Growing businesses will at some point consider the possibility of recruiting an internal IT person or team. There are a number of drivers; the growing cost of technology and associated services, the increasing demands of the users, the criticality of the infrastructure and applications and the need for trusted guidance on future technology investments. These drivers are very broad in range and many assume that one person will manage all of them.
This assumption could not be further from reality. When it comes to recruiting an internal IT resource, it’s important to consider the competing expectations from within the business.
The executive will expect:
- Advice to the board on strategic direction for the IT department
- Management and support of complex infrastructure and multiple suppliers
- Accountability for technology performance and security
- 24/7 support of senior users
The various business departments will expect:
- Line of business application support and advice
- Accountability for performance that impacts their department
The users will expect:
- User assurance – general advice and support for user level issues, password changes etc
- Management of printers and peripherals
- Crawling under desks and plugging in cables
The suppliers will expect:
- A skilled buyer
- Decision making
The budget for the resource is often based on efficiencies measured against the existing cost of support and/or the anticipated cost for increased service levels. This in turn determines the level at which the business recruits and leads to a dichotomy. A tech only qualified deal with low level problems will not be happy advising the board. Conversely a strategic head will not be happy crawling under desks. The compromise is to pick the middle ground; an IT manager who can manage the technology and keep most people happy, most of the time. Loved for being at the beck and call of the executive 247 but loathed for not producing the strategic IT plan. Ultimately their brief is too wide to perform successfully.
There is good justification for an internal IT resource in medium and larger businesses; when you cross the 50 user mark it can prove very cost effective. However, before you take the plunge you need to consider, in some detail, a plan to get it right and avoid those frustrations.
Things to think about:
- Set out the expectations of all stakeholders/departments
- Place them into groups that you feel could be reasonably dealt with by one person’s skill set
- Budget and recruit accordingly
- Plan on how you will fill the expectation gaps
There are few things more frustrating than a team member who fails to deliver as expected. You have a great person but they are just not doing what you want them to do. If those expectations are unreasonable then eventually that person will be dismissed for something that was not their fault. Think carefully and test all the assumptions that have taken you to the point of hiring. Then plan to get the right person on the bus and have the right seat available for them.
To discuss this topic in more detail, please get in touch.
Everyone’s heard of Cyber Security. Breaches of security create great headlines, especially when personal information is involved. Cyber crime is the new frontier with the perpetrators seeking information that has a value to be exploited for financial or political gain. The typical reaction is to deploy technology tools to protect against known external and internal threats, or the threats that the Cyber Security sector is telling you about. It’s a great way to sell stuff.
But, is Cyber Security the whole picture? What about Information Security? What’s the difference between the two?
Cyber Security vs. Information Security
Cyber Security focuses on protecting and recovering hardware, networks, devices and applications. It is a technology solution to protect your technology assets.
Information Security, on the other hand, is a more comprehensive approach to protecting your data and assets. It does involve software tools (that’s the cyber piece) but focuses on all the other areas where threats exist. It starts by identifying all of your information assets and considers the confidentiality, availability and integrity of these assets. In addition to the technology assets like network, hardware, applications, databases and devices; information assets include things such as personnel, buildings and office spaces, and suppliers. Each of these can present just as big, if not a bigger risk to your business if not properly considered. These assets may be subject to different threats. Think about paper-based assets, they may contain confidential information. Are they left lying around the office or disposed of without due thought to the risks?
Information Security enables you to consider the risks to all your information assets no matter where they are or what they are being used for. It is an approach that helps determine the right tools or other measures to provide the appropriate protection. You will know where your information assets are and your users will be aware of the threats that could be targeting them or your organisation so that you can put measures in place to reduce the risk.
6 steps to improving your Information Security
ISO 27001 is an Information Security standard. It requires a great deal of effort to achieve certification and it’s not for everyone. There are some steps you can take without embracing the whole thing that will greatly improve your security.
- Identify all of your information assets
- Categorise them
- Assess the risk to each category, remembering confidentiality, integrity and availability
- Apply measures to appropriately protect the assets. This will include Cyber Security tools, policies and procedures
- Make sure all of your staff are aware of the risks and how you are mitigating them
- Periodically review
Cyber Security is a necessary part of our lives and protects our businesses from criminal activity enabled by the internet. But solely relying on Cyber Security tools may leave a chink in your armour. An Information Security approach will help you have a better understanding of your business and identify and patch vulnerabilities you will uncover in the process.
Find out more about Information Security or get in touch with us. Our team are more than happy to answer any of your questions surrounding Cyber Security or Information Security.
We’ve been focusing on managing our client’s IT and technology and have ignored our own website. So we decided it needed a bit of TLC!
We have redesigned it with you, the user at mind and we hope you enjoy the new experience.
Our thoughts behind the website changes
Find what you’re looking for in seconds: We streamlined our menus and ensured our educational collateral, case studies and news articles are easy for you to find.
See our full offering quickly and easily: No one has time to read pages and pages of content to find out what we do, so we’ve created 6 key service pages to display our whole package quickly and clearly. Check out our Information Security Service page that drills down into our Information Security offering.
View the work we’ve done, first-hand: We’ve displayed our case studies for everyone to see, so you can see the ways we’ve transformed businesses just like yours and how the changes have helped them thrive.
Let us answer your questions: We’ve made it easier for you to book a consultation with an experienced Account Manager to answer any questions you have before making a decision.
The future’s bright
We’ll continue to expand our website to include more educational resources and case studies so you can trust and learn from us as your go-to technology advice provider.
Stay connected with us on social media and follow us on LinkedIn or Twitter.
We hope you like our new look and feel, and we’d love to hear what you think! If you have any questions or feedback, please get in touch.