IT Checklists for SMBs: Part 1

Jul 11, 2023 | cybersecurity

IT checklists are a great way to analyze, understand and take the necessary steps to meet your organization’s requirements. Here we discuss a couple of important checklists for hardware and software as well as cybersecurity. Both are foundational to any solid IT management plan.

When creating a checklist for hardware and software purchase, use, and installation, consider the following:

  • How do you determine what hardware or software is needed?
    • New staff
    • Aging hardware that under performs
    • Software approaching end of support
    • Is there a process for ensuring users with the most demanding tasks get the tools they need while tools that might not perform as optimally can be utilized for less demanding roles?
  • What about installation?
    • Who will be responsible?
    • Is the process standardized? Documented? Is support available if difficulties are encountered?
    • Incorrect installation can end up resulting in loss of time and productivity as well as additional cost.
  • What is the process for the procurement of new hardware and software?
    • Do you have regular vendors who you approach or do you start looking for a suitable one once the requirement arises?
    • How do you vet vendors?
  • Are there compatibility issues with existing hardware and software as you bring on new hardware and software.
  • What about updates, security patches, and upgrades? Who will be responsible for them and how often?
  • Who is responsible for software installation for new user setups and equipment changes after the initial project is completed?
    • Have procedures, configurations and support contacts been documented for this person if different from the original project?
    • Documenting is always recommended to ensure smooth transitions should someone leave the organization for any reason.

Cybersecurity training can help reduce incidences of cybersecurity breach due to a lapse of judgment from your employees. Here are some points that your cybersecurity checklist should cover.

  • Create and implement a password policy that you want your staff to adhere to.
    • Cover complexity requirements, acceptable passwords, password sharing, reuse, password update rules.
  • When someone quits your organization or no longer works in the same role, how is the access issue addressed?
    • Spell out the rules and regulations regarding the removal of a user from the network and various services, changing passwords, limiting access, etc.
    • Along the same lines, also cover new user orientation into the corporate network.
  • Include policies for data sharing:
    • Which data can be shared, where and by whom
    • Who has access, the level of data access rights
    • Policies should be clear enough so that the bulk of assignments would be obvious: HR has access to data that Accounting may not and vice versa. However, there may be places where permissions overlap. Consider org charts and Venn diagrams. Keep lists of special permissions.
  • Spell out the plan of action to be taken in the event of a cybersecurity breach.
    • Whom to contact: internal teams, legal counsel, insurers
    • How to quarantine the affected systems
    • What steps are to be taken from the legal perspective (disclosure of the breach, data security violation penalties, and so on…)
    • Post event debrief: What was the source of the breach? How similar events be prevented in the future? Were any other vulnerabilities exposed and in need of attention?
  • Your cybersecurity checklist should cover physical as well as digital aspects of IT security.
    • Establish rules and regulations for physical access to data: Passes, locks and other physical barriers. Don’t forget the simple aspect of visibility! Keep screens protected from unauthorized view using privacy screens if necessary.
    • Log check outs, transfers and access.
    • Establish protocols for electronic data transfer (from one location to another) as well as physical on removable media or portable devices.
    • Enable encryption where possible so data intercepted is less likely to be useful.

Interested in learning more? Contact us or watch for our next blog that offers pointers on security training, data backup and BYOD checklists.

Essential Tech Solutions logo

207-608-8900

Mon - Fri: 9 AM- 5 PM
By appointment
Sat- Sun: Closed