The last quarter of the year is an important one for small and medium sized businesses – as the old saying goes, if you fail to plan for next year, you plan to fail. Your IT strategic plan is no different. This is an important piece of your business that helps move you towards your goals. Here are some insights from our lead IT advisors on what to consider for your 2022 IT strategy roadmap.
IT Strategic Plan Items for 2022
As with every year, you should create IT strategic goals and a budget to go along with them. Here are the major considerations our organization leaders advise are included in your strategy.
Major Vendor Changes
Microsoft is making big changes to several of their offerings – namely with the new Windows 11 operating system and their New Commerce Experience, which includes Office 365 pricing changes. Your organization should make a plan to updated to Windows 11 – however, we recommend waiting to update until it is advised by your IT team, and after you have a comprehensive strategy to update your entire infrastructure. Your IT budget should account for the potential Office 365 price changes if that applies to you.
Cloud Strategies/Cloud ROI
Part of your IT strategic plan should focus on the cloud. You likely already have cloud computing solutions, but do are they still working for you? Examine your cloud applications and infrastructure and assess if they are supporting your business goals. You’ve likely leveraged some form of remote work in recent years – are your cloud tools working well for remote users? Do they integrate well into your network? Do they have security measures, or ways to easily integrate security into them? Examine costs as well – should you invest in more cloud storage or offerings, or should you re-allocate your budget to new solutions that work better for you?
Here are three items to check if your cloud is working for you:
- You can get reports from Office 365 that show who is using Teams/SharePoint, etc.
- You can assess user satisfaction to determine if the Cloud apps are meeting the needs of your remote workforce.
- There are other tools that can provide information about the productivity of remote workers during the pandemic as well.
P.S. – Want to learn about a framework that keeps your cloud and remote work secure? Watch our SASE webinar.
Compensation is going to be a big topic for 2022. With so many people in the labor force switching careers and looking for new opportunities, coupled with the shortage in labor across many industries, each company must think about how to address that while still maintaining a healthy profit margin. Employee retention becomes a bigger question in how to show appreciation for our employees and create an environment that is resistant to churn. IT staff are no different, and in addition to this, you should consider if your technology is positively contributing to your employees’ overall experience.
Budgeting for Cybersecurity
“Cloud and security are front and center for ourselves and our clients. With the move to remote work, how we maintain and improve productivity depends a lot on the tools we invest in and how we adapt to the new world.” said Hayder Allebban, Vice President of Operations at NetGain.
With that, Allebban explained, we need to think about what security measures we’re taking to protect ourselves and our clients with data moving to the cloud and the nature of our control over access changing with a remote workforce. We’re seeing more and more ransomware attacks on small and medium businesses, so building layers of security becomes essential. This brings us to the other major element of IT planning – cybersecurity.
IT Security Planning
Not surprisingly, cybersecurity should be a part of your IT strategic plan.
“Given the current cybersecurity climate, organizations need to be budgeting for additional security tools every year in order to protect against the new tactics being deployed from bad actors. NetGain is constantly having conversations with security vendors to evaluate new security tools to help keep our client’s environments protected. It is unfortunately now no longer considered ‘if, but when’ an organization is affected by a security event, and we must remain diligently focused on client’s recovery strategies. NetGain is focused on implementing the right security stack to adhere to Industry Best Practices around cybersecurity.” said Lisa Mitchell, General Manager of NetGain Chapel Hill.
Despite all the security training offered by organizations, research from Kaspersky Lab has revealed that 90% of data breaches are caused by human error. Estimates in the IT industry indicate 70% of organizations dealing with 100 or more cybersecurity threat alerts every day.
2021 was the year of ransomware. Hackers took advantage of both the pandemic and shift to remote work to hit businesses in every industry, from healthcare to meat suppliers. Due to the severity and high number of these incidents, businesses are becoming more involved in cybersecurity protection and understanding. This will continue into 2022, NetGain Director of Security Scott Logan says; however, the core tenants of securing your business are the same.
“Risk Assessments and Vulnerability Assessments are still the baseline to understanding your security posture. You don’t know what you don’t know.” said Logan.
Plan to assess your technology for any vulnerabilities next year – as you should be doing every year, or at least every 12-16 months. However, there are other tools to add to your security stack if you haven’t implemented them already.
Security Tools for 2022
Employee Awareness Training – Employees are your last line of defense when it comes to cyberattacks, especially when it comes to common hacking attempts like phishing emails. Your security plan for 2022 should include continual training that educates employees across your organization (yes, even your C-levels and senior management) identify threats. Training once a year is not enough – hackers are adapting rapidly. You should leverage a tool like KnowBe4 (link) that trains and tests employees throughout the year.
SOC-As-A-Service – With the frequency and severity of cyberattacks, having a trained security team that can constantly monitor your environment can be a huge burden off your shoulders. However, for most small and medium-sized businesses, having that kind of team is too costly. SOC(Security Operations Center)-As-A-Service is a great solution for this. A third party company, experienced in cybersecurity and the current threat landscape, monitors your technology for a flat recurring fee, similar to IT managed services. SOC-as-a-Service can take your security to the next level in 2022 with a dedicated team that is guarding your infrastructure round-the-clock, who can also advise you on security strategy, all for a cost you can fit into your budget.
What is our security team predicting for next year in the cyber landscape? More attacks and mobile device security. In 2021, we saw attacks across many supply chains.
“Attacks on infrastructure like power grids and water treatment facilities will become more common. Don’t panic, just be prepared.” says Stephen Garrison, one of NetGain’s security analysts.
Mobile device use continues to increase for work items, especially since the remote work shift. Garrison predicts that there will be more news stories on mobile device attacks in 2022. Mobile device security should be a part of your security strategy, and using multi-factor authentication is a simple way to prevent unauthorized access.
As Garrison said, don’t lose sleep worrying over the “what ifs” of cybersecurity – develop a comprehensive, tested security posture that you update frequently to keep attackers out.
Your IT strategic plan should be something your leadership team discusses as you plan for next year. Most importantly, when deciding how to plan your technology strategy for 2022, ask yourself “how does this contribute to my business?”. If you need assistance with technology planning, leveraging an MSP or a virtual Chief Information Officer can be a cost-effective way to ensure your strategy is effective.