Get back to basics
By Laura Haight
Originally published as The Digital Maven in Upstate Business Journal
I know it’s too early to start actually talking about New Year’s Resolutions. We haven’t even hit Christmas yet. But this is the last Maven column of the year, so it’s my only chance to get to you before you start breaking those hastily made and half-hearted ones.
As important as technology is to nearly every business, it is frightening how little we understand about it, how untrained we are in maximizing the benefits of it, and how poorly we protect it.
Here are four must-do technology resolutions.
Create a technology roadmap
For many businesses, tech purchases are an impulse buy – something we get when something else breaks. But technology needs to be planned and budgeted for. And to do that you not only have to know what you want, but what you have.
An inventory of your hardware and software can shine a light on a number of problems. Without a roadmap and purchasing plan, a lot of businesses do not put the right technology in the right place with the right person. An accounting clerk’s desktop computer finally dies and has to be replaced immediately. A small business will often go online, look for a good sale and buy a new laptop. The impulse to get a laptop is a good one; we should see desktops pretty much disappear from the office landscape by 2020, but who gets it? Often it’s the employee who had the dead computer – whether they need the faster and more efficient processors, hard drives and RAM, or not.
Smart businesses will make a plan – and the budget to back it up – not only for what they want to buy but the best place to deploy it. That does take more work. But it is work that will pay dividends later on.
Create, update and distribute technology policies
The abuse/misuse of technology is more than just an irritant for business. It is a serious and potentially very expensive risk. Although having well-stated policies is certainly no guarantee of compliance, it goes a long way to letting your employees know that the appropriate use and security of technology matters to your business.
We often assume “everybody knows” the right things to do and – more significantly – not to do. But that is far from the truth. If it were true, the most common passwords every year -- including this year, according to SpashData – would not be 12345 and password. Because many systems require eight-character minimums, a new one cracked the top five this year. 12345678!
A set of clear, concise and relevant policies is a critical first step. Policies should address acceptable use of company technology, Internet usage including policies of websites that should not be visited while on company equipment or using personal tech on a company network, social media policies, best practices for protecting sensitive data as well as an explanation of what sensitive data is, working at home policies, and policies/security procedures on use of mobile devices.
Three keys to effective policies: Involve actual employees in preparing them, review them annually, and conduct periodic checks to test compliance.
If you’ve got a nice set of policy manuals in the HR office, it would likely be eye opening to walk around your business and see how many employees have a) been given them, b) ever read them or c) really follow them.
Take security seriously
2017 must be the year businesses get serious about security. Hacking is everywhere and the costs are growing exponentially. In 2015, a Duke University/CFO Magazine Global study (goo.gl/M4hecz) found 80 percent of all US companies regardless of size had been hacked. The survey had been conducted for 77 consecutive quarters and spanned the globe, making it the world's longest-running and most comprehensive research on the subject.
This month, the IBM company Resillient and Ponemon released their 2016 Cyber Resilience Study and reported that 66 percent of businesses surveyed said they could not recover from a cyber breach.
If you knew that two thirds of the houses in your neighborhood had been robbed, would you check your locks, test your alarm system and buy a dog? If FBI Director James Comey is right, your business has probably already been hacked. And, in a testament to weak policies or lack of adherence and oversight, the FBI also says that the average length of time a hacker is in a business before being discovered is a full 18 months.
Wake up. Every business and nonprofit has something a hacker wants – even if it is only access to a bigger company.
Train your staff
Taking security seriously doesn’t necessarily mean spending a lot of money on technology. There certainly are some security-enhancing technologies that are worth considering, but the real bang for your buck is in educating and training staff.
The biggest risk to your business is already in the building. Every hack and data breach that has ever occurred, without exception, has begun with an authenticated employee clicking on something they shouldn’t, going somewhere online that they shouldn’t be, downloading something they shouldn’t have.
Technology is a great tool. Put the right tech in the right places and make sure your employees are doing the right things. That’s a resolution you can build a secure and successful year on.