Recently, a business leadership team asked my team to assess their technology infrastructure. They were particularly concerned about security but had also been experiencing some “sluggishness” in their network. The company was due for a technology audit by one of its largest customers, and their Errors and Omissions (E&O) insurance was up for renewal. We recommended a three-phased approach:
- A technical assessment of their network
- An analysis of their physical environment
- Observation of employees and their security awareness
After some clarifications regarding time and money investment, they decided to move forward with the assessment.
When we reported our findings and recommendations, the leadership team was surprised at the number of security vulnerabilities we found and how much of their infrastructure needed replacement and upgrading. Their firewall was almost ten years old, its security services licenses were out of date, and there were several “open doors” for intruders to enter. They had only the very basic antivirus and antimalware services deployed. They had multiple servers with different operating systems, some of which were no longer supported by Microsoft. Their computers were, on average, five years old. Numerous monitors had “sticky notes” with passwords written on them, and several employees reported having received phishing emails but did not know if they should report them or not.
When asked, we reported that the cost of remediation of these issues in preparation for the audit and E&O application was in the $1000s, and the hardware and software refresh would cost multiples of that. The leadership team’s surprise turned into shock.
How could this happen? This was a successful, well-respected company with an engaged leadership team. Like most good businesses, they were focused on getting new customers, fulfilling their needs, and getting paid fairly for it. Along the way, their business had become more complex, and the competitive landscape had changed. They had adapted most of their operations to keep up with these changes, except for their technology. Their technology infrastructure philosophy had remained the same while everything else about their business had changed.
Your information technology infrastructure should be built and maintained to support your business processes. You might visualize this as a stream of activities that involve the flow of information required to find a customer, provide them with a product or service, and get paid for doing so. In most businesses, that information flows through technology, some of it physical. The more of those physical things involved, the higher the likelihood of breakdowns and interruptions or “leaks” in information flow. The answer may not be to add more of these things and the attendant cost of maintaining them. Maybe less or at least different is better.
Maybe now is a good time to revisit your technology philosophy; if you’re unsure, ask your local IT advisor.
Subscribe to Email Updates
About Davis Merrey
Davis, is Owner/CEO of TeamLogic IT of Oklahoma City, part of an international network of franchisees providing IT support for businesses. He brings many years of experience in a variety of technology related industries, leading teams in providing technical solutions that respond to critical customer needs. The company culture is defined by its Mission Statement: “To help our fellow employees and clients be successful”.
Davis earned a BS in Electrical Engineering from the Virginia Military Institute and an MBA in Management from Golden Gate University in San Francisco. He serves on several business related and non-profit boards of directors.