Category Archives: General IT

Is your small business IT a V.U.C.A. environment?

V.U.C.A. is an acronym the military (and others) use to describe an environment that is: Volatile, Uncertain, Complex and Ambiguous. While the military uses this term to describe what can happen in war and battle, it also describes what can happen in business IT.

What does V.U.C.A. look like in IT?

Volatile

Webster’s defines volatile as “likely to change in sudden or extreme ways”.

In IT, things occur unexpectedly. Hard drives fail. Fiber cables are cut. 3rd Party vendor API’s change. Prices increase. Hackers hack. The power goes out. Routers are mis-configured. Owners change their mind. Web servers go down. Developers break the build. Owners change their mind some more. Your biggest customer cancels a contract. All of these can occur randomly and without warning. And each can have a great impact on the life of the IT manager or director.

Uncertain

Uncertain means “not exactly know or decided, or not definite or fixed”.

Users think they know the requirements but then they are not sure. They waffle. They change their mind. They decide they don’t need th 5 screens you built for the last sprint. They are not sure what the screen forms need to present to the end user. The client can’t make a decision on the database implementation. The business owner flip-flops on system design issues causing the team to whipsaw. Key vendor software updates are delayed and you don’t know when they will be delivered which impacts your sprint planning. The higher the uncertainty the less likely we can move forward confidently. High uncertainty makes it difficult to act decisively.

Complex

Complex is a “group of things connected in complicated ways”. Surely the editors at Webster’s were thinking of IT when they wrote that definition.

The small business environment is growing more complex all the time. Every department has online tools, software, services, API’s, databases, reports, virtual and real servers, user compute devices and on and on. The inter-connectedness and dependencies require dedicated effort and skill to comprehend, troubleshoot, maintain and improve.

Ambiguous

Ambiguous means that something has “more than one meaning”. To quote Steve Jobs: “Customers don’t know what they want until you show them”. Frankly neither do most project managers, product owners or anyone else designing  a system or process. What you are told to do by the client, customer, owner or other person in charge is usually just a vague notion, leaving the technical team to fill in tons of details. Clarity is an illusion in most every project.

 

Now What?

Does this describe your IT world? I am sure that more than one of the scenarios above struck a chord with you. Maybe a lot of them.

In my experience this describes the state of most small business IT.

So what can the dedicated IT professional do in order to still make progress and serve their customers? How can you bring some order and certainty to your IT world in a VUCA environment?

It turns out there is a lot you can do and we will cover those in the next post.

The single biggest IT risk in small business and 9 ways to deal with it

The dependence of small business on IT systems and the people who run them increases continuously. Whether the accounting systems, corporate web site, inventory system, the online shopping cart, marketing automation, email servers, the customer management system, internal database servers, manufacturing automation servers and the like. The list goes on and on. Without those IT systems, business grinds to a halt. And without the people that maintain them, you risk business grinding to a halt if something goes awry. IT systems have loads of risk vectors. Hackers, Malware, viruses, ransomware, hardware and software failures and the like.

However those don’t create the biggest risk a small business owner has with respect to IT.

The biggest IT risk a small business owner faces is being unprepared for the loss of a (or the) key IT person or key software developer.

Examples of the key person(s):

  • The developer who wrote the code for the product.
  • The sysadmin who knows all the configuration and passwords.
  • The director who knows where all the vendor logins are including the payment processors.
  • The development architect who knows how all the systems fit together and where the vulnerabilities are

Losing any of these types can be hard on a small business. If your business has several of these people in one person then you are at a HUGE risk if that person walks.

What can you do to mitigate the impact if that key person is gone?

Here are 9 steps that can help when that happens.

System configurations backed up

Make sure that the existing staff has backups of key system configurations saved in a known location. Firewalls, key routers, switches, IP addresses of networks and servers and other company configuration setup should be saved in a known and agreed to place that the owner knows about and understands how to access. This should be also documented.

Login/Password locker

It is wise to use a corporate password locker such as 1Password or Lastpass. Key system passwords should be stored here with the master password to the locker available to the owner.

