Small Business IT: Starting Off on the Right Foot

Can I be totally honest with you?

Providing IT services to small businesses is often frustrating.

That’s especially true when the first thing you ever hear from someone is when the whole office has collapsed into a catastrophic mess.

I mean, sure—from a service provider’s point of view, there’s money to be made in the rescue effort.

But there’s also that persistent nagging thought that, with the right preparations, none of this ever needed to happen.

Here’s the inside dirt on how to do IT right from the very beginning:

You can’t skip strategy

O.K., I know what you’re thinking.

“I don’t need an IT strategy. I just need some computers and an internet connection.”

And you’d be right. You can totally get away with this—for a while, at least. Most days, you’ll show up at the office and it will all work like the day before.

But, here’s the problem

Without a strategy, you’re bound to end up endlessly deferring necessary upgrades and replacements to infrastructure. You’ll also skip the kind of prevention and maintenance work that stops small problems from developing into disasters.

This can turn into a “death by a thousand cuts” situation—small problems that keep recurring because they’re never properly fixed. The technician callout fees and lost productivity will keep adding up.

They can also develop into all-out disasters that bring your whole business to a grinding halt.

It’s not that different to driving an old jalopy that never gets a scheduled service—you’re doing it to save money, and yet it ends up being so expensive to keep on the road.

And, in the same way that an old and poorly maintained car might well break down on the way to the airport, unmaintained IT systems might blow up right at the busiest time of year.

Without an IT strategy, you aren’t managing IT problems—you’re just responding to them as they occur.

Place a value on your productivity

A big part of the problem here is that you probably have a much better idea of what it costs to avoid IT problems than it costs to experience them.

New hardware, software, and IT support contracts usually come with clear price tags. But unless you’ve sat down and done some sums, you probably don’t have a clear idea of what your downtime really costs.

How much do you spend an hour on wages? How much in a day on rent, bills, and marketing costs?

When your systems are down, you still rack up these expenses. You just don’t have anything to show for them.

The hit you take to reputation, morale, and momentum is harder to calculate, but still very real.

You probably don’t need to get too in-depth with this—you can never anticipate exactly how any given problem will impact you. Just a rough, back-of-the-envelope idea will help you better value your productivity.

But if you never sit down and think about what your downtime really costs, chances are you will drastically undervalue it. You will continually avoid and defer any kind of active decision to take control of your IT hassles—without realizing how much cash you’re bleeding on operational expenses as these hassles freeze your business.

Set clear responsibility for IT

Perhaps the worst part of having no clear IT strategy is that you tend to end up with nobody properly in charge of your IT environment.

The most common way small businesses get this wrong is to rely on an employee with no formal IT role but who “knows computers.”

The other way is to engage an IT professional on an impromptu basis as problems appear.

In each case, you’ll be waiting for things to go very wrong before taking action. You’re not solving problems before they happen.

Let’s see exactly how this works

This will make more concrete sense by looking at how it can play out in the real world.

Let’s say that, after a couple of years of regular use, the hard drive in your file server wears out. This is actually one of the most common hardware failures in a server.

Which is why just about every server keeps the same data on two drives. That way, when one breaks, it immediately switches to another and you can carry on without losing a second of productivity.

The server also sends a message to your systems administrator to let them know that the drive needs to be replaced. There’s a good chance that your server’s drive bays are “hot swappable”—meaning that the technician can open it up and replace the drive while it’s still running.

Losing the drive that holds everyone’s work is potentially a total show stopper. But with this combination of neat little innovations, it can be handled so smoothly that the rest of the office probably won’t even notice.

So far, so good. But what if nobody is receiving or monitoring these alerts that something’s wrong?

Well then you’re just one hard drive failure away from your whole office stopping. Your remaining hard drive is just as old and has been subject to the exact same use, so that moment won’t be too far away.

This means nobody can do any work until your technician has a free moment to replace your dead hard drives and recover your data from your backups. It’s urgent work, so you’re probably on the hook for an emergency call-out fee or after-hours work.

And here’s the scary part: because nobody has been clearly responsible for any of this, it could also be the moment you discover your backups are corrupted.

This is just one of the ways a minor matter of routine maintenance, left unmonitored, can turn into a stressful and hideously expensive freeze of your whole office.

It’s crucial for security

Computer security breaches are an increasing cost for businesses of all sizes. In 2017, billionaire businessman Warren Buffett even declared cybersecurity to be the greatest challenge facing mankind.

Without any clear responsibility for IT, there’s no clear responsibility for keeping systems secure—to ensure that software and firewalls are properly configured, to keep your operating system and your router firmware patched for security updates.

With nobody attending to this, an expensive and stressful security breach is not a matter of if, but when.

Employing, contracting, or outsourcing

If there’s the volume of work to keep them busy, it can make sense to hire a technician or systems administrator on a part-time or full-time basis.

