February 17, 2009, 11:10 AM PST
Takeaway: Small businesses must concentrate their time and energy on knowing their own industry — and that often means that effective technology practices get overlooked. Erik Eckel explains the most common tech missteps he’s encountered, along with preventive measures to protect businesses and prevent serious problems.
Small businesses must concentrate their time and energy on knowing their own industry — and that often means that effective technology practices get overlooked. Erik Eckel explains the most common tech missteps he’s encountered, along with preventive measures to protect businesses and prevent serious problems.
In today’s microwave society — in which just-in-time manufacturing models, heightened customer expectations, and 24×7 accessibility demands burden both manufacturers and service providers — little time remains for much else. Small businesses often don’t have the resources or inclination to track the latest computer news, security threats, or even common break/fix tips. And not all small business owners are adept at maintaining best technology practices.
As a result, small businesses frequently make certain technology mistakes. Here’s a look at these mistakes, along with specific steps IT consultants can take to assist small businesses in correcting these common failures.
Note: This article is also available as a download, which includes an annotated PowerPoint presentation based on this information.
#1: Insufficient technical support
Many organizations go without technical support, relying instead upon an employee whose love of Warcraft may make him or her the local office “computer guru.” Other organizations may depend upon a staffer’s friend or relative (who’s “interested in computers”) to provide technology advice or assistance when critical systems fail or slow unacceptably.
Some turn to their hardware manufacturer’s telephone support line for help, only to be disappointed when the solution to many problems proves to be performing a reinstallation (thereby resulting in the loss of all the business owner’s data). Some rely upon a big box electronic store’s service arm, never receiving the same (novice, often undereducated, and inexperienced) technician twice. And still others locate a student or individual who provides computer support “on the side.”
These support methods are not cost-efficient. Nor are they effective information technology investment, troubleshooting, or administration options.
Small businesses need knowledgeable, trusted technology partners who are proficient with current technologies and willing to help learn their industry’s operations requirements. Once a qualified technology expert is familiar with a client’s needs, appropriate services and solutions can be recommended and deployed. The result is almost always more cost-effective, more efficient, more profitable operations for the client.
#2: Hardware/software issues
Smart organizations set PC service lives at three or four years. There’s a reason.
“When you look at costs — particularly around a four- to six-year lifecycle — it may seem like you are saving money,” says Info-Tech Research Group analyst Darin Stahl. “But really it’s costing you.” That’s because support expenses increase. Retaining PCs longer than three or four years often results in repair and support costs that meet or exceed the price of new systems.
This is the second common tech mistake businesses make: They fail to standardize hardware components and software applications, where possible. The result is a mishmash of components that complicate troubleshooting, repair, and deployment and require companies to support a variety of programs with different license terms and renewal dates. Incompatibilities often result.
Worse, older and obsolete hardware is less efficient, increases downtime likelihood, feeds staff and customer frustration, endangers sales, and threatens other lost opportunities.
Small businesses can overcome common hardware and software issues by:
- Retiring equipment at proper lifecycles, typically three to four years.
- Standardizing hardware components.
- Standardizing software applications.
- Working with an IT consultant to leverage vendor relationships and reduce costs/negotiate more attractive pricing.
#3: Insufficient power protection
A single power outage, surge, or spike can damage expensive electronic components and result in critical data loss. Consistent surges and brownouts, meanwhile, shorten the lifespan of computers, printers, network components, and other equipment.Many businesses deploy simple power strips. Others continue depending upon surge suppressors deployed five and even 10 years earlier. When thunderstorms, electrical outages, and other disasters strike, the damaged systems and corrupted or lost data — not to mention downtime — resulting from insufficient power protection prove costly.
Organizations should deploy quality battery backup devices (with built-in surge suppression) for all critical desktop PCs. Further, technology professionals should connect all servers to uninterruptible power supplies and test them regularly to confirm adequate failover protection is in place.
When deploying battery backups, businesses should properly install and configure corresponding cables and communications software. Network protections should be leveraged whenever possible, as well, in attempts to remediate cable modem, DSL, and other surge sources that can destroy telecommunications and computing equipment.
Since surge suppressor quality varies, organizations should purchase such equipment from trusted vendors. And since surge suppressors (and batteries) wear over time, businesses should replace them regularly.
Simple power strips should be avoided whenever any computer, server, network device, or other important component is present.
#4: Illegal software
Possessing illegal software may be the easiest trap into which many organizations fall. The issue is widespread (the Business Software Alliance estimates 22 percent of all North American software is unlicensed), making it our fourth common tech mistake plaguing small businesses.
Certainly, licensing issues quickly prove perplexing. The differences between OEM, retail, and open license software escapes the understanding of many business owners. Yet manufacturers are becoming more aggressive in locking down licenses (via product activation technologies) and prosecuting offenders (often via the BSA, which has collected more than $81 million in settlements).
