9 Things to Include in Your 2021 Business Technology Plan
2020 was a challenging year and if you’re like a lot of business leaders, you’re happy to turn the calendar to 2021. Whatever your business goals look like for the new year, you need to make sure that you support them with a solid business technology plan.
How you plan for technology will affect your ability to meet your goals, and it will also impact your ability to pivot with changing circumstances. This was a lesson that many organizations learned the hard way as the coronavirus pandemic swept the globe.
While the end of the pandemic might be in sight, there’s still much uncertainty in the air, but that doesn’t mean that you should skip budgeting and planning for 2021. In fact, you should get going on your planning.
There are a few things we can already see coming that will need to be planned and budgeted for in 2021 (if you haven't already taken care of them).
Here are nine initiatives to include in your 2021 technology plan.
Support Your Goals and Avoid Surprises with a Business Technology Plan
1. Optimize Remote Workers for the Long Term
The pandemic has changed attitudes about remote work, and many companies that never thought they would have remote workers are now looking at work-from-home as a long-term arrangement. Whether employees are using corporate or personal devices, data visibility and data integrity are concerns.
If you haven’t done so already, make sure that you have data access policies in place that detail how employees should retrieve and save data. You also need to enable your people to follow policies and keep data visible to IT so that it can be managed and backed up.
That means that policies are taught and enforced, and you provide employees with the technology they need – like VPN access and fast connectivity – to follow your guidelines.
This also brings up the conversation of company-owned and managed devices versus employees using their own computers for work. Many companies had employees use their personal computers out of necessity at the beginning of the pandemic, and it's time to revisit that conversation of mobile device management (MDM).
Are your employees' computers and networks secured to the standard you need? Did you send company-owned computers home with employees? Are they being managed effectively?
Remote working can be great for both your organization and people, but it comes with security risks that you can’t afford to neglect.
2. Comply with NIST and CMMC Cyber Security Regulations
If you're in a government supply chain, then you need to become familiar with NIST or CMMC compliance if you aren't already.
NIST (National Institute of Standards and Technology) is a set of frequently updated guidelines, meant to improve cyber security standards among government contractors.
Even though most of the government's sensitive information is classified, there's still a large chunk of unclassified data that vendors use to meet their contractual obligations. NIST 800-171 compliance not only protects this information but also safeguards your proprietary data.
CMMC (Cybersecurity Maturity Model Certification), on the other hand, may be fairly new but if you have dealings with the Department of Defense (DoD), then you need to be compliant. This certification is valid for three years and verifies your ability to protect unclassified government information.
There are five certification levels that are based on the maturity of your cyber security practices. You must maintain at least a Level 1 certification to continue working with the DoD and it’s assumed that you will be proactive at increasing your maturity level.
The compliance standards can be complex, but what it really comes down to are good cyber security and data hygiene practices. When we perform a NIST gap analysis or a CMMC audit readiness assessment, our managed IT services clients typically already meet 70-80% of the technical control policies since they're part of our recommended standard practices. Not all of the controls are technical, so there can still be quite a bit of work to be done to meet compliance in many cases.
Learn more about NIST compliance here: https://www.nist.gov/cyberframework
Learn more about CMMC compliance here: https://www.acq.osd.mil/cmmc/
3. Secure Your Network with Endpoint Detection & Response (EDR)
The coronavirus has accelerated cyber attacks, and according to BitDefender, 60% of May and June emails in 2020 were fraudulent. 2021 may not be any better, so you need to have a vigilant cyber defense.
Basic firewalls and filters are no longer enough to defend against attackers that are using Artificial Intelligence (AI) to make their attacks faster and more targeted. The only way to fight AI is with AI, so you need advanced security tools that include Endpoint Detection and Response (EDR) capabilities.
EDR uses AI to determine normal traffic patterns on your servers. When suspicious activity is detected, it stops it from infiltrating your network.
For example, if one of your employees' computers is accidentally infected with malware, the EDR system will notice the file that doesn't fit the pattern of the rest of them and will block that threat from doing any damage. This is a security layer that catches attacks that anti-virus and other security layers can miss.