Very few new businesses will require this volume of work. Here, it can make more sense to hire a freelancer to monitor your systems remotely and to provide on-site services for the number of hours you need.

Whether you’re hiring or contracting, it’s important to engage someone with experience provides IT services in a business environment. Otherwise, it’s all too easy to end up with someone who doesn’t understand industry conventions and standards and does things in their own weird and wonderful way. This leaves you with an IT environment that’s completely incomprehensible to any other technician. This is where it can be helpful to engage a consultant to help you vet candidates.

Many small business owners feel like they’ve got enough to manage without having to navigate this, and will instead outsource their IT support to an external business.

Take control of your IT infrastructure lifespan

Look: When your IT environment is just you and your computer, lifecycle management is easy. All you need to do is buy a computer and use it.

A few years later, it’ll get a bit slow and struggle to keep up with the increasing demands of new software. That’s when you buy a new one.

This “let’s just see what happens” approach doesn’t scale very well. You start to run into problems in a more complex environment, such as a client/server network.

Breakages cause interruptions and downtime

Unfortunately, replacing things one at a time usually means waiting until they eventually break. This means every single item you buy gets the opportunity to interrupt your work day—and perhaps at the worst possible time.

The interruptions and lost productivity are often much more expensive than the hardware itself. You can also run up further costs by paying a callout fee to your technician every time something needs to be replaced.

Your IT environment will grow more nonstandard and complex

As the years wear on, the bigger problem with replacing everything one at a time is that, to keep all the bits and pieces talking to each other, your IT environment will gradually accumulate weird one-of-a-kind configurations and quick-fixes that end up hanging around for years.

As your IT environment becomes more idiosyncratic, it becomes much more difficult for technicians to understand. Basic tasks become much more time consuming—one way or another, you’ll be paying for that time.

One of the most troubling parts of this is that you can end up relying on old software and old protocols—this can mean that applying security updates can stop your software from working or can stop your machines from talking to each other.

Some businesses in this situation end up just not applying security updates, leaving themselves wide open to ransomware. In 2017, the two worst ransomware attacks both targeted a security vulnerability that Microsoft had already patched.

By having a clear replacement date for your infrastructure, you can avoid some serious headaches in years to come.

Scheduling a time to replace your infrastructure

One of the nice things about taking control of infrastructure lifespan is that replacement times are no longer forced on you. You can schedule it for the part of the year when there.

For many businesses, this will be during summer when your staff and customers are away on holidays. But if summer’s your busiest time, perhaps winter might be better.

Of course, the slow part of the year is also when cash flow is tightest. But by knowing years in advance when everything has to be replaced, you’ll have adequate time to budget.

Leading up to this time, you should sit down with your technician to properly plan your migration to new infrastructure. If the rest of your office isn’t completely shut down during the migration, you may also want to consider ways to keep your workers productive at this time.

Write policies for IT security and recovery

IT security is about more than just properly configured and updated software. Many attacks target the human vulnerability—by tricking users into running malicious code, or by cracking guessable passwords.

Of course, despite your best preparations, you might still get burnt. You need to be prepared for that too.

School your staff on phishing and spear phishing

Phishing attacks masquerade as legitimate emails to trick people into running malicious attachments. Increasingly, businesses are also being targeted by “spear phishing”—a kind of phishing email written to target a specific individual.

You need to train your staff to recognize these threats. Be sure to have an actual conversation about this, rather than just having them sign a document to say they understand the company policy.

Don’t just assume this stuff is obvious. It might seem obvious to you, but not everyone has the same level of knowledge. These attacks only persist because some of the time they work.

Internal and external password policies

Increasingly powerful computer hardware makes it ever easier to crack passwords.

If you don’t set password policies, it’s likely both you and your staff have chosen something insecure. Good passwords should be at least 10 characters in length, and not be overly dependent on common words. They should also be unique.

Because it can be difficult to remember a great many passwords that meet these conditions, you may want to consider the use of a password manager—we use LastPass, but any of the popular alternatives do much the same thing.

Disaster recovery plan

Most business owners are realizing how important it is to have backups. But rather fewer understand the need for a disaster recovery plan—a documented set of procedures to follow in case of major disasters like ransomware, burglary, or flooding.

When these disasters strike, every ticking second of lost productivity costs you money. You don’t really want to spend this time working out what you need to do next—and it’s too late to identify any extra preparations you should have taken.

Disaster recovery plans should be revisited as your IT environment changes and grows.

It’s about avoiding headaches as you grow

Most of us have spent a large part of our lives using computers at home, school, university, and the workplace, without ever really thinking about what our “strategy” is. We just switch it on and start using it to get things done.

This attitude is fine in many situations, but if it’s how you manage your IT needs in a new business, you are setting yourself up for stress, expense, and headaches. The good news is that this can be avoided.

By properly planning who’s in charge of your IT, how long you expect it to last, how your staff should use it, and what to do when things go wrong, you can give your new business the best chance of success.