Best Practice Guide for SME IT: Better IT Systems

by Rupert Davey
February 2020

Let us guide your business to a world of better IT!

There are so many ways to (mis)configure IT systems…

It’s important to understand your current IT system which will enable you to identify your vulnerabilities, weak spots, inefficiencies and ultimately allow your managed service provider, or IT support company, to take steps to better protect your data and improve your overall IT environment.

In defining your “IT systems” we’re talking about three pillars: devices, data and people.  Specifically, we’re looking at how the people use devices to access the data.

Let’s expand this and say people need secure access to only the data they need to do their job, this is the principle of least privilege (POLP), and the access should be from a device that is trusted by the organisation.

There are various failure modes here, some of which you might recognise:

  1. People can access data they don’t need to access
  2. The device is not or cannot be trusted
  3. The access isn’t secure
  4. The data isn’t secure

On a per-person basis, more than one of the above could apply and it probably isn’t consistent across the organisation.

There are many other failure modes that over time, through organic growth of the IT system, will build up into something that evolution cannot fix.  You need a revolution and best practices implementation allows for sustained organic growth.

In this guide we will take you through the three cornerstones of your IT system:  people, devices and data.

People

This is the identity of the person accessing your data; how can we be sure of a person’s identity?

Devices

Once we’re happy with the identity, do we know the device is virus free, secure and encrypted? Is that it or is there more we can do to ensure we trust a device?

Data

Now we’re happy with the person’s identity and that they are accessing the data from a trusted device, should they be accessing the data?  Are they allowed to access the data? What happens if the data gets damaged?

Just these pointers should be enough to get you thinking, but we’ll be exploring them more in future posts.

If you can’t wait that long or would like more information, please contact us now.