It stands to reason that in a small business, the focus will always be on the product or service that you offer. That’s where the majority of your resources will be directed. That’s where your expertise is, it’s what you’re best at. With that in mind it’s understandable that as a business owner you may not be overly-interested or concerned about much of your IT. This is especially true if you are in a business that’s constantly under pressure to deliver on tight timelines and you’re generally resource-constrained. 

However, for companies of any size there is significant value in following robust (but not necessarily expensive / time consuming) processes when it comes to IT. 

Depending upon your industry, you may have a regulatory requirement to meet certain standards, but even if you’re not accountable to a regulatory body, there are certainly some things that you should ensure are happening within your organisation. 

Whether you like it or not, you are most likely fairly dependent upon IT for day to day operations, whether those operations are managed internally or are outsourced. In small organisations, people with minimal IT skills, experience, or frankly interest in IT, are often delegated critical IT tasks. But is it fair to ask an employee whose main role may be related to office management to be responsible for data backups? Do they perform test restores to ensure that data can be recovered if necessary?  Would they be able to prove that backups and restore tests are taking place if you asked them to?  Are they certain that your backup system is backing everything up? 

Although there is always lots to consider with IT, it’s critical that the following 5 points are addressed and managed in the vast majority of businesses. 

1)      Enforce password policies – ensure that passwords are changed regularly and are required to be of a certain length and complexity.

Why?  There are lots of reasons – obviously security related.  Over time in small businesses it’s not uncommon for people to learn / share passwords of colleagues. Of course it’s not “best practice” but it happens. You might need someone to login as you to check something, or you might have people who are happy to give out their password verbally to IT support people within earshot of others. Whatever the reason, consider the worst case scenario. What happens if that person, for whatever reason, deletes data, sends “uncomplimentary” emails to customers or messes around in other systems with your login credentials? At best you may have a hard time explaining that it wasn’t actually you who did that, and that you were not as careful with your password as you should have been. At worst you’ve lost your biggest customer and have suffered catastrophic reputational damage. Although regularly changing your password won’t mitigate all potential issues, it will certainly help. And of course, if someone learns your password, change it as soon as is practical / possible.

2)      Ensure that someone is diligently and promptly closing user accounts for employees who have left your company.

Why? It’s very common for companies to provide remote access, in one form another, to their systems and data. If IT is a secondary job function of a member of staff, who’s to say that this task doesn’t fall through the gaps? Moving jobs within industries happens all the time. Do you want to provide your competitors with access to your data? If you’re not disabling (in a timely manner) user accounts for people who leave your company then there’s a fair chance that you’re not auditing whether those people are remotely accessing your systems and data after they’re gone, so you’ll probably never know about it. And of course there are a number of related issues with managing user accounts of part time or contracted / outsourced users. 

3)      Make sure that important data are backed up on all devices that have it. And if you need to keep sensitive data on mobile devices ensure that they are suitably secured.

Why? Well it’s obvious isn’t it! But it’s just as important to test that you can recover that data, and all of it, when you need to. Depending upon your backup processes, you may need to add things like new network / storage locations into your backup routines. It’s easily overlooked. If nobody is regularly testing your backups then nobody can be certain that you can recover your data. Equally, if you are allowing people to store important or sensitive data on mobile devices then it’s a good idea to back them up, but perhaps more importantly it’s worth encrypting that data. That’s unless you don’t need that data, or if you don’t mind discovered that your data is now in the public domain (and / or with a competitor). One more thing to bear in mind – if your servers and systems are located “on site”, does anyone ever check for those flashing red lights on the front and check out what they mean! In most modern servers, depending upon how they are set up, you can experience a single disk failure, often indicated by a flashing red or orange light, with minimal impact. However, if another disk fails then you probably have a serious problem and the first you’ll know about it is that people can’t work. 

4)      Train you workforce on the dangers of malware threats / social engineering.

Why? This article sums it up perfectly – and remember that it’s not just large companies who are susceptible to this type of threat, although those are the ones you’ll hear about. After issues like these, not only are you counting the financial cost, you’re in a fight to protect your company’s reputation too.

5)      Ensure that you are using antivirus software and that it’s updated regularly.

Why? Computer viruses / malware are nothing new – they’ve been around for decades. However, over recent years the motives of people who engineer “malicious software” have changed. Proportionately-speaking there are far less mischief makers and many more money makers. Revenue from malware can be generated by criminals in a number of ways. If your computer is compromised then it may become part of a botnet, and your computing power is being used by cybercriminals. Ransomware has also emerged as a significant threat. Computers that are infected with ransomware usually encrypt all data on the drives available to them, including network drives. Once that happens you’re unable to access any of that data unless you pay a ransom of some sort to decrypt the data. Alternatively you may need to restore that data from backups taken before the ransomware incident occurred, in the process losing recently written data. Clearly, neither of those solutions is particularly appealing.

It goes without saying that here are a number of other important administrative IT tasks that require attention, but if you’re not doing one or any of the above then the chances are that you’ll suffer some pain as a result at some point. Now may be the time to review your thinking when it comes to IT.



“ITomica's employees have supported our business efficiently and effectively for a number of years.  We have always found them to be professional and highly competent, and would not hesitate to recommend ITomica.”

IT Manager of a Clinical Researc...

Contact Us

You can get in touch with ITomica using any of the following:

Phone 0330 111 8970

Back to Top