System diagrams

Simple block diagrams should be in a known location that diagram key systems, how they are connected, where they are located etc. This will enable the owner to help locate systems in case an issue arises and will help them direct new personnel or vendors when repairs or service is needed.

Key 3rd party vendor information

A list of all 3rd party vendors that are used by the IT / Development teams should be kept in a known place. Contact information for the account representative, as well as services provided and key contract or agreement details.

Backup locations

The locations of on-site backups of systems should also be documented. Additionally off-site backup locations and / or vendors should be detailed in the 3rd party vendor section.

Process and procedures and site/documents

The owner should know the processes used to get IT and development work done, including how to deploy system updates for key servers, web sites and online apps. If for no other reason than to train the replacement employee.

Monitoring Notifications

If your company uses automated monitoring such as Icinga or similar, then the owner or replacement personnel need to be added to the notification list.

Job Descriptions

A documented set of job descriptions will help in the hiring process after the key person leaves. This will give the owner more detail on what the key person does, and the attributes and skills needed in a replacement employee.

System/Content Deployment steps

The steps, logins and other necessaries required for making site or system updates to key systems need to accessible and understood so that another employees or the owner could execute them or show them to a contractor in a pinch. You may think this is far fetched but if something happens you want to be able to update content and code if needed.

Final Thoughts

As part of your on-going training and planning it would also benefit the company to conduct a risk and vulnerability assessment so that key risks are known and can be planned for. Additionally, transitions can be planned for as well with succession planning as part of leadership/career development and key employees being cross trained regularly. Finally, the owner should audit these areas periodically to validate readiness and expose weaknesses.

The above 9 steps won’t eliminate the pain of losing a key employee but they will enable the business to move along and speed the on-boarding process of the replacement. The wise small business owner will do well to track and keep up with these areas.

 

Why your small business IT is like a Johnny Cash song and what to do about it

In 1976, Johnny Cash released a song called “One Piece at a time“. The song chronicles a GM assembly line worker who builds a Cadillac by taking one piece of a car home each day. Then one day, with enough accumulated parts, the car is put together. When asked what model the car is the reply in the song is:

“Well, It’s a ’49, ’50, ’51, ’52, ’53, ’54, ’55, ’56
’57, ’58’ 59′ automobile
It’s a ’60, ’61, ’62, ’63, ’64, ’65, ’66, ’67
’68, ’69, ’70 automobile.”

You may be wondering what does this have do to with IT and small business?

Well, a lot. Small businesses typically builds out their IT systems the same way as the assembly line worker in Johnny Cash’s song, one piece at a time.

A growing small business is on a treadmill of changing technical needs. The owner has to buy what’s needed when its absolutely necessary and usually can’t afford a gold-plated build out up front. This, after several years of growth and internal system iterations, results in an IT system that resembles the car in “One piece at a time”.

The small business ends up with a whole collection of equipment, software, web service subscriptions, printers, phones, cables that are not labeled, hard drives, switches, WiFi routers and all kinds of other techno-detritus. Some of which may be business critical and some of which no-one can remember why they bought it in the first place.

As the mass of the IT systems grows the resistance to change increases. Things are harder to find, troubleshoot and replace. And, mistakes are more likely.

So what do you do?

Inventory what you have

I can hear the collective groan. Yeah, if you have no idea what you have, you really don’t have much hope for what needs to be done. Get a list of what you have and what it’s function is. It is as simple as creating a spreadsheet or just folder (in a safe location) that details what you have and what it’s for.

Get rid of what you don’t need

Schedule a Friday afternoon with pizza and sodas and get the team to get rid of what you don’t need or no longer use. Recycle, turn it in to Staples or other outlets for responsible disposal of electronic scrap. If you haven’t used it in a year, chances are you won’t. You will reap the benefits of addition free space, better knowledge of what you do have, and the power of tidying up.

Label what you keep

Having cables, switches, servers and any other hardware you use labeled correctly is a big improvement. It will save you a lot of time (which is money). It helps with on-boarding, and when third parties come in for maintenance. Makes it quicker to locate items and helps with replacement planning or dealing with an outage.

