If you are like most leaders I know, your time is one of your most valuable assets. Taking time to think about your computer system may only happen rarely or if there are problems. As a leader, I’ve found that one of my most powerful time saving tools is to ask proactive questions of my staff. The answers provide insight into what is going right, and what needs improvement. I’ve put together a quick hit list of questions to help you be proactive, and ask the right questions to avoid problems, wastes of time, and productivity drains on your organization in 2015. There are many more, but these should provide a nice starting point to get the conversation going in the right direction.
1. What is your cloud strategy? As a leader, can you succinctly articulate it? Most organizations aren’t ready for a complete migration to either a Public or Private Cloud, but you should have a strategy that maps out your plan for leveraging the cloud over the next few years. Perhaps you start with one aspect of your network, such as email, and then systematically move other applications and services to cloud based platforms.
2. When was the last time you actually did a restore from your backup? If your office is shut down for a few days or weeks, or a critical component fails or data is destroyed, how would you keep functioning? How long (realistically) will it take to get you back in business? Can your team work from home if power is off at the office? Where are the backups actually kept, and who has access to them both(physically and logically?
3. How are you protected against the new wave of self-mutating viruses and ransomware? It became very evident in 2014 that traditional firewalls do not provide protection against viruses that can spawn thousands of variants in a day, and even the best anti-virus offers incomplete protection. Don’t find yourself in a situation where you are at the mercy of an Eastern European extortion scheme that is costly in terms of downtime, potential data loss, and compromise of confidential information.
4. If you had to produce documentation of licensing for every copy of Microsoft Office and every server and Client License in use, could you do it? Microsoft, Adobe, Symantec, and other software companies are very serious about enforcing software licensing. Saying “I thought it came with the PC” won’t help. In addition to the expense of getting in compliance, software firms will require historical records so they can figure out how much is owed from previous years, and then there are the fines and penalties. We’ve seen a dramatic increase in the number of these type of audits over the past year.
5. Do you know who within your organization has rights to information on your network? Who can see that HR spreadsheet that lists everyone’s salary? What about employee reviews? Hint – if they are backed up every night, then more people than you think probably have rights.
6. How would you know if something were about to go wrong or had already gone wrong on one of your critical devices? I don’t know how many times I’ve walked into a server room and seen a red light on a hard drive indicating it was either failed or had already failed, and the system was running on a spare drive. Most devices have an amazing ability to provide information that gives insight into their health, how are you leveraging that ability?
7. If a laptop or mobile device was lost or stolen, would you worry about what information was on it? What data would be on it? Could you absolutely be certain the data could not be accessed or used?
8. Do any of your employees use file sharing or backup services such as Dropbox, Carbonite, Crashplan, or Google docs? Do you have access to this account? How do you control what they share with the world? Would it be possible for an employee to copy key documents from your network for use after they left your team?
9. How do you know that all of the devices on your network are patched, have the latest anti-virus, and are virus/malware free? Your network is only as strong as the weakest link. With more and more employees bringing their own device to work, you don’t want to let the virus that someone got from home cause a disruption to your business.
10. Do you have formal policies in place, and has everyone in your firm been trained on them and has this training been documented? Remember, it’s tough to hold someone accountable for something you didn’t tell them they couldn’t do. Some networks can combine all of these into a single policy, others will need separate and distinct policies.
- Acceptable Use – What they can and can’t do on the network
- Mobile Device – What type of device can be used and how
- Internet Access – What they can and can’t do on the Internet
- Email and Communications – How email and communications tools can be used, how electronic communications are archived for future reference
- Network Security – How the network is secured logically and physically from threats
- Remote Access – How the network can be accessed remotely, by what devices and where
- Media Destruction -Destruction of old hard drives, disks, and mobile devices containing data handled