Today’s technology-based businesses face constant challenges, including cyberthreats, head-to-head competition and regulatory compliance. Keeping your technology up to date is critical to your businesses success. You may ask, where do you start?

A technology audit is a great place to start! It will help you identify gaps in your organization’s security, compliance and backup. A thorough technology audit can assist you in answering the following key questions:

• Is your current IT infrastructure vulnerable or lacking in any areas?
• Are there any unnecessary tools or processes that do not align with your goals and vision?
• Are you in compliance with applicable regulations, prepared to defend against security threats and capable of restoring business capabilities in the event of a system outage or data breach?
• What steps can you take to address the discovered vulnerabilities?

If you don’t have an IT background, the results of a technology audit can be overwhelming and have you wondering where to even begin. This is where the stop light approach and prioritization comes in handy! Even with an IT department, a managed service provider (MSP) will allow you to seamlessly audit and remediate IT issues. Using the Stoplight approach will help organize, prioritize, and budget your next steps.

The stoplight approach

The stoplight approach is a simple way of categorizing gaps and vulnerabilities into red, yellow and green groupings based on severity.

RED: Address the highest risks and vulnerabilities first

It is unrealistic to address ALL issues at one time. Remediation and resources should be invested into the most critical issues that impact the success of the business.

The most severe infrastructure vulnerabilities should be prioritized and addressed first. Consider the impact to your business if a compromise occurs along with the ramifications to recovery. For example, if your company is dealing with a ransomware attack, upgrading Microsoft 365 is a lower priority.

High-priority vulnerabilities that must be classified as RED include:

• Failing Backups
• Unauthorized users in the network, including ex-employees and third parties
• Login attempts and successful logins by users identified as former employees or third parties
• Unsecured remote connectivity
• A lack of documented operating procedures

Yellow: Then focus on gaps that are not urgent

There will be gaps and vulnerabilities that need to always be on your radar, but can wait until the more critical issues get resolved. Although these medium-priority gaps may be acceptable in the short term, they are a risk for the long-term and should be factored in when planning and budgeting for the future.

The following vulnerabilities fall into the YELLOW category and are of medium severity:

• Multifactor authentication (MFA) not enabled
• Failure of automated patching systems
• Outdated antivirus software
• Failure to enable account lockout for some computers

Green: If your budget allows, address these non-critical suggestions:

These are the least critical gaps and vulnerabilities with the lowest-priority. Considering gradually implementing after remediating your critical and non-urgent vulnerabilities in a way that can fit into your budget.

The following are some of the gaps that fall into the GREEN category:

• Accounts with passwords set to “never expire”
• Computers with operating systems that are nearing the end of their extended support period
• Persistent issues with on-premises syncing
• More administrative access than is required to perform essential duties

Importance of prioritizing gaps

Prioritization helps you manage your budget. It’s simple, you don’t have to spend money unnecessarily on less critical issues if you prioritize gaps and close them systematically based on severity.

Maintain optimal uptime by prioritizing gaps before refreshing your IT infrastructure because not all components will be down at the same time. This keeps your productivity up and customer service operational.

Not sure where to begin? A managed service provider (MSP) like us can help you prioritize technology gaps so you can get the most out of your technology investment while ensuring uptime and productivity. Contact us for a free consultation.

Also, feel free to download our infographic.