We understand – planning your annual budget is stressful and time-consuming.

A great way to get an understanding of what you will and won’t need in the coming year is to start by asking yourself the following ten questions:

Q 1: Are you taking full advantage of your Microsoft 365 licenses?

1 M365 licenses includes Intune, System Center Configuration Manager (SCCM), Enterprise Mobility Security, Desktop Virtualization, and more. Consider consolidating from third party products to take full advantage of your M365 licenses.

Q 2: Do you have a Security Assertion Markup Languge (SAML) provider? Have you implemented single sign-on authentication?

2 Many web-based applications leverage SAML. Consider implementing Microsoft ADFS, OKTA, or OneLogin for single sign-on.

Q 3: Have you implemented a Security Information and Event Management (SIEM) tool? Are you following up on your SIEM alerts?

3 SIEM is one of the best tools or services your firm can have to protect and alert you to unusual or malicious activity on your network. Any firm that is serious about security should be running a SIEM and proactively monitoring its alerts.

Q 4: Are you prepared for the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the New York State “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act)?

4 States like California and New York as well as the EU and the UK are requiring firms to protect their clients’ private information. Firms risk losing clients as well as severe fines for not demonstrating their ability to secure and report on private information.

Q 5: How can I leverage Microsoft Azure for production or disaster recovery systems?

5 Microsoft Azure provides a secure and reliable pay-as-you-go platform that allows firms to expand or contract their network as needed. Additionally, an Azure subscription includes security updates for end-of-life products like Windows Server 2008 and Windows 7.

Q 6: Do I have a security awareness training program in place?

6 According to Verizon’s Data Breach Investigations Report (DBIR), phishing is the most utilized attack vector for malware delivery. It is critical that all firm employees be trained to recognize malicious or unusual emails.

Q 7: How are you keeping your Windows 10 build up-to-date?

7 It is important that you know which lifecycle your Windows 10 build falls into (Long-Term Support Channel, Spring, and Fall releases) and plan to update your build prior to end-of-support.

Q 8: How can machine learning and AI improve your e-discovery and document management systems?

8 New products such as iManage’s RAVN are providing firms with machine learning tools that are automating time consuming processes and giving firms a competitive advantage. For example, RAVN’s Classify automatically recognizes document types as they are imported saving many hours of manual or scripted categorization.

Q 9: How are you protecting your firm from data loss?

9 Data loss can happen via multiple sources. Whether an attorney accidentally emails sensitive information to the wrong client or someone is maliciously uploading or exporting documents. It is important that firms have the proper tools in place to prevent or alert on data loss.

Q 10: Citrix vs Always On VPN, which remote access is best for your firm?

10While Citrix has been a reliable form of remote access for many years, more and more attorneys are traveling with their laptops and Surface Pros. Microsoft’s Always On VPN has become a reliable form of connectivity for traveling attorneys.

Cornerstone’s best practices can give you peace-of-mind during this process. We can help with the research and provide you with an analysis that includes all the right options. We can purchase, install, upgrade, and provide maintenance.

It’s never too early to start planning for next year’s IT budget!

Call us today to get started.