Stay Connected
Blog Detail
  • Top 5 IT Audit Findings of Small Businesses 

    January 31, 2023

    Small business owners may not have dedicated IT personnel who can conduct IT audits and address the IT audit findings. They may piece together a technology team by combining the knowledge of the entire office. While that approach may keep the equipment functioning, it doesn’t help with the ever-changing technology and the cybercriminals who exploit it. In fact, it often leaves a business vulnerable to cyberattacks.

    IT Audit Findings

    IT audit processes can help small businesses identify their weakness and outline ways to ensure their digital assets are secure. In addition to risk assessments, audits help companies improve operations and provide information for decision-making.

    The following are the top five audit findings for small businesses.

    Obsolete Hardware and Software

    When hardware becomes obsolete, it is not disposed of properly. It gets tossed in a storeroom or closet. The hard drives are not removed, and the data is not wiped. This practice leaves the business vulnerable to thieves who steal the devices to sell the data on the Dark Web.

    Software is outdated. Updates are not applied to protect against cyberattacks. Older systems may have unpatched operating systems that cybercriminals can exploit. Anti-virus software is not installed, is outdated, or is not licensed. 

    Data Backup and Recovery

    Organisations do not back up their data, or if they do, backups are not scheduled. There are no internal controls to know when the last backup was performed. Poor backup hygiene may place a business at risk if critical data is lost.

    Companies do not have processes in place to ensure their data is protected in case of a natural disaster. For companies with scheduled backups, many have never tried to restore the data or execute a disaster recovery plan. Unless businesses test, they can’t be sure their data is safe.

    Calendars and Emails

    A business does not have a consistent email configuration. They may have a domain but do not set up accounts using the domain name. Some emails are routed through POP servers, while others use IMAP. Without consistent email systems, messages are not backed up.

    Businesses that use Office, they can be unfamiliar with the licensing. They may have an older Office subscription (the 2016 or 2019 version for example) but upgrade by purchasing the new Microsoft 365 bundle anew instead of upgrading their license. Upgrading can be significantly cheaper where it’s still available.

    Cloud Storage

    Storing information in the cloud means that files should be available on any device. Companies lack the expertise to set up Sharepoint and OneDrive to allow files to be shared and available.

    No Audit Processes

    New hires are not trained in cybersecurity hygiene. Usernames and passwords have no restrictions and are often duplicated or shared. When someone leaves the company, no process exists to ensure all digital information and equipment are returned. 

    Individuals who set up devices or configured firewalls left the company without leaving the credentials behind. The business has no way of accessing administrative accounts if the credentials are lost. In some instances, employees leave and take their knowledge with them.

    What are your IT Audit Findings?

    Tech Seek provides IT auditing services to small businesses to eliminate vulnerabilities and maximise operations. Contact us to set up an appointment.