9 Mistakes to Avoid When Building Your IT Strategy
BY TOM ANDRULIS
PRESIDENT, INTELLIGENT TECHNICAL SOLUTIONS
In today's highly connected construction industry, you need the ability to share digital assets with other parties quickly and securely. A solid IT strategy helps keep those assets safe from ransomware, hackers, viruses and other threats. But you could be putting your digital assets at risk if you're making one or more of these common mistakes.
1. NOT HAVING A SECURITY POLICY
In 2016, one of the largest construction management firms in the U.S. fell victim to a data breach that released employee names and Social Security numbers, exposing 566 employees to fraud.
Even a single infected PC in your organization can give hackers access to sensitive data, creating a serious liability risk. Your best defense depends on building a comprehensive security policy that covers software updates, employee training, Wi-Fi security and other IT safeguards.
2. NOT HAVING A USER POLICY
How often are user accounts being checked in your company? Failing to remove former employees from the system is one of the most common security mistakes. Typically, a small construction firm with 10 to 15 employees may accumulate 100 or more users in their system over a few years, simply because no one has taken the time to delete inactive users. Each of those unused accounts gives hackers an opportunity to break into the system. Unused accounts should be removed on a regular basis.
3. NOT HAVING A BACKUP
Disaster recovery is another area where business owners in the construction industry often let things fall through the cracks. Simply having a backup in place is not enough. Your backup also needs to be maintained and tested on a regular basis to ensure that it's up-to-date and ready to go if needed in an emergency.
4. NOT HAVING AN ACCEPTABLE USE POLICY
A company needs to establish clear rules on computer and network usage. Without an acceptable use policy, employers and employees can disagree on what constitutes inappropriate use, leaving the company vulnerable to security breaches and lawsuits.
5. NOT HAVING A PASSWORD POLICY
In a list of more than two million stolen passwords for accounts on Google, Facebook and Yahoo, the most common password was "123456." Don't allow weak passwords to put your company at risk. Instead, establish a password policy. It is recommended to make passwords complex, at least eight characters long, and changing them every 90 days.
6. NOT HAVING AN ACCESS POLICY
Can your team members access the company system or email after business hours? For managers who don't earn overtime, that may not be an issue. But if an hourly employee answers emails in the evening or on the weekend, that could put your company on the hook for overtime pay. Make sure your strategy spells out the specific time frames and circumstances when team members are allowed to use business assets.
7. NOT HAVING AN ASSET STRATEGY
Every business needs a strategy for tracking and replacing IT assets on a timely basis. Some companies replace their IT assets every five years. Others will require replacement after only three years. What does the replacement cycle look like for your business? Don't leave it up to chance. Make it a written part of your strategy.
8. NOT HAVING A FINANCIAL STRATEGY
Budgeting for IT costs should also be included in your strategy. If your company already has an app or decides to create a new one, for example, that can generate unexpected development costs. Getting an app off the ground and completed is only part of the process. You also need to factor in the ongoing cost of maintaining and updating the app.
9. NOT COORDINATING WITH THE ENTIRE COMPANY
The worst mistake your company can make when building an IT strategy is keeping it in the IT silo. Instead, collaborate with leadership in every department of your company. Gather feedback on what they want to see (or want to avoid) in the new strategy. Foster open communication and discussion about what is acceptable and unacceptable. That lays the groundwork for your entire strategy.
A good IT strategy isn't created in a vacuum. Everyone in your company who interacts with technology needs a chance to provide feedback to the IT manager about what they believe the policies should look like. That inclusiveness generates positive attitudes, fosters open communication and creates the buy-in that your IT strategy needs to succeed.
Open communication is key to an effective IT strategy. It isn't enough to simply present the rules and expect everyone to follow them. Showing team members why these rules exist and what risks they avoid, creates an opportunity for dialogue that reduces tension and leads to greater compliance.
HOW DO YOU AVOID THESE IT STRATEGY MISTAKES?
To be effective, your IT strategy needs to be closely aligned with your overall business strategy. That requires taking a critical look at every facet of your business and how it interacts with technology. Remember, the purpose of your IT strategy is to minimize unnecessary risks, and that makes it a valuable part of your business. In the construction industry, where digital assets need to be shared securely between multiple parties, a solid IT strategy is essential. Take the time to create a custom IT strategy that protects your business now and in the future.
Tom Andrulis is the president of Intelligent Technical Solutions, which helps businesses across Nevada and California thrive by managing their networks, cloud services, phone systems, and Internet connections. To learn more about Intelligent Technical Solutions and their services, please call 702-903-1387 or visit https://www.itsasap.com/.
The Associated General Contractors of America
http://www.acg.org/