Setting an IT Security Strategy Roadmap: IT Strategy Consulting

Been thinking about your IT security risk management strategy a lot lately? We hear you. With so much remote work going on right now, and considering the ever-increasing rate of cybercrime, you may have found yourself wondering, “Will my current business security strategy protect my company?” 

Or perhaps you read that last line and thought, “Wait, was I supposed to have a business security strategy?” (Oops.) 

Whether you’re unsure about how protected your business is, or you’re pretty sure you’re, uh, not-so-protected, there’s no time like the present to set about fixing that. 

Here’s how you can set up an IT security strategy roadmap that makes sense for your organization. 

First Off, What Is an IT Security Strategy Roadmap? 

As the leader of a small to midsized business, you’re probably sick of all the enterprise-specific, jargon-filled nonsense that passes for corporate-speak these days. Mix that terrible corporate-speak with impenetrable tech-speak… and you’ve got a recipe for disaster. (Or, at the very least, you’ve got a recipe for brain shut-down, which can be just as bad when you’re trying to run a company.) 

So, let’s take a second and break down this “IT security strategy roadmap” term into something more manageable. 

If cybersecurity planning were a road trip, your IT security strategy roadmap would be the map you make that gets you from Point A (where you’re at now) to Point B (where you want to end up), without hitting obstacles** along the way. 

**Obstacles on a road trip would be things like ridiculous tolls, construction delays from the Seattle Squeeze, backroads that slow you down to 25 mph, or long lines for the ferry that make you rethink your plans to visit Whidbey for the day. Obstacles for your cybersecurity plans would be things like ransomware attacks, data breaches, corrupted data files, crashed PowerPoints during an important presentation, accidentally deleted files, or dropping your laptop in Puget Sound because you were on said ferry to Whidbey. 

Isn’t that nice? We defined a business IT term without a single word of jargon. Our promise to you is that we’ll get through the rest of this explanation without saying jargon-y things like “agile,” “meet business objectives,” or “maximizing ROI.” (Though, if you like, you can imagine that we said all that and you’ll get the gist of the many benefits that IT security planning gets you.)

Heads up: We will say “cyber” a lot, because, as cybersecurity professionals, we really like that word. (wink)

What Does an IT Security Strategy Look Like?

If you ask any good Managed IT Services Provider (MSP) to outline the best cybersecurity strategies for small to medium-sized businesses, every good MSP would agree that adequate IT security plans must include: 

Basic cybersecurity practices

This is the stuff you already know about and have known about for years. Heck, Matthew Broderick in WarGames knew about this stuff! We’re talking:

  • Secure, unique, hard-to-crack passwords with multifactor authentication
  • Antivirus that you keep up to date
  • Patching and updates, made easy with patch management
  • Backups (we suggest a business continuity solution to make this simple)
  • Firewalls that keep the cybercriminals out

Missing any of these basics in your IT security strategy? Add those items to Point B (where you want to be) and talk to an expert to start planning how you can get to this basic level of cybersecurity as soon as possible.

A cyber aware workforce

“Phishing,” which is what it’s called when malicious hackers trick you or your employees into giving them login credentials or other sensitive information, is a huge problem for IT security. 

Unfortunately, Seattle businesses are pretty bad at protecting themselves against phishing, but never fear! If you can determine how “phish prone” you are (how likely you are to be phished), then you can start training your employees to identify and avoid phishing attacks. That lowers your phish-prone percentage. 

Not sure if you or your staff could identify and avoid a truly sophisticated phishing attack? Add phishing training to your Point B. 

Clear knowledge of what tech you have

You’re a Seattleite. You’re high tech. We get you – we’re Seattleites too, so we know how awesome being high tech is… except when it comes to that mountain of old, out-of-date tech you have in your office closet, most of which contains sensitive business data. 

Truthfully, that stuff is only a minor worry for cybersecurity (after all, no one is turning it on – and good luck finding chargers for it!). What’s more of a worry is that your employees are high-tech as well, so a lot of them are using IoT devices like Fitbits, which connect to your networks. If unsecured, these items could be leaking data from your networks

And then there’s your former marketing intern’s iPhone, which may or may not have a lot of client spreadsheets lurking on it… you just don’t know. You also don’t know if that phone has been hacked or stolen since she left your office. 

For these situations, having an IT asset management system can help. The purpose of IT asset management — which is when you know what tech accesses your data and what the security status is of said tech — is to ensure that your sensitive business data stays safe. 

If you don’t know what tech is accessing your office networks, you can’t really tell if you’ve lost critical data. So, if you don’t have an accurate, up-to-date list of all your tech assets, including where they are, and who has them, you’ll want to add IT asset management services and mobile device management to your IT security strategy’s Point B. 

Understanding of where your vulnerabilities lie

One of the most incredible and awesome MSPs in the universe (if we do say so ourselves) created a handy, DIY network security health checkup checklist that helps you figure out where you’re strong in cybersecurity, and where you’re not so strong

If you run across items on that list that leave you scratching your head, you may want to consider a full network vulnerability scan, which analyzes your network in-depth and provides you with a report that shows all the things you’re doing well on and all the gaps you’ll want to close. 

Clearly, Point B on your map would be to have this done and have all those gaps sealed, so mark that on your map if you haven’t done a vulnerability scan or if you still have cybersecurity gaps. 

An opinion on what you like and don’t like about your current setup

Crafting a good IT security strategy roadmap isn’t solely about protecting your networks and data, it’s also about making sure you have the business tools you want and need. And, of course, making sure those tools are secure at all times. 

If you have business tech issues that make you gnash your teeth and tug your hair during your workday (you know what we’re talking about), you should have a plan in place to get rid of those problems. Surprisingly, it’s most likely easier and more affordable than you think to fix these issues, and a CIO On-Demand can often help you identify and solve these problems. 

On your map, you’ll definitely want to get rid of those problems by the time you reach Point B. 

That’s it. Those five, easy-to-understand things are all you need to craft a great IT security strategy roadmap. 

Well… almost

Once you’ve listed your Point A and Point B on your map, you’ll need a plan to get from one point to the other – and that’s where we come in. 

Get Your IT Security Strategy Roadmap Underway Today with Interplay

For nearly 20 years, the friendly, fun, humorous, and downright-awesome team of IT experts at Interplay has been helping Seattle organizations (like yours!) create reasonable IT security strategy roadmaps that make sense no matter how large your business or budget is. 

When you’re ready for some help planning your IT security strategy or creating the roadmap that gets you from Point A to Point B without running into obstacles along the way, we’re here to help. 

And, we promise, we won’t use any jargon when we’re working with you. We’re always this clear and thorough in our communication, all the time. 

Learn more about Interplay’s IT Strategy Consulting services.