In the IT industry, there are always new projects and upgrades coming, plus new concerns and trends. What should you consider implementing in 2020? Here are our tips for what to keep in mind when managing your cybersecurity risks and planning for the future.
#1 Is your Windows Software wanted dead or alive?
Are you still running Windows 7 and/or Windows Server 2008? Are you on Windows 8, but not yet ready to step up to Windows 10 and the latest updates? Remember that both Windows 7 and Server 2008 hit end of life in January 2020. Windows 8 reached end of mainstream support in January 2018, and it will hit end of life in 2023.
Now is the time to upgrade your last PCs and servers running outdated software. Continuing to operate end of life software is dangerous and exposes you and your business to real risks. But it is also time to think ahead to your hardware and software lifecycle scheduling for future end of support dates. Will your current PCs be able to handle upgrades to Windows 10 now, or over the next few years? Will you need to replace them in addition to upgrading the software?
Does other third-party software need to be upgraded accordingly? Many software manufacturers keep pace with Microsoft’s lifecycle. Make sure that your business applications are staying up-to-date to ensure continued security and systems compatibility.
Lifecyle refreshes related to Microsoft’s end of life deadlines are always a huge consideration, but implementing a technology refresh cycle for your equipment will help keep you on top of the upgrades. Additionally, scheduling refreshes and new machines will keep this important step in your budget each year – no surprises needed here.
#2 Time to incorporate 2FA/MFA into your security defense
Earlier this year, Microsoft began to require that certain accounts, like Cloud Solution Providers, use multi-factor authentication (MFA). For many who didn’t see this coming, it was a last-minute rush to convert accounts and train users. Multi-factor authentication (also known as two-factor authentication) will become increasingly common for cloud-based software and services. It’s also being used for high-security user accounts, like common administrator accounts or executives with access to sensitive information.
Consider implementing MFA now, where you can, to stay ahead of the game. And don’t forget to train your users on what MFA is, how to use it, and how to get comfortable with various authentication methods.
#3 Security Awareness Training for Everyone
The time has come for proper security education for your users: No one can afford to ignore this important step in security defense now. As we have seen time after time, devastating ransomware attacks and malicious infections are often caused by a single person clicking on a link they shouldn’t have.
In 2020, consider implementing security awareness training and ongoing education for your staff that emphasizes being security aware and the ability to recognize suspicious activity and malicious threats. We call this setting up your “human firewall” – it will only become more important in the future. None of your other security planning and tools will matter if your people still let threats in the door.
#4 Benefit from Microsoft 365
Microsoft 365 is Microsoft’s replacement for the traditional on-premise server environment. Microsoft 365 includes “Office 365” plus many other features. Like Office 365, it is a continually evolving platform that adds new benefits and features regularly. So, what are the benefits of Microsoft 365?
- Enable cutting edge security. Protect against sophisticated threats hidden in email attachments and links using advanced threat protection for zero-day threats, ransomware, and other advanced malware.
- Potential to remove your on-premise server or reduce server hardware. The traditional on-premise active directory has always been the centralized way to manage user accounts and computers and to push out policies. Many businesses have kept a server for this single reason, but now you have an option to make this the last physical server you buy!
- Enhanced security controls for devices. Microsoft 365 provides a way to not only manage workstations, but also ways to manage your data on any device that connects to resources on the platform. A couple of great features are the ability to deny files to be copied or printed (which helps prevent data leakage) and enabling drive encryption on PCs across your organization and managing those important encryption keys.
- Streamline new computer setup. Do you have applications that go onto every new PC when you add a new employee or replace an older computer? If so, onboarding new computers can be streamlined and programs pushed out automatically to new PCs!
- Built to support a mobile/work-from-home work force. With on-premise Windows domains, you had to be on the network to get updated computer policies and to keep your computer a part of the domain. With Microsoft 365, you do not have to be in local building or connecting with a VPN. Instead, Microsoft 365 makes managing devices and security policies easy no matter where your devices reside.
#5 Merge Your IT planning and Business planning
Planning your technology and evolving your IT environment isn’t defined by hardware and software expertise anymore. Certainly the technical aspects of managing IT infrastructure aren’t going away, but whether you’re planning short-term or long-term, you need to understand your business deeply enough to know what it needs. What this means is that your technology leadership needs to meet your business leadership: the two go hand in hand. Take a look at your business needs and find the right technology that will meet that need, rather than just focusing on technical requirements to run things the same old way. There are better options available.
Is your IT really working for your business? Are your technology goals and projects mapped to your business needs and objectives? Are your business leaders engaged in the technology discussion as well?
Is this overwhelming? Get a Shared CIO on Your Team
Does all of this seem overwhelming? These are just five of the areas we think are high priority for technology and cybersecurity planning going into 2020 and beyond, but there are always more. The IT industry is always in flux; business needs and demands are always changing too.
If you have many questions about what’s going on, and what you should be doing, consider consulting with a Shared CIO or CISO to help drive your IT agenda.