Identify priorities for future replacement

Everything has a life. Old servers or user computers may need to be replaced. Network switches lose fans and develop port faults. Everything electronic will fail at some time. So decide what is the most important items of what you have left. Make a list and decide the plan for replacement. Put it on the calendar. Add it to the budget. Do a little at a time, be consistent.

Check and update your warranties

Warranties can be a big help in planning replacement. Some companies like Dell offer onsite replacement. It may be advantageous for your company to extend warranties on eligible equipment. If you can tolerate the replacement window the warranty offers, this can extend the life of your installed equipment.

 

These are just a few simple steps that help a small business deal with the fragmented environment that can emerge with years of growth. With small but consistent steps, a small business can improve their IT situation without massive, disruptive efforts.

 

Why You Need an IT Professional on Your M&A Deal Team

This article first published at the Axial Forum here: Why you need an IT professional on your M&A deal team and is reposted here with permission.

Traditional M&A deal teams run the risk of missing substantive issues that could impact deal structure, terms, and integration success.

Where does this risk come from?

Often the answer is simple: a lack of informational technology (IT) visibility.

Most M&A deal teams comprise accountants, lawyers, M&A professionals, and executives. These are the small teams that engage and form the deal framework with a target firm.

This small team approach can work well and move quickly. But business today is increasingly IT dependent, and these teams may overlook crucial items that could make or break a deal.

How can M&A deal teams mitigate this risk? Involve IT professionals as part of the deal team to help assess a broad overview of the IT landscape of the target firm and identify any substantive issues that may exist early in the deal making process.

This may seem crazy to some. Traditionally, IT is viewed a functional unit of a business — far down the food chain when it comes to M&A deal making. Information technology is not considered at the beginning of the process unless the acquisition is IT-related.

However, here are six reasons that an IT representative should be involved in your next deal team.

1. Pervasiveness

Even small market firms have a significant IT footprint these days. Every department in a typical business has dedicated information technology systems to handle their day to day business functions. There is marketing automation, accounting, resource planning, point of sale systems, human resource systems, production management systems, customer relationship management software, database management systems and big data analytics software, to name just a few examples.

These are the simple cases. Entire departments can be completely dependent on IT systems to fulfill their duty to both internal and external customers. We are almost numb to the pervasiveness of IT. Like electricity, as long as it works, we don’t take much notice.

This out-of-sight out-of-mind attitude can blind an acquirer to potential deal trouble spots. Since IT impacts each business area, it’s important to identify major obstacles and issues early in the deal process.

2. Complexity 

As the pervasiveness of IT systems increases, so does their complexity. Servers, databases, networks, cloud storage, security firewalls, authentication and security systems, third party APIs, and open source software stacks are the hidden components of visible business technologies. It is here, in the maze of hidden components, that potential problems lurk during deal formation.

As a business scales, the number and interconnectedness of these systems increases. It is easy to conceptualize a corporate web server. However, that simple concept can have a complex implementation. For example, it could be that the corporate web server is really several cloud virtual machines behind a load balancer using shared common storage and front end proxy caches for static element distribution and a content delivery network for serving corporate media. (And this is just a small piece of the potential IT complexity in a small to mid-size corporate acquisition.)

Getting a bird’s eye view of the complexity of the IT situation can help deal makers better understand the impact on price, terms, and deal structure as well as improve integration planning.

3. Business Impact 

If a target firm is desirable to an acquirer from a financial or operational perspective, chances are its IT systems will have a direct impact on the business. Effective IT systems can bring significant competitive advantage to a company through automation, proprietary function, scale, and features. The acquirer needs to make sure that they can realize and potential improve upon these advantages after the acquisition. Having a high-level view of the business impacts of the existing IT systems can give the deal team unique insight into ways to further leverage those capabilities post transaction, thus improving potential ROI of the acquisition.

4. Cost

According to Bain Capital’s Will Poindexter and Vishy Padmanabhan, the single biggest impact on general and administrative costs for many companies is IT. Deal teams should consider early on the condition and strategy necessary for the target business’s IT functions. The current condition of IT will have a big impact on future cost trajectory. Poindexter and Padmanabhan use three archetypes — “Neglected,” “Indebted,” or “Gold Plated” — to describe, at a broad level, the conditions they have found in their engagements.

