IT NETWORK SECURITY BAY AREA: The Impact of Poor Network Documentation
Tell me if you have heard this story before: The long time IT administrator for your company just gave you notice they are leaving. After the shock subsides, then the fun begins with you having to identify and hire a replacement IT Administrator or an IT company. If you are lucky, there is a transition period and some sort of supporting documentation to help you during this process. Unfortunately for many companies this is often not the case and you are left to pick up the pieces while asking yourself, how could this happen?
Most businesses executives will tell you that having strong documentation of their network and IT assets would be considered important to them. Likewise, most IT Consultants and Engineers will tell you that having reliable and up to date documentation is critical for them to be able to effectively support your network. In reality, spending time on network documentation too often falls at the bottom of your IT Administrators priority list. Day to day administration, troubleshooting issues and projects are all key to maintaining your network during normal functionality, but typically take 100% percent of your IT resources time. Meanwhile, the speed in which you can get a new person trained, or worse, being able to recover from a network disaster like a ransomware infection is severely compromised because of a lack of planning and documentation.
So now you ask yourself. How do I know if my network is exposed? What are the next steps I need to take to make sure my IT Infrastructure is well documented? The following steps can help you get to your goal and to gain piece of mind:
- Make network documentation a priority. If you do not have the internal resources, partner with a trusted IT company with experience in network documentation and network security planning to assist. The extra money spent now will be save you later when disaster strikes.
- Identify to what level your network security and IT resources are currently documented. Never assume that your IT consultant has it covered. Ask to see all network documentation and plans.
- Create or update your documentation to include the following:
- Daily weekly, monthly, yearly procedure and checklists to maintain the health of your network. This should include such things as a fully diagramed visualization of your network on boarding and off boarding of new and ex-employees.
- Important policies like company email/internet use and social engineering policies to help protect against malware and phishing threats
- Develop a verifiable Disaster Recovery plan. This plan needs to include complete steps on how to recover from any disaster, including which IT services to restore first, vendor contacts and an escalation matrix. The plan should be tested once a year to make sure it is still viable.
- Leverage the use of a network documentation/planning software. There many software solutions available, including some free that can help you keep your network documentation organized. Ideally this software should also include hardware and software asset management.
- Keep it up to date. Network Security documentation and a Disaster Recovery Plan is only useful if it is up to date and accurate. Plan quarterly checks to make sure you are protected.
Even though it may seem like a low priority at the time, remember that by being proactive with your network documentation ultimately leads to higher productivity. Especially when that next disaster hits or your IT admin decides to walk and take their knowledge of your IT Infrastructure with them.
Matt Powers, Vice President of Sales