Many organizations don’t recognize they do not “own” software, since programs and applications are commonly licensed. Worse, some firms use “borrowed” applications or pirated programs. Problems arise either in the form of audits and penalties or challenging delays (due to product activation conflicts and other licensing issues) when returning failed systems to operation.
Businesses must understand there are no shortcuts to running legitimate operations. All software, applications, and programs must be properly licensed.
With more manufacturers implementing product activation features, in which software programs report their installation and usage back to the manufacturer, overuse or outright piracy is becoming more difficult or impossible, anyway. But violations still occur.
Businesses can protect against licensing errors and penalties, and help ensure the fastest recovery times when failures occur, by carefully documenting and tracking all software license purchases and deployments.
Further, software licenses (including for operating systems, business line, and office productivity applications, accounting programs, security tools, and other utilities) should be purchased only from reputable technology partners. License sales on eBay that look too good to be true are.
Finally, when installing new programs, organizations should pay close attention to the license agreements they accept.
#5: Insufficient training
Mention software training in most any conference room, and you’re likely to hear groans. Boredom, bad classroom experiences, lack of interest, or complexity all contribute to employees’ resistance to learning new applications. But that doesn’t change the fact that insufficient training ranks as the fifth common tech mistake impacting small businesses.
How bad is it?
It’s estimated that office staff understand less than 20% of the available features in the software applications they use. That means 80% of the features, time-saving capabilities, and cost-reducing functions remain unused.
Gross inefficiencies result. As a consequence, many processes — including repetitive data entry, complicated calculations, and automated data selection and reporting — are completed manually, which introduces a greater likelihood of errors entering the process.
Tasks that could be completed in moments often consume exponentially more time. Considering that many of those tasks are repeated each business day by multiple workers, it’s easy to see how the costs quickly become significant.
Most small businesses don’t employ full-time trainers. Therefore it’s imperative that small businesses identify technology partners, training centers, or other programs that assist staff in maximizing software applications.
Even when training resources are present, there’s no guarantee staff skills will improve. For that to happen, businesses must make computer and software training a priority. Tap technology partners or other consultants to conduct regular lunch-and-learn sessions. The business can spring for lunch and, for a few hours of consultant’s fees, expose entire departments to important new features and capabilities.
An organization’s technology training commitment can be reinforced using performance reviews. Businesses can add specific course, off-site training, and even certification requirements to staff education programs and performance review objectives. When partnering with a local training center, businesses can create customized instructional programs or select prepackaged modules.
Organizations with limited budgets, meanwhile, can leverage self-paced instruction manuals and computer-based training aids to assist employees in improving their skills after hours or in their own homes.
#6: Security failures
Small businesses frequently fail to accommodate security issues. Organizations either don’t recognize the risks or don’t take them seriously.
The costs are staggering. Large U.S. organizations lose some 2.2% of their annual income due to security attacks, according to an Infonetics Research “Costs of Network Security Attacks” report. That’s expensive. The FBI estimates such computer crime costs U.S. industry in excess of $400 billion.
Organizations don’t need to have a high profile to become a target, either. Hackers have created innumerable automated programs that scour the Internet 24 hours a day, 365 days a year, seeking poorly secured systems, servers, PCs, and networks to infect and exploit.
Unfortunately, businesses everywhere are falling victim to compromised systems, robotic attacks, identity and data theft, and more. Organizations that fail to properly secure client and customer data often find themselves in the middle of security crises that result in bad press, lost sales, and forfeited customer trust.
Fortunately, completing simple steps assists small businesses in preventing security failures. Here are several best practices all organizations should adopt:
- Implement and enforce strong password security policies for all PCs, servers, network equipmen, and software applications.
- Regularly update operating systems, network equipment firmware, and applications with the latest security patches.
- Deploy business-class firewalls in all locations; connect no systems directly to the Internet.
- Secure all wireless networks.
- Disable guest accounts.
- Implement Internet and e-mail usage policies that preclude personal use of those technologies.
- Prohibit file-sharing programs.
- Deploy proven antivirus, anti-spyware, and anti-rootkit applications and update them regularly.
- Regularly perform security audits and correct all deficiencies.
#7: Poor backup strategies
Despite numerous choices, methods, and options, many organizations fail to adequately back up data — a mistake that can be unrecoverable.Statistics reveal there is a 50% chance an organization will cease operations immediately when critical data is lost. Worse, an organization’s odds of failure rocket to 90% within two years when critical data is lost. Data losses cost an average of 19 days’ productivity. Recovering data from damaged disks, meanwhile, is incredibly expensive.
Even organizations that believe their data is properly protected may find themselves at risk. Occasionally, incorrect data (as in the wrong data) is backed up. In other cases, tape backups prove unreliable. (Gartner Group estimates only half of all tape backups restore successfully.) Fortunately, small businesses can follow simple steps to securely protect their data.
