IT Checklists for SMBs

Whether you have your own in-house IT Team, or have outsourced your IT needs to be taken care of by a Managed Service Provider, you need to have a bunch of ‘IT Checklists’ readily available…and that can be a daunting task. Stay tuned and follow along as we provide our Must-Have IT Checklists for SMBs that you can use for your own business.

These checklists can help you ensure all you core IT needs are covered and serve as a guide to any new IT staff. Also, if you decide to bring a new MSP on board, your IT checklists can act as good starting point for them as well.

Let’s start with the core structure of your IT environment:

Your IT Strategy Checklist

Jot down your core IT requirements – at this time and for the foreseeable future. Answer questions like:

  • What role is IT going to play in the success of your business?
  • What areas is IT supporting your business in currently?
  • What new roles can you foresee for IT in improving your business efficiency?
  • Do you have any new technology in mind that you want to implement in the next year?
  • If you have an in-house IT team, what kind of staff structure do you see in the next year?
  • If you are planning to expand your in-house IT team, how many team members will you need to bring onboard and what will be the cost associated with this decision?
  • Would it be more effective and efficient to hire a MSP instead to supplement your in-house IT department?
  • What is your IT budget for the year?

IT Risks Checklist

The next step would be to create a checklist of your IT risks. At this stage, you should be answering questions like:

  • What IT risks are most relevant to you?
    • For example, data privacy is a serious concern for a business operating in healthcare, while phishing can be a bigger concern for an accounting firm.
  • Another angle to look into are environmental risks. For example, do you operate in a hurricane-prone area, or someplace prone to wildfires?
  • Make a list of risks most relevant to you and assess the possibility of them happening. Such assessments will help you arrive at the key safety measures that you need to take, as a business, to keep your data safe.
  • In the worst case scenario, if your IT infrastructure were to fail, how long can you survive before it will be difficult for you to bounce back? Can your business operate without your key IT systems working? If not, how long can you afford to keep it shut?

IT Timelines Checklist

This checklist should include any specific IT goals that you want to achieve and the timelines for them. Consider items such as:

  • Adding new technology to your current infrastructure.
    • How long will it take to implement these assets?
    • What type of training will be needed for staff members?
  • Cyber Security improvements
    • Can your current IT team handle the necessary security features needed to protect your business and data?
    • Are your employees aware of the risks associated with cyber crimes and how to detect and defend against them?

Hardware And Software Checklist

Create a checklist or a policy for hardware purchase, use and installation:

  • How do you determine what hardware/software is needed?
  • What about installation? Who will be doing it? Incorrect installation can end up resulting in loss of time and, in case of faulty hardware installation, it can also destroy new hardware.
  • What is the process for the procurement of new hardware and software? Do you have regular vendors who you approach or do you start looking for a suitable one once the requirement arises?
  • Establish a policy for operating systems, because not all hardware/software is compatible with every OS.
  • What about updates, security patches and upgrades? Who will be responsible for them and how often?
  • Who is responsible for software installation when there’s a new user requirement?

Cybersecurity Checklist

This checklist should cover all security-related aspects of your IT. For example:

  • Create and implement a password policy that you want your staff to adhere to. Cover password hygiene, acceptable passwords, password sharing, reuse, password update rules, etc.
  • When someone quits your organization or no longer works in the profile that they were working in, how is the access issue addressed? Spell out the rules and regulations regarding the removal of a user from the network, changing passwords, limiting access, etc.. Along the same lines, also cover new user initiation into the IT network.
  • Include policies for data sharing – which data can be shared, where and by whom, who has access, the level of data access rights, etc.
  • Spell out the plan of action to be taken in the event of a cybersecurity breach. Whom to contact, how to quarantine the affected systems, what steps are to be taken from the legal perspective (disclosure of the breach, data security violation penalties, and so on…) how to prevent such future events, etc..
  • You cybersecurity checklist should not only cover the digital aspect of IT security, but also the physical aspect of it. Establish rules and regulations for physical access to data.

Training Checklist

Your IT staff is not only the one who needs IT training. Everyone in your office does. An IT training checklist serves as a good process document for any new staff or for any staff working on new hardware and software. Following the IT training checklist can help cut down the learning curve, and ensures the hardware/software is leveraged in the best possible way, thus making your staff more efficient. Similarly, cybersecurity training can help reduce incidences of cybersecurity breach due to a lapse of judgement by your employees. Here’s what your IT training checklist might include:

  • Rules and regulations regarding software and hardware use.
  • Links to user manuals/instruction videos with how-to’s for the software and hardware in use.
  • Information about whom to contact if there’s a need for troubleshooting.
  • Training schedules for each hardware/software, cyberthreats.
  • Information about whom to contact if there’s a perceived cybersecurity breach.

Data Backups Checklist

There are a number of factors that can affect the accessibility of quality of your data. Data backups are key to ensuring your data is not lost. You should maintain a checklist or a policy document that covers this aspect. Your data backups checklist should cover:

  • What are the different data sets that need to be backed up?
  • How often do each of those data sets need to be backed up?
  • Where (location/device) will the data backup occur?
  • How will the data backup happen?
  • Who will be responsible for the data backup?

BYOD Policy Checklist

In the current business environment where companies allow their employees to use their own devices for work purposes, a BYOD (Bring-Your-Own-Device) checklist is a must. This checklist should answer questions like:

  • Who is allowed to bring their devices to work (employees of some departments that deal with sensitive data like, the HR/Accounts may not be allowed to do so)?
  • What kind of devices are allowed/approved? For example, you can specify a version below which a certain OS may not be allowed, as it may be outdated, exposing your entire network to any security threat that it may be vulnerable to.
  • Who is responsible for ensuring the security patches and anti-malware protection is up-to-date?

Having these checklists/policy documents do not ensure your IT infrastructure is always safe and secure, or never suffers a downtime. These checklists merely help in cutting down instances of security breaches or downtime and go a long way in helping you respond positively to any IT crisis that may befall your business. What we have discussed here is just the proverbial ‘tip of the iceberg’. Your checklists have to be comprehensive, in-depth and cover every angle with a clearly defined action plan for any IT contingency. Reaching out to an experienced MSP for assistance will ensure you leave no loose ends.