The importance of information technology, which had already been growing, is in even sharper relief with the challenges businesses face this year. In an ASPPA All Access session, industry experts offered ideas and insights concerning IT and how it figures in business operations and decision makers’ roles.
Kevin Boercker, Chief Operations Officer at Spectrum Pension Consultants, Inc., and Paz Terry, a consultant with more than 20 years of experience in the IT field, offered their ideas and insights in the Nov. 9 session.
In managing IT, the speakers emphasized the importance of:
- goals and key performance indicators;
- consistent and timely reporting;
- updates to software and systems;
- vendor management;
- risk assessment;
- strategic planning;
- user access review;
- security reviews;
- management of inventory through physical audits, warranty information, and maintaining hardware health; and
- updates to internal policies and procedures.
Even if one outsources IT, Terry recommended having someone onsite to oversee IT operations. And if one does that, he said, one should be sure to conduct background checks of those who would be performing such functions. Further, he argued, a business should invest in them by continuing their training. And some businesses, he noted, blend outsourcing and in-house performance of IT functions.
Of course, IT requires highly specialized and technical skill and knowledge—but that doesn’t necessarily mean that one cannot oversee it if one lacks that expertise. Boercker pointed out that it is possible to manage IT even if one does not understand its fine details. He suggested:
- Don’t try to understand all the details.
- Find good people you trust.
- Adopt sound IT management practices.
Remote work has become more widespread, a trend Terry thinks will continue. “To me, it’s not an if, it’s a when,” he said regarding its adoption.
One of the silver linings of the current time is that it has cast a light on the importance of security concerning remote work,
Terry said. He discussed tools for making it more secure:
- Multi-factor authentication. “You should definitely rely on MFA as a core component of your security solution,” said Terry.
- Strong passwords. Terry said that the threshold for what constitutes a strong password is 16 characters, including symbols, and changed regularly.
- Virtual private networks. Terry noted that MFA can be employed in a VPN as well.
- Virtual desktop infrastructure. “Use of this is exploding wildly,” Terry observed.
- Single sign-on. With such a platform or mechanism, one account is the master and a single sign-on is necessary; Zoom is an example.
Terry outlined some cybersecurity measures “you just have to have”:
- email filtering and encryption;
- next generation firewall;
- security awareness and training;
- monitoring and threat response; and
- identity verification solutions.
The Bottom Line
“IT is now a core part of business. You really have to have a functioning and well-configured IT program to have your business work and be competitive these days,” said Terry. “It’s absolutely critical to your success, especially in the financial services these days,” he continued. And, Boercker added, “If you do IT right, it can be a competitive advantage.”