Each archetype will have its own impact on future costs and investments needed post transaction. Much like a high level financial assessment is done to justify pursuing a deal, a high level IT assessment should be done up front as part of the early engagements. Hidden costs, true condition and implicit assumptions regarding the financial needs of the target firm’s IT structure should be revealed and known to the deal team.

5. Security Liability  

Not a day goes by that there is not some news story about a hacked company website or stolen corporate database of customer information. The impact of a data breach can be expensive at least and debilitating at worst. According to the IBM’s 2015 Cost of Data Breach Study, the average consolidated total cost of a data breach is $3.8 million.

Because of this potential liability, an acquiring firm absolutely needs to fully evaluate the security capabilities and practices of a target business during due diligence. However, certain key elements of a business’s security architecture, policies, and practices should be discussed and reviewed during early deal discussion. Having this information early will give the deal team an indication of how the firm approaches security. Knowing this will facilitate a more accurate assessment of potential risk and immediate mitigating actions needed post-transaction.

6. Expectation Management

Integrating IT systems can be the largest part of a merger or acquisition. Differing systems, tools, protocols, and implementation architectures or tools can complicate integrations significantly, impacting timelines and ROI. If some of the thornier issues of a potential IT integration are known at a broad level during deal formation, it’s easier to create more realistic timelines for closing and merging. This knowledge can also help the deal team more appropriately staff the integration teams needed to complete the merger or acquisition.

Summary

An engagement with IT during the deal phase can help identify red flag areas that will need extra due diligence or that can impact deal structure and negotiations. Knowledge of the IT situation by the acquiring firm can also provide leverage points during negotiations and enable the acquirer to factor in early impacts from IT risks, costs, or additional investments that may be needed. Ultimately, knowing, considering, and planning to mitigate IT related factors and issues early will contribute to a more successful M&A outcome.

5 ways BYOD could impact a small business purchase

BYOD, or “Bring Your Own Device” is a phenomenon that is currently the rage in many companies. But it could completely derail a business purchase.

BYOD is where an employee uses their own mobile phone, tablet or laptop to access company email, data, networks or applications. It it perceived to allow the employees to be more productive and responsive by accessing job related information and applications on their own device, which they have with the all the time. Companies perceive BYOD to be a way to spend less on hardware for employees.  Everybody wins? Right?

BYOD can be a necessity for small businesses that need to deploy scarce capital for product development. They simply can’t afford spending those resources on phones, and other devices even though they are needed to run the business. BYOD can be a positive for larger companies in terms of impact to budget, improved customer response time and better data for real-time decisions.

What about BYOD when it comes to a business purchase?

When it comes time to purchase  a business, what should an acquirer be looking for reading BYOD that could create problems in the deal?

Here are 5 areas that an acquiring company should consider when it comes to BYOD concerns.

1. Access to company systems

BYOD means that employees are able to login to corporate systems easily. Systems such the payroll or accounting system, maybe your sales or customer applications like salesforce. This includes access to corporate websites for monitoring and publishing content or social media posts. Many employees setup their devices to remember login id’s and passwords so that they don’t have to login to a service overtime they check it. This means that if there phone is stolen and unlocked, the thieves could potentially access those corporate accounts in the same way the employee does.

2. Confidential data

BYOD offers access to corporate systems. This means that for some applications you can download data that may be confidential to the company. Email attachments such as sales reports or contracts, files that are accessed from corporate data servers and documents and spreadsheets can all be stored locally on employee devices. Companies that have intellectual property records and documents would need to pay special attention to this.

3. Customer records

BYOD brings a big advantage to employees for dealing with clients and prospects. By having access to up-to-date, real time customer data and records the employee is able to have more relevant conversations with the client or prospect. This access can help close deals and increase revenue. However, if the device were lost or stolen this same customer data could be available to perpetrators. Corporate data breaches are now commonplace and very expensive.  Acceding to the 2015 IBM Cost of Data Breach Study the average consolidated total cost of a data breach is $3.8 million.

