If you are a small business owner (fewer than 50 employees), you know that in order to be successful you must wear many hats and be able to change them often. One minute you may be dealing with a personnel issue, the next you have a conference call with a key vendor, and the next you’re trying to close new business or develop new products. The dynamic and varied responsibilities of being a small business owner are what makes it the most challenging, exciting, and potentially rewarding career on the planet.
Technology’s role in today’s small business is apparent. It is a competitively necessary in most business models and industries today. Since the small business owner can’t “know it all,” I offer the three simple concepts that every small business owner should understand. These concepts can be the building blocks of technology infrastructure that optimizes productivity and reduces operational costs.
1. YOU MUST PROTECT YOUR DATA
Through my 20+ years of experience in providing IT solutions and consulting to small to mid-sized businesses, it still astonishes me how often I audit a customer’s environment and find that the business is vulnerable to a catastrophic loss of proprietary data. By “vulnerable to catastrophic loss,” I am referring to woefully inadequate backup policies and procedures. By “proprietary data,” I am specifically referring to your company’s financial, accounting, customer, and employee information.
It is critical that a small business owner personally and periodically review data backup policies, processes, and verification procedures of the company. Whether you have an employee or a service provider responsible for the set-up and administration of your backup and disaster recovery policies, you should be personally “in the loop” by being notified or provided verifiable proof that company backup procedures are being carried out daily and without error. Your proprietary data is the most valuable and most irreplaceable technology asset your company owns. Servers, switches and firewalls can all be replaced, but not your data. Your periodic review should take about a ½ hour and your verification should be as simple as an automated email sent to your personal email account.
2. YOU MUST PROTECT YOUR NETWORK
Protecting your businesses computers, servers, and other technology assets from unauthorized access or use is a key to controlling your technology’s total cost of ownership (TOC). It is also essential to protecting your data as we previously discussed. This includes protecting your systems from unauthorized users who may try to access data they have no business working with or looking at. These users can be employees trying to sneak a peek at the company’s payroll or financial information or non-employees trying to steal proprietary data, or the personal information of your employees or customers.
Nearly all businesses today have provided Internet access to all employees. You can think of your company’s network as living in a neighborhood with highest crime rate in the world. Extortion schemes using denial of service attacks, viruses, Trojans, malware, phishing, email scams, and other nefarious activities all use the Internet as its conduit into your business. Cybercrime exceeds drug trafficking as the largest revenue source for crime organizations worldwide. It is an essential for a business owner to understand the threats to his or her business both from internal and external sources and mitigate them appropriately.
Internally, requiring access control (security) policies that allow only authorized employees to read or update confidential data is a must. Employee termination procedures should include measures to protect your business from future unauthorized access by that employee. Periodic mandatory password changes and password complexity policies should also be implemented. Your wireless network should be for authorized users only. If your business provides Internet to “guests,” it should be a separate logical wireless network from your business wireless network. This doesn’t necessarily require additional wireless network equipment, but it does require proper configuration.
To protect your network from external threats, a centralized, easily monitored and managed anti-virus solution should be used. It is also recommended that a “business class” firewall be in place that provides some intrusion detection and mitigation features. The $100 home router or the standard cable broadband router is generally not adequate protection. Your email system should also have a robust hygiene system in place that filters out spam and detects and strips attachments that may contain viruses. Finally, an automated, centrally managed, solution to monitor and manage the security updates that are periodically available for all your servers and computers should be utilized.
3. YOU MUST MANAGE YOUR USERS
Any computer that employees use is company property. Therefore, you have the right to control the activities that can occur utilizing that asset. Often, especially in small businesses, computers are treated as if they are owned by the employee. A common best practice is that only designated, authorized, personnel are allowed to install new software. Without some sort of company policy in place, users may well be doing literally “anything” on your corporate computer.
According to Salary.com, employees wasting more than 2 hours each day on the Internet can be as high as 20 percent of a company’s workforce. I have seen on several occasions where an employee has used company time and computers to run their own “virtual business” utilizing sites like eBay. Business owners should realize that today’s computers are going into the hands of our young children often before they can walk. Therefore, we have to assume that some employees, no matter what their position in the company, have the necessary skills that allow them to snoop around your network looking for sensitive and/or confidential information. They also have the skills to utilize company time for their own personal gain utilizing your computer assets. Shopping websites like Amazon.com and social media websites like Facebook are also common places where your employees are on the “company dime” and engaging in social activities.
An acceptable use policy that each employee is required to sign stating that they understand that corporate computer assets are to be used for company use is a widely used and recommended best practice. This acceptable use policy should limit if not completely eliminate personal use of company computers. Policies regarding the use of personal communication devices (smartphones) while on the job, are often incorporated in this document as well.
Many small businesses leave their employees on the “honor system” once these policies are in place. Often that is all that is needed. However, with larger small businesses or businesses with multiple shifts, or multiple locations Internet monitoring and filtering solutions are utilized to restrict most employee access to social media and or entertainment sites including adult websites. These solutions can also be used to monitor employee use of the Internet to identify violations of acceptable use policy.
IN THE LAST 20+ YEARS, CONTINUOUS CHANGE IN INFORMATION TECHNOLOGY HAS BEEN THE NORM.
It seems that every 5 years there is a complete turnover in prevailing hardware and software we use to operate our small businesses. Your company’s information technology infrastructure despite this dynamic ever-changing environment must stay easily managed, while being adequately secure. It must also protect your highly valuable corporate data. It must be adaptable to exploit new revenue streams or to obtain a competitive edge. This is just one of the many challenges that any small business must contend with.
My company “INFOTECHMGMT” is a local, experienced, and reputable business technology partner. We specialize in supporting the small business owner with our knowledge, expertise, and services. Our role often is as essential as a CPA or as an Attorney to the small business owner. Understanding the concepts explained in this article while working with INFOTECH MANAGEMENT, filling the role as a “Trusted Advisor” can be a powerful synergy that may make significant contributions to achieving your business plan. We are at the ready to add value to your business.
Call me personally at INFOTECHMGMT at 703-547-8259 or email me at zdurrani@infotechgmt.com to discuss how we can engage.