We are often asked what are the most common issues that businesses should be aware of and engaged with when managing their IT, particularly by start-ups or companies who feel that they, or others, haven’t been paying as much attention to as maybe they should have been to their IT. With that in mind we’ve distilled our most commonly discussed issues over the years into some simple but good general advice, listing the ‘Top Ten things’ that you should really be on top of.
This top ten does not represent a definitive list of essential or critical actions, however in our experience these are the things that usually deserve more attention in small to medium sized businesses that do not have a professional IT department.
They are mostly security related as this seems to be the area which was the highest priority to address, but had the lowest ‘share of mind,’ of clients that we have taken on board over the years. If all you took away from this article is an awareness and appreciation of the issues touched upon, and if it encourages you to follow up in critical areas like backups and security with those who are responsible for them, then you will already have made some significant progress towards getting to grips with your IT.
In fact, if all you do is develop an awareness about the general importance of backups, security and good documentation then you will have already touched upon the main cornerstones of good IT practice. We cover each of the following topics as well as many others in more detail in other posts on our blog.
The Top Ten IT Issues
The following will help raise awareness of the most important issues you will encounter and whereas it won’t automatically give you a sound understanding of IT best practices, it will help you navigate the most common and obvious IT pratfalls.
Backing up your data is the most important thing you can do. It’s probably the least glamorous part of any IT administrators’ job, but making sure that the precious data assets of your business are appropriately backed up, and that they can be reinstated with the minimum of data loss, delay and disruption is without question the cornerstone of all good IT practice.
Many companies we have taken on board had unfortunately previously adopted the attitude that, because they have not been compromised or that their security has not been obviously breached, that they are doing okay and don't really need to change anything. It takes quite a while to point out to them that maybe they haven't been compromised yet, but that on a long enough time-line most companies that don’t pay attention to IT security issues or that don't have policies, engage in user training or promote awareness of IT security issues eventually succumb to an unfortunate incident. A simple scan of the current press shows that the incidence of cyber-attacks is on the rise and they are growing more and more sophisticated, and successful, every day.
One of the quickest IT security wins you can implement is to write and issue a clear and effective IT policy. No matter how simple, it should clearly set out the do's and don'ts of using the company's IT systems - and the penalties for breaching it. Too often we are called in to remediate the consequences of what would have been a breach of a generic IT policy. The end result is either compromised IT systems, data loss or theft or sometimes a breach of internal security leading to sensitive information leaking into the wrong hands.
Document everything. It’s the overview you need and the end result of nearly all of your endeavours, and without it you really can’t carry out your responsibilities in managing and supporting your IT effectively. Every aspect of the management of your systems is facilitated and improved by accurate and well-maintained records.
If you currently do not have an internal IT resource and are struggling to stay on top of your IT issues and support, it is strongly recommended you consider outsourcing your IT to an external provider. With the right partner, once you have completed the difficult and potentially stressful selection process and brought them on board it will make day to day life a lot simpler. Finding the right partner is key, of course.
There is no denying that the march of the cloud is apparently unstoppable. It will, for many small to mid-size companies, eventually come to represent a significant force to be reckoned with both for how they consume their IT and telephony services and licence their software. Already many systems and software providers have stopped providing versions of their software and services that you can install on your own IT and run in house. It seems to be that the march towards a largely or completely cloud-based infrastructure is inevitable with all of the major software and systems houses investing heavily in moving their products to a web-based platform for both ease of maintenance and, from their perspective, a move to a steady and regular subscription-based revenue model. Moving some or all of your IT to the cloud does compelling case however, in terms of both managing your costs and reducing complexity.
Having a sound password policy is the most fundamental IT security practice that you can implement. Ensuring that your passwords are sufficiently robust and changed with an appropriate frequency goes a long way to ensuring you safeguard against unauthorised access to your systems, both internally and externally. Additionally, there are more complex ways you can choose to authenticate your users to provide added layers of security for your systems.
When we first started working with the vast majority of our clients, they didn’t have any form of strategy or plan for their IT or any form of budget or allocated expense to invest and manage their infrastructure. IT costs were seen as being purely reactive, and a necessary evil, where items were replaced as they broke or where systems were invested in when users complained loudly enough, or when the loss of productivity was too great to ignore. Companies were usually more receptive to a more considered or planned way of working after some disaster with their systems. More often than not by then it was too late, and the true cost of whatever had occurred vastly outweighed whatever outlay it would have taken to manage their systems properly.
One of the easiest and most often overlooked ways to keep your systems secure is to make sure that you keep all of your software on your servers, desktops and laptops patched and updated. This also includes things like your network devices which are very often forgotten about. Firewalls, switches, routers and networking equipment - these items don’t usually have an easily accessible administrative interface like servers or PCs which can put people off maintaining them. They run their own operating systems (or 'Firmware') and the companies that produce them frequently release patches and updates to enable them to remain secure, fixing bugs or adding new functionality.
One of the greatest mistakes made in IT is assuming that once you have addressed any IT issues at a particular point in time that the job is complete. The world of IT is in a constant state of evolution and flux, and your own IT is no different. Changes on your network may introduce security vulnerabilities, or changes in legislation may affect your responsibilities and duties - the cycle of reviews, audits and general navel gazing that surrounds successfully managing your IT never ends. Both external and internal factors will influence the necessity of reviewing your systems, policies and records on a regular basis.
There is a lot more to successfully managing and maintaining your organisations ICT than the items mentioned above, however these are the most common and important issues we have addressed in the past when taking on new clients. They are also the good habits we try to instil in start-ups. The cost, in terms of money and time, it takes to put things right when things go awry is always more than the effort it takes to stay on top of things. As they say, there never seems to be time to do it right, but there always seems to be time to do it over again – and to deal with the consequences of only ever managing your IT reactively. It’s much better to stay ahead of these issues – and once you are, staying there isn’t difficult at all.