4. Departing employees

Acquiring a business sometimes means existing employees are re-assigned or let go, and some may choose not to stay with the new owners. Acquirers needs to carefully analyze the BYOD impacts of a departing employee. Make sure their access is removed and any locally stored data, or copies of data are deleted. Otherwise they could be walking out the door with the keys to the kingdom, or at least part of it. This is a particularly crucial step for departing IT system administrators. They usually have capability in their access to have full control over systems, data or servers. It is imperative that these aspects be clearly walked through for any departing IT or software development employees.

5. BYOD policy mismatch

Prudent companies use BYOD where it makes sense and helps the company objectives. Part of this prudence is spelled out in the BYOD policy the company should have. These policies should try to balance  employee access and convenience with liability and privacy concerns. The acquiring company needs to investigate the policies in place and determine if they are compatible with their own current practice. If not changes will need to be made, communicated, trained and enforced as part of the transition.

Conclusions

These are some of the basic impacts. Certain businesses may have additional concerns when it comes to HIPPA, manufacturing controls and other specialty applications. It is important to consider these aspects in the deal making phase and investigate them thoroughly during due diligence so that deal risks and impacts are known. An acquirer may need to enlist the services of an IT professional to fully investigate the risks and sues. Knowing before the deal is signed helps make the best decision possible.

9 key areas of technical due diligence for a small business purchase

If you are considering the purchase of a small business, a key to evaluating the business, and its potential risk, is to understand the condition of its IT related systems and equipment.

As small businesses use more IT software, equipment and services it is more crucial than ever to thoroughly investigate the IT environment to help make a prudent decision and to help ensure a successful outcome.

The IT environment for a small business can be a competitive advantage or a complete disaster. The buyer needs to do appropriate discovery and due diligence to understand just what type of IT setup they are getting with a potential purchase.

Here are 9 areas of a small business IT setup that should be well understood as part of valuation and due diligence.

1. IT Vendors and 3rd Party suppliers

You need to know what vendors are providing what services in the IT arena. This could include things like cloud services such as salesforce.com, Hubspot, Mailchimp, Atlassian, Office360 or even Google apps or similar. Some software providers have yearly license fees that would also be included in this list. A well documented list of service providers, what service or package they provide, the department using the service  and the current rate/package and term of agreement will help you see what things are pending and what your expected spend will be each year.

2. Employee Computer Environment Inventory

Most employees of a business have some type of computer for their work. A good due diligence practice is to get an inventory of what types computers are used, what operating systems are used (like MAC or Windows) and what other programs are installed in this environment. Are the computers leased our purchased? When does the lease expire? How old are the employee office computers? Will they have to be replaced soon? Are they reliable and have been maintained? Are they sized appropriate to the work being done? Are basic safeguards such as virus scanning and operating system updates in place? These are all questions that need to be answered to get a better idea regarding what you may have to invest  (or discount on sale price).

3. Internal Computer Servers and network setup

What internal computer servers does the company use, if any? Who maintains them? How old are they and what applications and operating systems do they use? Where are they located and what type of environment are they in? Does the company run windows servers or MACs? Are there other servers running internal software like accounting programs, databases, legacy applications or other types of software?

You will need to have a network diagram and understand how the office computers network together. Are there network switches or routers used? Are there multiple locations that share network capability? What about internet firewalls and wireless access? What are the security procedures regarding access to these machines and resources? All of these are required discussion points in order to make an informed purchase decision.

4. Office Equipment

Things like printers, copiers/scanners and phone systems, though seemingly old school, are still used in most offices. Your due diligence needs to investigate these items as well. Many times copiers/printers are leased from a third party and lease transfer or termination may need to be arranged depending on what you do with them after the purchase. Additionally many copiers also have document scanning capability which could be integrated with the server computers. This dependency would need to be understood and planned for if change is warranted.  Similarly regarding phones. Is the a local PBX or is the system hosted? What type of plan does the phone provider agreement specify? Is the phone system  integrated with a Customer Relationship Management systems to track calls? What about off-premises call answer and follow-me forwarding?  If the acquirer wants to terminate these and roll the use to their existing systems there may be early termination fees that need to be accounted for.

