How Often Should Your Business do an IT Assessment?
IT is a broad area with a range of risks and opportunities that you should regularly assess. You’ll need to check you have the right software at the right price, your systems are secure, and your operations are physically safe. Here’s how how often your business should do an IT assessment to make sure you don’t fall behind.
At least once a year, you should review all the software you use, whether free, licensed or bought outright. You need to think about:
- Whether it still meets your needs
- Whether a new edition brings features or improvements you’d find useful
- Whether your licensing needs have changed, for example because you have more employees
This will help you decide whether to renew licenses, upgrade, source alternative software or ditch it altogether.
With security, checklists and basic audits are fine for day-to-day maintenance, but you need an outside consultant for major assessments. They’ll usually offer two distinct services: vulnerability assessments and penetration testing.
Vulnerability testing is effectively an extremely detailed checklist operation to find out whether you are following a wide range of good security practices. Its main task is to find gaps where you aren’t doing something.
Penetration testing is a simulated attack on your systems designed to replicate a real cybercriminal’s tactics. It can uncover gaps not revealed by vulnerability testing. It also gives good insight into which gaps are likely to cause the most problems in practice rather than theory.
A good rule of thumb is to carry out vulnerability assessments at least quarterly and after any major changes to your setup. This should be frequent enough to pick up any bad habits such as staff not performing required security tasks.
Meanwhile, the time and cost of penetration testing mean most companies don’t do it as frequently. You should definitely do it at least once or twice a year to make sure you pick up on ways hackers can exploit newly discovered security flaws or use new and refined techniques.
It’s easy to overlook physical equipment and use in your IT, but you do need to review several points regularly including:
- Electrical safety
- Ergonomics, such as the positioning of chairs and monitors
- Adequate breaks and positioning to avoid employee eye strain
At the minimum, check employment law and other regulations in your jurisdiction and carry out assessments in line with the required schedule. If the rules are looser or don’t exist, check every employee/workstation/desk setup at least every two years. You can make this a rolling assessment rather than try to cover the entire facility in one go.
Hopefully that helps better clarify how often your business should do an IT assessment. If you want to know more about how to assess your security, software, and operations, or you’re looking for an external assessor, we can help. Contact us today, and we’ll talk through your options.