advisor to set the priorities:
- Overlooking urgent issues
- Allocating budget to less critical problems
- Leaving backdoors open to threat actors
- Hampering employee productivity
Red vulnerabilities are most severe and should be addressed as quickly as possible, including:
- Failing backups
- Attempted and successful logins by users marked as former employees or third parties
- Unsecured remote connectivity
- Outdated anti-virus/anti-malware
Yellow vulnerabilities should be on your radar but can wait until the highest priority gaps are addressed:
- Lack of multifactor authentication
- Non-existent or unreliable automated patching system
- Failure to enable account lockout for some computers
- Inability to send encrypted emails
Green vulnerabilities are the least critical but still important, including:
- Computers with operating systems nearing their extended support
- Persistent on-premises sync issues
- More administrative access than is required to perform essential duties
- Accounts with passwords set to “never expire”
- No password managers in use
Technology changes rapidly, and every organization likely has at least one gap. Your IT provider can make it easier for you with regular planning and budgeting advice. You may not need a 4-year improvement plan like the road construction near my home, but don’t wait to close the gaps that will improve your security and efficiency.
To talk about identifying and prioritizing the technology gaps in your business, contact us!