SCT Consulting – IT Building

Make sure that the equipment you buy is suitable for a business network environment. Not all equipment suitable for home use will run on a business network.

Make sure that new equipment has an appropriate warranty – while not always good value, extended warranties can reduce the impact on your business if equipment does break unexpectedly.

If you don't have an onsite IT professional, when you buy new equipment consider arranging for the vendor to install it. While it may cost a little, it may be cheaper than having your staff fumbling at a task that is not their area of expertise.

To reduce complexity, consider limiting your purchases to a few brands and types of equipment that you trust and are familiar with. Try to have a common operating system (e.g. Windows 10) on all computers to make maintenance easier.

Make sure that new drivers (e.g. printer drivers) are installed when you buy new equipment. Even if the new equipment seems to work with the old drivers, make sure that everyone is using the same drivers for the same equipment.

You have decided what customizations are appropriate for your business and decided, in general terms, how they will be created. Consider whether it is appropriate to let the in-house "power user" have a week or two to work on those customizations themselves and when you will call in an expert.

You have clear and exclusive rights to the intellectual property of software developed by third party contractors where that software is key to your business.

Before customizing software and "building your own", you ask a mentor to be sure that you really need this customization as you know that software customizations are often more expensive and take longer than initially thought and can quickly be outdated.

If you have an IT professional in-house, you have discussed how software is to be deployed and set up.

If you do not have an IT professional in-house, you have established a working relationship with a professional who can guide you in deploying and setting up software.

You have a firm understanding within the business of when tasks will be done in-house and when you will call in outside help.

Your subscription software (e.g. Microsoft 365, Adobe) is automatically downloaded and kept up-to-date.

Software is only installed from a trusted source or from the original shrink-wrapped products. Block, uninstall or at least limit the use of Flash, Java and Microsoft Office macros where possible as such insecure software is a frequent source of cyber security vulnerabilities.

You have considered and decided on a policy for installing security patches. For example, you may decide to install all security patches as soon as they are made available. Or, if your line of business or back office systems are old, uncommon or heavily customized, you may have a policy of testing each security patch against your software to ensure that it will still work properly.

You have allocated responsibility to one person for downloading, assessing (if necessary) and deploying security patches for the operating system and applications (line of business applications, back office systems and desktop applications).

Your desktop computers auto-update to implement patches that are provided by the operating system developer.

You have a process in place (perhaps a routine security audit by an external person) to check that security patches are being deployed appropriately.

Consider application whitelisting so only authorized software applications run on your computer.

You have allocated responsibility to someone to keep a list of what software is installed on every machine, with what licence to ensure that the business is complying with the licence agreements and is protecting the business assets.

You have allocated responsibility to someone to keep a list of what domain names and web hosting arrangements you have, with expiry dates. You have a system in place to remind you of when to renew domain names (you should renew them about three months in advance of the deadline).

You have allocated responsibility to someone for maintaining a list of all service contracts. Only one person is permitted to call a vendor for service.

You have allocated responsibility to someone for maintaining all usernames and passwords for the online services your business uses in a password protected database that you can access from any PC with internet access in the case of disasters.