You may have heard that around half of new businesses fail during their first year. While this isn't exactly true, there are still many mistakes small businesses make...
Top 5 IT and Security “Oopses” From 2022
...and how to Avoid These IT Mistakes in 2019
No IT strategy is ever certain – business leaders make plenty of well-informed assumptions about the future of information technology, only to find out that the future takes a different turn. This year, everyone made plenty of assumptions about the cloud, the IoT, information security, and more. What did businesses get wrong – and how will we fix things in the year to come?
Mistake #1: Assuming the Cloud Has Been Figured Out
If all you need is something like Dropbox – a central repository where you can access your work docs when you’re offline – then yes, the cloud is for you. If you’re talking about something like the cloud version of a resource-intensive line-of-business application – your ERP, your CRM, your payroll – then it’s time to start asking questions.
For example, reliability may be an issue. If your internet connection is spotty, then any downtime will mean that you can’t perform vital business functions. Even worse, some vital applications – such as SAP’s S/4HANA – simply don’t work well as SaaS apps. If you don’t need to travel often and don’t have branch offices, you may consider that there’s not a current need to switch to the cloud and risk using a less-reliable application.
There’s also cost to consider. The bottom-tier, consumer-grade versions of popular cloud apps are usually free. As your usage increases, you’ll be asked to subscribe. The more you use the app, the higher your subscription tier. At some point, your monthly cost of using the application may be higher than simply purchasing a hosted application outright. Whatever the case, be sure to think through the pros and cons of moving to the cloud before making one big move.
Mistake #2: Purchasing Applications Before You Understand Them
When it comes to technology, it’s common for business leaders to purchase first and ask questions later. Questions like, “how do we use this technology we just bought?” You might know that you have a business need for CRM, for example, but if you don’t know how to integrate your chosen CRM into your existing systems, you’re going to have problems.
Here’s how this might play out. Say you purchase a new CRM, such as Salesforce. All your old customer data is in an external database. As of right now, there not be a way to simply import that data right into Salesforce. Based on the age, size, or complexity of your database, however, you may not be able to find an integration service that works with your database. What do you do?
We’ve only chosen Salesforce as one example – this situation might happen with any number of tools. Here, your best recourse is to work with an IT integrator that can help you evaluate your options and think through the physical or cloud resources needed to run that application and to evaluate how the new technology or application can streamline processes already in place. Evaluating how the technology impacts the business – before buying the new technology and trying to fit a square peg in a round hole – will keep your operations running smoothly and your employees productive.
Mistake #3: Failing to Consider Cyber Liability Insurance
Here’s our least favorite statistic in the entire IT and security industry: 60% of small businesses will fail within six months of a successful cyber attack. Typically, the costs of recovering stolen data, the reputational cost to the business, and the costs associated with fines for HIPAA and PCI-DSS violations will all conspire to make the business go bankrupt.
Cyber liability insurance can help small businesses defray the expense of cyber attacks, but only 21% of small businesses have purchased a standalone policy. While there are justifiable worries about the cost of these policies, SMBs should have an open discussion about whether to purchase a policy.
If you store SSNs or health records, process credit card transactions, or are storing sensitive information (HR records, M&A records, other financial data) cyber insurance might be worth the expense. In these cases, some organizations are automatically subject to regulations that would fine the company for leaving this data unprotected or allowing it to be stolen. Cyber liability insurance is there to protect certain businesses when needed. Failing to buy or not buying is a discussion that is best had with your technology integration partner. Don’t get caught unprotected.
Mistake #4: Leaving the IoT Open to Attackers
The internet of things is a fashionable technology. Your office might have any number of gadgets, such as a smart thermostat, a voice assistant, or a networked security camera. Bringing these devices into work, or even into your home, represents a huge potential security risk. 80% of IoT applications and associated devices are unsecured – meaning that they are left unpatched, unmonitored, and unprotected by a firewall. Given that many IoT devices ship with vulnerabilities that are undetected on the day of their release, there are decent odds that you could be hacked via your thermostat. Security monitoring on both the business network and any external devices that have potential links to any business data is a job for the professional. Talk to your IT team or 3rd party integrators on how to secure every point of vulnerability and enjoy the benefits of IoT.
Mistake #5: No Plans for Continuous Improvement
One of the most common critiques of information technology – from enterprises down to SMBs – is that companies spend more time maintaining their existing technology than they do improve it. This is how companies miss out on innovations like automation, DevOps, and containers – because they’re spending all their time trying to support a server that still runs Windows Server 2003.
Good IT services continually improve. To keep up with the pace of technology and keep up with their competitors, business IT departments must set goals for continuous process improvement. This month’s goal might be reduced downtime. Next month’s might be improved security. Next year’s goal might be to end-of-life your legacy hardware. There’s no such thing as “good enough” when it comes to the technology you use to run your business.