How to Write an IT Plan: A Quick Guide for Business Owners
If you were fortunate, you were able to pivot your business to have your employees work from home quickly at the onset of the pandemic. As the crisis emerged, business owners scrambled to set-up remote access and patch together what was needed to ensure their employees could work from home successfully.
If you didn’t already have an IT plan in place, this pivot might have felt like a quickly assembled patchwork of software, hardware, employee training and new policies. On the other hand, if you already had an IT plan in place, this pivot was probably fairly simple.
Transitioning to remote work put a renewed focus on why every business should have an IT plan. Here’s a seven-point framework -- with cyber security at its heart -- for building a good IT plan.
1. Consider Your Liability
Downstream liability is something your clients, vendors and insurance carriers are thinking about. The last thing you need is an IT security issue in your blind spot. If you don’t have a firm foundational understanding of your users, the data they access, and how they can be most productive in our new normal, your business is at a clear disadvantage.
2. Review Your Inventory
The next step in reviewing your security risks is to ensure you have a solid inventory of technology tools. It is crucial to identify each physical and virtual asset that is owned or used by your business. This includes each firewall, network switch, wireless access point, server, workstation, and laptop.
3. Organize Your Users
Your next step is to list all your users. The list must include the individual’s name, role in the organization, and what data they are required to access to perform their job. Each user should be assigned access rights according to their role(s) and responsibilities. No one on your team needs to have access to everything. This is the most common and painful mistake that could lead to a breach.
4. Document Your Data
It is critically important to understand and document what data is stored on your network and cloud services. You should know the level of impact that different problems could have on that data. Risks that could ensue are unauthorized access, accidental deletion, and unintentional disclosure, to name a few.
5. Review Data Accessibility
Now that you have reviewed your data, you can address how your users access that data. This includes what can be read, changed, created, or deleted. As I mentioned above, no one needs access to everything. As a network administrator, I use a separate dedicated account that is not associated with an email. When any administrative task is required, I use that dedicated account to complete the task at hand.
6. Don’t Neglect Your End Users
Do not forget about your end users. Ask them what they need to be productive. There are a few things each user should have when they are connecting to your network and/or cloud-based resources. Even if the computer they’re using is not owned by your business, it’s best to supply anti-virus/anti-malware protection. The cost is minimal, but this layer of protection can save you some headaches.
As the number of remote workers continues to rise, there are a handful of safety practices that all business owners, IT managers, and employees should be thinking about. We compiled a list of four best practices here.
You might also be wondering how to avoid common pitfalls when giving employees remote work opportunities. Our IT experts compiled a list here.
7. Train Your Employees
Training your end users is critical. Just because we’re working from home doesn’t mean we can let our guard down. There are more spam, phishing and spear-phishing campaigns going on now than ever before. Each user should be made aware of the important role they play in protecting themselves and their organization.
Not sure where to start with training your users? We have a free guide for that here.
If you lack documentation and crucial layers of protection, writing an IT plan can seem overwhelming.
No matter where you are in the process of writing your IT plan or reviewing your security practices, documenting your business’s IT and cyber security measures will be worth your time. The good news is that for every minute you spend examining your IT set-up and security gaps, you are building a reliable and secure environment to operate your business efficiently and safely.
Maintaining your plan will get easier along the way, we promise!
Contact us online or call 410.685.5512.
About Bill Walter
Bill, our lead networking guru, loves showing clients how technology can be worked into their existing processes to improve efficiency. His expertise includes high level planning for internal and external networks, research and selection of hardware and software products, and hands-on installation and configuration of networks. Normally a pretty easygoing guy, Bill thinks there should be a law against wearing a Bluetooth headset when it’s not in use.