Since data backups are so critical to an organization’s livelihood, small businesses should work with proficient IT consultants or technology partners to ensure the right data is being backed up and that it’s being backed up as frequently as required. In addition, technology professionals should regularly test backup sets to confirm the data can be recovered in its entirety.
Consultants can work with small businesses to determine what data, files, and information should be backed up, how often to create the data sets, where to locate the backups, and how often to test the sets’ integrity. Consultants also prove invaluable in updating backup routines when software upgrades, migrations, and other updates change critical file locations. Further, technology professionals can ensure business data remains secure, which is a critical concern for physicians, financial institutions, and even retail outlets.
#8: Virus exposure
Viruses not only remain a major threat, but their dangers are increasing. The BBC reports that unprotected PCs become infected within eight seconds of being connected to the Internet.
Infections are proving expensive, too. In the book The Dark Side of the Internet, author Paul Bocij estimates the average virus incident costs organizations $2,500 in remediation and data recovery expenses. A report by ICSA Labs places businesses’ costs even higher (at $99,000 per incident).
And the numbers, varieties, and types of threats only increase. Malware programs are evolving at such a clip that many security software vendors have eliminated daily updates in favor of distributing patches every four hours.
Often, businesses and users simply fail to implement protection. A survey conducted by the National Cyber Security Alliance revealed that 67% of the respondents did not have up-to-date antivirus software. Worse, some 15 percent had no antivirus application installed.
#9: Spyware exposure
Before we address virus solutions, let’s visit spyware, which is an equal threat — and potentially even more daunting.
Spyware differs from viruses in its nature (spyware typically aims to track user behavior, collect user information or sensitive data, and display unwanted advertisements, whereas viruses often destroy data, corrupt systems, or enable hackers to remotely control a system). But spyware’s business impact has reached epidemic levels.
The respected trade group CompTIA estimates spyware infections require two-and-a-half days to resolve and cost small and medium-size businesses $8,000 a year, which doesn’t factor lost revenue. As evidence businesses aren’t doing enough to protect themselves from the threat, CompTIA pointed to the information its research recently uncovered. More than a quarter of business users reported their productivity suffered as the result of a recent spyware infection, and more than a third reported being infected multiple times within the last six months, with some reporting being infected as many as 10 times!
No virus or spyware strategy is foolproof, but most technology consultants recommend the following steps:
- Install reputable antivirus and anti-spyware applications.
- In high-risk environments, a second standalone anti-spyware application is warranted.
- Regularly update antivirus and anti-spyware programs.
- Do not let antivirus and anti-spyware program licenses expire.
- Perform regular automated antivirus and anti-spyware scans.
- Regularly review security program log files to confirm proper operation.
Further, businesses should avoid deploying “free” security products in businesses. These products are often deployed in violation of the license agreements (which require licensing the software in businesses, academic facilities, and nonprofit organizations) and don’t support frequent updates, real-time protection, or automated scans.
#10: Unsolicited E-mail
Most every business and user is familiar with the problem of unsolicited e-mail, also known as spam. Spam messages have become a serious issue, particularly for small businesses that often misunderstand the problem and fail to take effective countermeasures.
The Radicatti Research Group estimates spam costs businesses more than $20 billion a year. Further, almost half of all e-mail is estimated to be spam.
Thus, small businesses are investing valuable time, money, and system resources processing, delivering, and even storing these unsolicited e-mail messages. In addition to lowering productivity (staff must regularly sift through hundreds or more junk mail messages, deleting the spam, in search of legitimate e-mail), spam takes a toll on an organization’s servers and workstations, which often must dedicate processor cycles, disk space, and backup media to untold gigabytes of unwanted mail.
Technology consultants wield several weapons in the war on spam. In addition to network filtering software, consultants can deploy server-based spam protection. Some organizations choose to outsource e-mail processing to a vendor that can monitor e-mail streams and filter out unwanted messages.
But such filters can generate false positives. And they’re not cheap. Therefore, it’s often a good idea to begin by adopting effective methods for managing unsolicited e-mail messages. Here are several first steps all e-mail users and small business owners may take to minimize spam:
- Do not publish e-mail addresses in plain text on Web sites; instead use form-based tools that prevent robotic harvesting.
- Avoid forwarding chain e-mail messages.
- Ignore credit repair, get-rich-quick, and other common e-mail solicitations.
- Use reputable e-mail filters (such as those included in Microsoft Outlook, Google Gmail, and other programs).
- Read all terms before ever submittin
- g your e-mail address to another party.
- Review privacy policies before ever providing an e-mail address.
- Consider creating a free e-mail account (Yahoo, Hotmail, Gmail, etc.) for submitting to third parties.