We put in as many of the right layers as we can to prevent attacks from happening in the first place. But security is an uphill battle with cyber criminals working just as hard to break through those layers. That's why also focusing on detecting threats is critical too.
4. Replace Your Toshiba Phone System
The phaseout of Toshiba phone systems began in 2018 and is set to end on October 31, 2021. It might be tempting to put off making a decision to replace your Toshiba phone system until later in the year, but you should start your planning now. A phone system replacement project can easily take 30-90 days or longer depending on availability of equipment and IT support resources.
If you’re thinking that you’ll be just fine using your Toshiba phones even after support ends, you’ll be setting yourself up for future problems. When your phone system fails (and eventually, it will) after the support date, you'll be in a forced-replacement situation. Nobody likes making major decisions under duress.
Also, sales of additional licenses have already stopped, and if you’re a growing organization, that could pose a big problem.
Updating your phone system can expand your communication options and empower collaboration. Think of a new phone system as a way to enhance communication and boost your employee's productivity.
5. Replace Microsoft SQL 2008
The end-of-life deadline of Microsoft SQL 2008 has already passed, but many companies are still using it for their ERP software. Make sure you replace it in 2021 because running unsupported software is a security risk.
When software is unsupported, you no longer have access to security updates, which puts your data at risk and makes you an easy target for cyber criminals. Running on outdated software also puts you out of compliance, and you may end up accruing penalties and fines.
Some factors you should consider when upgrading or replacing this software include your businesses' needs, application architecture, and the new system's infrastructure.
6. Enable Multi-factor Authentication (MFA)
The Verizon Data Breach Investigations Report revealed that 81% of all data breaches were a result of weak or lost passwords. Cyber criminals may be crafty, but multi-factor authentication can stop a lot of hacks in their tracks.
You may not want to admit this, but humans are the weakest link when it comes to cyber security. This is why cyber criminals continue to use social engineering to get people to divulge their usernames and passwords.
Multi-factor authentication (MFA) requires you to verify your identity multiple times before you can access a system. For example, logging in to your email requires you to authenticate your identity using a one-time code or push notification, in addition to your regular login details.
MFA works because the authenticator can’t be replicated by the hacker. In fact, if you have MFA available but you don’t use it, a hacker may enable it after taking control of your account and then it will be a lot more difficult, if not impossible, to take back control.
7. Replace your WatchGuard XTM Firewalls
WatchGuard's XTM line of firewalls are in the process of being phased out. As with any out-of-support software or hardware, you’ll be more vulnerable to a cyber attack if you continue to use an XTM firewall.
Even if the hardware is still working, upgrading your firewall is recommended. Newer models have advanced capabilities like EDR that are essential to counteract sophisticated cyber intrusions.
Which firewall should you upgrade to? A managed firewall is the best option. Instead of buying the hardware, you lease it, which means it can scale to your needs and replacement costs aren't on you. Once it's no longer usable, you can automatically swap it out for a new one.
8. Conduct a Third-party Cyber Security Assessment
Cyber attacks are increasing, and every organization is a target. Prevention is a lot less painful than dealing with the impact of an attack, so you need to know if there are holes in your network and how cyber criminals can exploit them.
Not only do you need to identify vulnerabilities, but you also need to be prepared to respond to a cyber incident if and when one happens.
A third-party security assessment will give you an independent appraisal of your cyber security status. They are experienced professionals who know exactly what to look for and the best measures you should take to mitigate vulnerabilities that your IT team may have missed.
9. Cultivate Cyber Security Responsibility
Your company data is the backbone of your business, and if it were to be compromised, the impact would be huge. That’s why every employee needs to understand that security is a shared responsibility.
Employees will take security seriously when they are educated about the value of company data, the potential impact of a cyber attack, and methods that they can use to recognize and respond to a potential attack. The attitude that management has about security will greatly affect whether employees view cyber security as something that’s enforced or something that they’re responsible for.
Help employees understand your security expectations by training them to follow security policies that detail how data is controlled. Make them savvy digital citizens by educating them about cyber criminal tactics with Cyber Security Awareness Training.
IT Guidance for Creating Your Business Technology Plan
At Accent, we provide our clients with the IT guidance they need to create a business technology plan that supports organizational goals, and manages the risk of cyber attack.