Three IT must-haves to keep a small business running smoothly

BY BILL ABRAM

Navigating the technology landscape can be overwhelming for small business leaders.  With IT playing such a significant role in day-to-day business operations, it is important for businesses to do their due diligence and consider three key components of small business IT: security, policies and disaster recovery.

How will I keep data secure?

Keeping sensitive business information safe should be among an organization”™s top priorities. Start by examining how passwords are being stored.  A hard copy of passwords for banks, credit cards and other highly confidential information should be stored securely and locked up at night.  A sealed copy of this file can be provided to a trusted advisor, such as an accountant or attorney, in case of an emergency.  Passwords should not be stored in spreadsheets and on drives accessible to all employees.

When creating passwords, companies should steer clear of the obvious.  ESET, an antivirus solution provider, reports ”˜password”™ and ”˜123456”™ are the two most common passwords.  While online tools such as Lastpass can help to create more complex and secure passwords, they still need to be updated regularly.  In addition, the same password should not be used to access multiple accounts.

In addition to safeguarding account information, businesses should also consider protecting their files.  Certain information ”“ human resources files and company financials, to name a couple ”“ shouldn”™t be stored on public drives accessible to all staff.  These files are best stored on password-protected drives that are accessible only to key individuals, such as the company president, CEO/CFO/COO and/or director of human resources.

Beyond creating strong passwords and restricting access to sensitive files, small businesses can help keep data secure by having employees log off of their computer each evening and setting work stations to automatically lock after 15 minutes of inactivity.

Does my small business need a BYOD Policy?

Security measures should not apply only to devices used and accounts accessed from within the office.  They should also encompass personal devices that employees use on- and off-site to conduct business ”“ think smartphones, tablets, personal laptops/desktops, and so on.  For example, if an employee uses his or her personal smartphone for business email and the device is stolen, anybody can access those emails unless the device itself is password protected and has a lock screen.

Starwood Hotels and Resorts Worldwide, Inc. recently released a survey of 6,000 business travelers and found that 73% of respondents used mobile devices to stay in touch with the office when traveling.  As the number of professionals using personal devices for business continues to rise, business data becomes more susceptible to a security breach without a BYOD (Bring Your Own Device) policy in place.    A BYOD Policy should clearly outline rules for using personal devices for business and employees should be required to both read and sign off on the policy.  The policy should specify what devices can and cannot be used for business as well security and acceptable use policies. 

How will my small business respond to a disaster?

Oftentimes, clients will ask “Does my small business need a disaster recovery plan?” The answer is always “yes.”Â  This isn”™t about planning for a global disaster or outside attack.  It”™s about planning for local disasters, such as snowstorms, flooding and power outages.

Despite the average small business losing $150,000 per year due to downtime according to a recent InformationWeek article, Gartner estimates that only 25 percent of small- to mid-sized businesses have a comprehensive disaster recovery plan in place.

Before creating a plan, small business owners should consider how they will respond to any of the above situations and whether or not employees will be expected to work remotely (if possible) following such an event.  Consider:

• Is your server is in a secure environment?
• Is there backup power at the above location?
• Do employees have the ability access files from mobile devices?
• Have employees tested their ability to log on to the network and access files from these devices?

Answering these questions will lay the foundation for what will be included in the disaster recovery plan.

When assessing your small business”™ IT needs, be mindful of long-term business goals and IT”™s role in supporting these goals.  IT solutions are not “one size fits all” and small businesses need to take the time to identify their priorities and work in partnership with their vendor to achieve these goals.

 

Bill Abram is founder and president of Pragmatix Inc. (pragmatix.com), a leading technology firm that helps nonprofits, corporations and small businesses use information technology to improve business performance. Bill can be reached at billa@pragmatix.com.