IT outsourcing – minimising the risks

There can be significant benefits to outsourcing IT, and by using technology like Cloud computing, more smaller companies are now able to outsource their IT services and software. It’s is cheaper and more flexible as you Pay As You Go, however, as with all new technologies this has to be balanced by the need to protect confidential information.

An external IT provider is an extension of your business and you need to put in place the same controls that you would have if you did it in-house. Your company is still responsible for all company information even when it is handled externally. However companies manage IT they need to work closely with their suppliers and have confidence in them. The following tips are worth considering before you outsource your IT function:

1.)  Have a company IT security policy

Most IT system failures could have been foreseen and prevented but that will only happen if your company has a robust IT policy. It should be a set of guidelines that all staff understand and buy into at every level of the business. It doesn’t need to be “War and Peace” as nobody will read or use it so make it concise, a couple of pages are sufficient.

2.)  Know what your business critical systems are

You need to identify the IT systems that are crucial to your business so you ensure you are able to retrieve critical information in an emergency. Understand the critical data that you need to keep operating, that you couldn’t do without, should a disaster happen. This can cover anything from accountancy software packages, through to contact details for staff and suppliers. This critical data needs to be stored in a central location that can be accessed quickly, there’s no point holding it on a server or USB disk if no-one can get to this in an emergency.

3. ) Keep your eyes and ears open

Stay abreast of what’s happening in the IT world, particularly any news about recent virus attacks and threats, and on that basis make sure you’re aware of what’s happening in your own organisation and amongst your employees.  With everyone now having mobile communications, staff may be carrying confidential company data, such as emails or contact details on a smartphone in their pocket.

4.) Be aware of potential risks

The obvious risks are:

  • Hardware failure or damage from flood, fire and theft;
  • Software corruption;
  • External hacking;
  • Employees – either accidentally or deliberately.

Your company’s reputation could be damaged by inappropriate employee emails or social media comments, and under the new Digital Economy Act you could find your internet services suspended if someone uses your equipment to illegally download material. With more people now working from home it’s essential that all computers wherever they are based have the same IT safeguards in place as a work computer. Even systems designed to secure information can be vulnerable to security lapses, for example, passwords are often written down and left in unsafe places. Employees out on the road often carry highly confidential information on their laptops which can easily be lost or misplaced.

5. ) Plan how you would recover lost data

The key question to ask is “How long will recovery take so we can get our business up and running again?” Plan for all potential emergency situations and consider different options for backing up your critical system data. The choices would be:

  • In the Cloud
  • USB stick – kept off site
  • Portable hard drive – kept offsite
  • Separate sever – kept offsite

There will always be the odd circumstance that was genuinely unforseen but most IT data breaches are down to lack of controls and security discipline. By putting in place even the basics you will dramatically reduce your company’s exposure to IT loss or corruption.

 

 

Share |

Back to top