Chapter Seven: Continuous Improvement
Continuous improvement and procurement process are well-established ideas. For technology, these processes are especially applicable. The Return on Investment (ROI) has as much to do with how things are implemented as they do with what was purchased.
Some minimal considerations:
- Making the most of what you have in place:
- make sure to maximize current personnel knowledge; will additional training or new staff be necessary or helpful?
- consider maintenance costs. Remember to include invisible costs such as web hosting and staff time to implement updates.
- Who on staff is in charge of software updates and hardware maintenance? Are they the only ones who have this knowledge? Is this regularly scheduled?
- Is the existing/new technology being used to its full extent? If not, why? Does it duplicate other software or hardware that can be replaced?
- What are the best practices to implement now that will eliminate issues later. For example, is data collected into a format that will be easy to export later?
End-user and personnel feedback is helpful for making decisions around additional purchases, to increase productivity, and get the most out of the technology. Additionally it can help alleviate staff concerns. This is also critical with public-facing technology. Customers and clients will simply move on if an interface is difficult or non-functioning. Creating a log or form though a platform like Google Forms or Microsoft Forms to report issues is a quick and easy way to quickly collect user suggestions, needs, and to head off potential problems.
Obsolesce. What comes next was likely considered when the initial purchase was made. Will it be an update or upgrade? How can you prolong the life of the technology you have? Both software and hardware companies are increasingly sunsetting products by ceasing to offer updates. Staying current on discontinuation plans may help leaders to plan for a carefully-timed “last update” to give a little more time to determine what comes next.
Appropriate data gathering and cybersecurity are important aspects of continuing improvement. After all, it is not possible to conduct business if a criminal is holding your data hostage.
Although sometimes it seems like it, updates aren’t all about increasing vendor profits by creating planned obsolescence. Cybersecurity is a constant threat to businesses.
According to the National Cybersecurity Alliance, many small to medium-sized businesses (SMBs) have the misconception that their data is not valuable and that, in turn, they are unlikely to be the target of a cyberattack. However, 28% of cyberattacks involve small business victims. Schools, heath care organizations, and non-profits are increasingly targeted, as well. All data is valuable. The most common types of cyberattacks include:
Phishing: Phishing is when cybercriminals send an email or text that appears to be from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code.
Viruses: Viruses, a type of malware, are harmful programs that spread from computer to computer, giving cyber criminals access to systems.
Ransomware: Ransomware is a type of malware that restricts access to a computer or server until a ransom is paid.
It is worthwhile for managers to assess the threat to their organization. An IT professional is helpful for this, but the government also has tools for cybersecurity risk assessment:
- Federal Communications Commission (FCC) Planning Tool: The FCC offers a cybersecurity planning tool to help you build a strategy based on your unique business needs.
- Cyber Resilience Review: The Department of Homeland Security’s (DHS) Cyber Resilience Review is a non-technical assessment to evaluate operational resilience and cybersecurity practices.
- Cyber Hygiene Vulnerability Scanning: DHS also offers free cyber hygiene vulnerability scanning for small businesses.
- Cyber Essentials: Cybersecurity & Infrastructure Security Agency’s (CISA) Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
While a risk assessment can help develop tailored cybersecurity plans, there are also general best practices that all businesses can adopt to reduce vulnerability to a cyberattack. These include:
- Beefing up existing cybersecurity protections: simple acts like changing passwords with stronger ones made up of random letters, numbers, and special characters can help prevent cybercriminals from gaining access to data
- Using multifactor authentication for accounts and services
- Updating anti-virus software and securing Wi-Fi networks
- Training employees
- Protecting sensitive data and backing up the rest: While firewalls and other tech protections are important to warding off cyberattacks, physical protections can be just as essential. For example, lock up company laptops when they are not being used to prevent unauthorized access
- Making sure that files are backed up regularly will reduce a business’s susceptibility to ransomware attacks
Strengthen your cybersecurity. U.S. Small Business Administration. (n.d.). https://www.sba.gov/business-guide/manage-your-business/strengthen-your-cybersecurity