Posts

Staffing should address risk first and foremost

 

Staffing should address risk first and foremost

For any business, but especially a smaller one without deep pockets, the consequences of some disaster may mean the end of the business. As a result, risk evaluation becomes critical. There are an endless variety of events, from mishaps to major disasters that challenge your viability. Risk management inventories all of the possible risks that could befall the organization and places them in a hierarchy of significance. At the top are single points of failure disasters or extreme events that would shut down the business, at least temporarily. Risk management then works to channel limited resources toward mitigating the most serious risks. Here are some examples of risk in the IT area that could be especially damaging if left unprotected

  1. Data Security and Cybercrime –
    1. Loss of data – Failed backups or human error can lead to lost data. Every business needs to have the IT expertise to ensure that quality backups are maintained, preferably in real-time
    2. Data breaches – More significantly, data is constantly at risk from crime. From malware to ransomware, viruses and cyber attacks can destroy a small business. Consequently, quality IT support is most critical in this area. It should be an issue of highest priority.
  2. Hardware redundancy – Your entire physical IT infrastructure represents a vulnerability. Single points of failure could shut down your business. Proper design of your infrastructure, and 24/7 monitoring of it is, again, a risk mitigation factor. How much evaluation has been done to determine your level of risk?
  3. Natural and human-made disasters – How prepared is your IT infrastructure to continue operations in the event of a flood, fire, or natural disaster that prohibits access to your physical location? How would you handle a long-term power of broadband outage? IT professionals skilled in disaster recovery can help you mitigate the risk in the face of a major event.The point here is not to list all the possible risks you face, but to recognize that IT support should be focused on the most critical areas. Whether you bring them in-house or use the services of an MSP, resources should be directed first at areas where the risk is greatest.

How can an MSP help support a risk-focused IT strategy?

  1. Hiring individual in-house support can be expensive and slow – Given the tight labor market, finding ideal candidates can be exceptionally difficult, and as a consequence, too expensive. An MSP represents a faster way to bring on support and can be utilized only when and where the most critical services are needed.
  2. Up-to-date support – Over-worked in-house IT staff in a small company may be too busy putting out fires to keep up with the latest developments in specific corners of their field. As a result, you may lack the knowledge depth needed on narrow but critical areas. IT is a very broad field, and only a diverse IT team has the depth to cover all of the different areas. With an MSP, you don’t have to worry about how technology is changing. A good MSP will not only be up-to-date with the latest in tech but also advise you on what tech changes you need to make to stay ahead.
  3. Scalability – The size of your in-house IT support staff is, in the short term, static. If you experience peak demand times, resources can be stretched to the point of being overwhelmed. .Choosing a managed services provider, however, provides the flexibility to scale up or scale down your IT investment to suit your business needs.
  4. 24/7 monitoring and availability – Until your organization gets big enough, an in-house IT staff cannot be available 24/7. Nor can it provide 24/7 monitoring for that part of your business that must be functional all the time. An MSp has the resources, because of economies of scale.

In the end, don’t think of IT support as “IT Hiring” instead, think of it as staffing. What is the best use of limited resources to meet your most immediate vulnerabilities? That is the best perspective to take on IT support when resources are limited.

/by

AI: Can you avoid the risks it carries?

Are there risks to AI? Absolutely. There are end-of-the-world predictions about the use of IA. For a business, many of the risks are a bit less extreme, but they are also very real. For example, in the area of content creation. There are a variety of risks that you open yourself up to. One of the key ones is the trustworthiness of the content created. You rely on generative AI to create an accurate explanation or description of a topic, event, thing, or idea, However, can you, in fact, completely rely on that? The answer is probably a qualified no. The level of “qualified” depends on a variety of factors. Your AI generated content is only as good as its sources, and that can create real questions for readers. Also, an organization using AI to create any type of video, text, image, or audio content needs to be concerned that it may include proprietary information that you need permission to use. Could material created by generative AI suddenly veer off into copyright infringement?

AI is also being used in areas such as recruitment. However, there has been research suggesting that bias can sneak into AI decisions as a result of the source data the tools are using. Bias is a concern not limited to the one example of recruitment. It can have consequences in areas where AI is making marketing decisions, and can taint medical and legal recommendations AI might provide. As a result AI cannot go “unmonitored.” Review by humans and other tools is a best practice that is needed to improve accuracy and trustworthiness. This, in turn, may cut into the efficiencies that are perceived to be created by AI. Also, a lot of AI–Chat GPT to just take one example–isn’t going to necessarily incorporate consideration of regulation and compliance requirements. Many countries, individual States in the US, and US federal agencies are implementing data security regulations that are designed to protect the Personal Information of individuals. In many cases violations include civil penalties. In the case of the European Union’s General Data Protection Regulation, fines are significant.

If you are considering stepping into AI, your MSP can provide guidance. Our recent list bears repeating: Eight ways an MSP can help you approach an AI solution.

Step one: Assess potential uses of AI. Your MSP should have a solid understanding of your entire business and how AI might contribute. They can help you start with small steps and move from there.

Step two: Understand your KPIs and organizational goals, from the top down. Before jumping off and adopting AI just because it is there, evaluate your KPI’s. Where do you perceive you need a boost?

Step three: Propose a possible range of AI solutions. An MSP will be knowledgeable about the variety of applications out there and lead you to select those most appropriate for your goals. Remember, they should be directed toward assisting KPI improvement.

Step four: Estimate the solution’s ROI. Remember, measurement is important. And you can not do everything. So identify each potential AI solution’s ROI. As mentioned above, AI isn’t just a trendy tool to adopt just “because.”

Step five: Ensure compliance: For example HIPAA, PCI. HITRUST. ISO27001, SOC1, SOC2. AI is a powerful and potentially intrusive tool. Compliance is critical.

Step six: Implement the solution. An MSP can implement the solution for you. Most business owners do not have the resources available for what can be a time-intensive project.

Step seven : Manage tool-related risks. As noted, there are best practices. Monitor to ensure your outcomes with AI are accurate, trustworthy, defensible, transparent and meet regulations.

/by