The end of the year is near, and it’s easy to get caught up in the excitement of the holidays. But don’t let that be an excuse to forget about your entity’s security and information technology (IT) operations. As you close out your year, here are seven areas and tips that can help you strengthen and further secure your entity’s IT environment – and keep you off Santa’s naughty list!
Outdated software or office products.
With the upcoming end-of-life scheduled for Windows XP in April 2014, are there any other hardware items that your entity uses that have or will reach end-of-life soon? What if these items were to experience failure today? Would it cost you more to repair it than purchase a new replacement? If you’re concerned, these items should probably be included on your New Year’s IT budget.
Many entities experience a slow down during the holidays and this would be a good period to test for disaster recovery preparedness. Test offsite backup data for accuracy and completeness. Re-access the priority of applications used to perform your main processing. An application priority listing is essential in the event of a disaster so that immediate recovery of your business can begin.
Review all service agreements to verify that you aren’t paying for equipment or software that has been taken out of service. Again, ask: Would it be less expensive to replace equipment than pay for maintenance
User logins and system access.
Review user logins for active directory and virtual private network (VPN) setups. Don’t leave unnecessary logins active so that they could be accessed improperly. This is especially important if you’re using a cloud environment. Test shared drive directories to guarantee that areas that store sensitive data are still secure and only accessible by individuals that actually need access for their job responsibilities.
IT policies and approved devices.
Review existing IT policies and take into consideration new technologies. A variety of new technology devices will be under many individuals’ Christmas trees – how will these new devices affect your internal network? What precautions will you take to limit the risk to your network?
Electronic commerce is commonplace in all aspects of our life. Ensure that your entity is not storing credit card numbers, Social Security numbers, or checking/routing numbers in unsecure environments. Educate your employees to the importance of this security.
Technology and procedures.
Review technology and procedures. An essential concept in business is that your IT department should be aligned so that it supports the goals of the business. Develop monthly goals, yearly goals and a five-year plan to document how your IT department will assist the entity reach its goals. Reevaluate processes that have been used for years to determine if it is still the best method to complete a task. Consider a Lean Six Sigma project to determine if there are changes than could be made to increase efficiencies.
IT Audit Help
Do any of these tips resonate with you? If you need help getting started on implementing any of these areas, contact Rea & Associates. Our IT audit professionals can help you determine the steps you need to take to ensure your business secure and up-to-date on its IT compliance.
Author: Joe Welker, CISA (New Philadelphia office)