According to the National Cyber Security Alliance, 60 percent of small and midsized business that are hacked go out of business within six months. Many IT issues, both large and small, are self-inflicted wounds. Whether the issue stems from a lack of end-user understanding, trying to take a short cut or one simple mistake, the issue was most likely avoidable. Here are the top 5 biggest IT mistakes for small to medium businesses.
Skimping on Security
It can be easy to be lulled into a false sense of security because network security can be such an out of sight, out of mind part of your network.
Here are a few examples of security measures you may have put in place:
- Installed antivirus (AV) for all your endpoints
- Updated your firewall a few years ago
- Require end users to reboot their computers daily so important windows patches can be installed
- Staff was given the proper training on how to identify and avoid phishing emails
While each of these are great pieces of your network security, taking only these measures might not be enough. If someone isn’t making a point to manage network patches and antivirus updates or there’s a mix of AV brands being used throughout your network, it can be just as risky as not having AV at all.
Most network breaches are caused by internal factors, for this reason, end-user education is a necessity. If your staff isn’t aware of all the signs to look out for when it comes to security risks, it’s easy for them to make a small mistake that could turn into a much larger problem.
Physical protection is also important for securing your network. Does it get hot in the server room? Let’s say you prop the door open to allow cooler air to circulate into the room. You may have solved the problem of keeping your server from overheating, however, you’ve opened it up to theft. Proper physical security is crucial to maintaining a secure network.
A data breach could result in a loss of customers, as well as damage your company’s reputation. It’s not always possible to cover up a ransomware attack. For example, in March 2018, the City of Atlanta was attacked. Cybercriminals demanded $51,000 in bitcoin. The city refused to pay the ransom. As a result, the city paid approximately $17 Million to recover from damages and prevent future attacks.
It’s imperative to ensure your network is secure from internal and external threats, daily.
Incomplete Data Backup
Ask yourself, “What is my tolerance for downtime?”
Most companies are dependent on technology in almost every part of their business, so it’s unlikely that your organization could survive very long without it.
How is your organization backing up data? Some companies use backup tapes, however, it’s important to test those tapes regularly. If your tapes fail, your company could lose months’ worth of data. Additionally, if you are backing up data, but not the server hardware itself, if an attack occurs it could take at least a week to order, rebuild, load and set up a server so that the data has somewhere to go.
Even if you have a backup that has been tested and can be used for a restore, you might not be backing up all data in the organization. Your end-users, the knowledge workers who make your business run, could be storing files on their computer rather than a network drive that is being backed up regularly. If their computer gets the “blue screen of death,” all that data could be lost.
Technology changes constantly, as do your company’s requirements for technology. For companies that have in-house IT staff, the rapid changes in technology can become a problem. It’s difficult to stay informed on everything that is going on with the outside world when your focus is putting out fires just to keep your network secure and available.
If the company grows and the IT staff doesn’t, the staff can get overwhelmed by help desk issues. With the many disparate software platforms and infrastructure needs, you are asking on-site staff to be a jack of all trades but a master of none.
Issues happen when regular maintenance and network assessments get pushed to the side because whatever is “on fire” that day requires all the attention. Even companies that pay for outside consultants on projects or large issues are spending their time being reactive rather than strategic.
Failure to Plan
Failing to plan is planning failure. As technology changes, it’s important to look for ways to align it with your business objectives. If it isn’t already, your organization will become dependent on technology. Without a solid plan in place, this technology can become a hindrance to growth.
Everything becomes an emergency without proper planning. Not having a plan can kill employee productivity and threaten business continuity. At a minimum, it’s a good idea to have an outside assessment of your network. The assessment will check for possible security issues and assist in creating a plan.
Opting for the Cheap Route
Cost avoidance is an easy way to waste a substantial amount of money. As a rule of thumb, cheap technology isn’t good, and good technology isn’t cheap. That goes for hardware and services.
Many businesses rely on technology to do the most basic functions, so why take a chance on a worst-case scenario when it can be avoided. Most people who make decisions based on price are not considering the cost. If you take into consideration what you lose in employee productivity, the costs of downtime can be staggering.
If you have 70 workers averaging $35 an hour (fully burdened labor rate), and your network is down for 3 hours, that could cost you $7,350 in lost productivity. Not to mention the cost to repair the issue and other hidden costs. If you were unable to get $10,000 in invoices out because of the issue, you are lengthening your cycle time to payment. How much does it cost you to not have that $10,000 for an extra day? Don’t let the price distract you from the long-term cost.
A great way to ensure your organization is secure is with a Managed Network Services provider. Learn more about if Managed Network Services would be right for your organization, in our blog, “Should You Outsource Your IT Department?“