Imagine the state of technology at your firm was evaluated or graded on five “subjects” (i.e., math, chemistry, literature). What would those be? In other words, what high-level benchmarks can a firm look at in order to gain a more accurate understanding of their use of technology?
We define a few key components that comprise what we consider are some of the “mission-critical” elements for technology at any firm: continuity, performance, backup, security, and risk mitigation. These are “macro” indicators – something you can look at in the abstract, rather than have to dig for in reports – which tell you at a high-level how the firm is performing.
Continuity – refers to the stability, reliability, and predictability of IT resources at your firm. When a firm “has” continuity, what we mean is they have redundancy against sudden failure (of services). If you have IT issues that reincarnate every few weeks, or if your Internet connection randomly decides to take a break – you have room for improvement.
Performance – Refers to the speed by which your IT assets operate. Each wasted minute translates to lost revenue. If it takes 15 minutes for Outlook to load, or to reboot your PC, you might need some combination of hardware, software, or services in order for your employees to be able to do their jobs effectively.
Backup – Refers to your firm’s ability to backup not just files, but server system state, databases (i.e., SQL, Microsoft Exchange, etc.), and other critical engineering. If a firm is backing up only files, they have missed the boat. Also considered is the backup schema and schedule: incremental/hourly, daily, weekly, monthly, and quarterly snapshots; offsite rotation; disaster recovery; and other imperatives.
Remember, the value of your backup is 1 part actual data content and 1 part how quickly and easily you can be back up and running should you need it.
Security – Refers to your firm’s physical and cyber security footprint, which are comprised of hardware, software, training and services. Security needs for each firm vary by jurisdiction, compliance requirements, and other variables. A major element of firm security are written policies and documentation, such as WISP, DRP, and BRP. For small firms, two of your best security assets are a properly setup firewall and centralized antivirus. Next is employee training – while nefarious employees represent a relatively low security risk, accidents by employees are likely your biggest exposure. Training can make all the difference.
Risk Mitigation – Refers to your firm’s ability to manage and minimize exposure to risk. Risk can take the form of direct loss of revenue, services/IT downtime, ethical obligations, malpractice claims, loss of reputation, etc. A firm mitigates risk through proper IT and business management, which may include things like management of drive privileges, the non-use of certain cloud services, the isolation and containment of client PII, ex-employee protocols to deny unauthorized access, the elimination of print-to-Excel client reports in a PM software, etc. Risk Mitigation often starts with the simple identification and inventorying of critical data. When was the last time your firm took an ‘inventory’?
So… How does your firm stack up?
Each of these criteria are essentials. Together, they provide the minimum requisite conditions for any successful practice. If you find yourself lacking in one of these areas, or (similarly) if you just don’t know, you could stand to benefit from an evaluation of your systems, a service that usually comes free from your IT partner.