How to Prioritize Your Technology Gaps

A technology audit can help you to better understand and identify gaps in your organization's security, compliance, and backups. A thorough technology audit will assist you in answering the following important questions:

·        Is your current IT infrastructure lacking in any serious areas?

·        Are there any unneeded tools or processes that do not align with your company’s current goals and vision?

·        Are you compliant with applicable regulations, prepared to defend against security threats and able to restore business capabilities in the event of a major outage or data breach?

·        What steps can you take to address the discovered vulnerabilities?

Without an IT background, the results of a technology audit can be quite confusing. You might be perplexed by the number of items that need to be refreshed or replaced, and you might be lost as to where to begin. Prioritization and “the stoplight approach” are typically useful in this situation. Having a managed service provider on your team will allow you to seamlessly audit and fix these IT issues.

The Stoplight Approach

The stoplight method is an easy way of categorizing gaps or vulnerabilities into red, yellow and green groups, based on their seriousness.

RED: Address the greatest risks and vulnerabilities first!

Always have a clear idea of what to prioritize in order to prevent and deal with mishaps. Since most organizations cannot address all their problems at once, it’s important to focus the majority of your attention and resources on the most pressing issues first.

Any tech refresh must prioritize remediating the most serious infrastructure risks. For example, if your organization is dealing with a ransomware attack, updating or upgrading Microsoft 365 is a much lower priority.

High-priority vulnerabilities that must be classified as RED include:

·        Backups which do not work

·        Unauthorized users inside the network, including ex-employees or 3rd parties

·        Login attempts and successful logins by users identified as former employees or 3rd parties

·        Unsecured remote connectivity

·        Undocumented operating procedures

Yellow: Focus on gaps that aren’t as urgent.

There will be gaps in your infrastructure that must be kept under close eye, but can wait until the most crucial issues get resolved first. Although leaving these medium-priority gaps may be acceptable short term, be sure to consider them when planning and budgeting for future tech and office updates.

The following risks and vulnerabilities fall into the YELLOW category and are considered medium severity:

·        Insufficient MFA/2FA (authentication)

·        Automated patching system failure

·        Outdated antivirus software

·        Failure to enable account lockout for some endpoints

Green: If your budget allows, address these non-critical suggestions.

These are considered the lowest-priority vulnerabilities. You should implement measures to close them gradually after fixing the high-and medium-priority issues first.

The following are some of the gaps that fall into the GREEN category:

·        Accounts with passwords set to "never expire"

·        Computers with operating systems nearing the end of their extended support period

·        Persistent issues with on-premises syncing

·        More administrative access than is required to perform essential duties

Importance of Prioritizing Gaps

If you prioritize gaps and close them systematically based on severity, you won't have to worry if money is spent unnecessarily on a less critical issue. Simply put, prioritization is your budget’s best advantage.

Furthermore, you can maintain uptime by prioritizing gaps before refreshing your IT infrastructure because not all components will be down at the same time. This also prevents productivity and customer service from being jeopardized.

Unsure where to start? A managed service provider (MSP) like Tekie Geek can help you prioritize your company’s technology gaps so you can get the most out of your technology investment while also ensuring uptime and productivity. Contact us for a free consultation!

‍