5. Employee BYOD Policies

BYOD is an acronym that stands for Bring Your Own Device. It is a practice where employees can use their personal electronic devices like mobile phones or tablets to access company resources like wireless networks, email, shared databases and other company services and software applications. You will need to understand current company practice regarding BYOD and what risks this brings to the transaction. A liberal BYOD policy could allow employees to have copies of databases and other proprietary information on their devices. The extent of this, and potential impact to the acquirers polices needs to be clearly understood.

6. System Administration Practices

Every IT system has a special administrative account and password. And usually each cloud software service you subscribe to has special account owners and passwords. You need to understand who manages these, how they are secured and how they are changed and monitored. In transition planning, this account information would need to be documented, validated and all transferred to the new new owner. Password updates would then need to be made in accordance with new guidelines. Also, you need to understand how company data is backed up. Where is it stored? Is it off-site? How are restore requests handled? How and who sets up new user accounts? There are many areas of investigation that need to be reviewed in this area to insure a smooth transition.

7. Email and Web Site

In some cases small businesses host their email and web services together. Companies such as 1&1, GoDaddy and others provide packages bundling these services together. You will need to investigate where email (and spam filtering and virus scanning) are done as well as web hosting. Other companies use email hosting providers like outlook.com or google gmail. The setup and documentation of where these critical services are hosted, how they are maintained and who handles the work is critical. Email and website are key links in the chain of customer interaction and must be thoroughly reviewed and the migration to the acquirer accounted for.

8. Point of Sale, Payment Processing and eCommerce

If the business is retail or has online shopping capability  you will also need to understand what systems are in place for these capabilities. Are they on-premise, hosted or leased? What systems and communications capabilities are needed? What providers are used for payment processing and how are they integrated into the customer sales cycle? Does the system use tables driven sales tax, or an online tax nexus service like Avalara? Are credit card numbers or other personally identifiable information stored anywhere and if so what are the security procedures and practices regarding that data? How are the services configured to operate, including API keys, passwords and other key operational parameters? These are absolutely crucial to the new owner to understand and have accurately and thoroughly documented.

9. Custom or Proprietary Software

If the business uses custom programming or has proprietary software applications you need to know more about it. What does it do? Who maintains it, where it is located, how is it managed and updated? What languages, tools or environments are required to use it? Are there large updates planned or needed? Are there security risks? These are just a few of a number of questions that need to be answered regarding customer software. If the business has employees that develop and maintain the software then additional questions regarding the development environment, source code control, testing and release management need to be investigated and understood as well. The answers to these questions will help you understand pending needed investment, risk and potential additional opportunities for synergy and integration gains.

 

These are some of the standard areas of technical due diligence when investigating a potential small business purchase. An appropriate technical due diligence checklist and process can reveal technical debt which will impact the decision making and negotiation process.

Depending on the type of business there may be many other areas to consider. High tech businesses, manufacturing and other types of businesses requiring specialty equipment or software applications will also need additional due diligence in other areas besides those mentioned. Further, mid market businesses due to their size and additional complexity will also require much more effort to fully investigate and understand all aspect of the IT related impact to the transaction.

If you are unsure of these areas it is best to enlist the services of an IT professional to help with a technical assessment. In this way you can get a 3rd party opinion on these areas.

Improving your knowledge in this key area can give you leverage in price and terms negotiation as well as making you better informed of areas that may need to be addressed post sale. And the knowledge can save you lots of headaches later after the purchase.

3 Ways Small Businesses Can Begin to Eliminate Technical Debt

We all see the update reminders. We know they are one sign of technical debt.

Microsoft has updates for Windows or Word.

Apple has updates for OSx.

Our mobile phones show those little indicators telling us how many apps need to be updated.

Your business may have servers that need replacing and software that needs refactoring. You may have  entire systems that need to be replaced due to end of like for functionality issues.

How do you get to all of that and still do the new work?

Here are three methods that, I have found that can help eliminate some of the burden.

Method 1: Schedule regular time  for the easy updates

For simple updates, like app updates, browser updates and vetted updates say from Apple or Microsoft  I recommend scheduling time each week to spend a few minuets applying the updates. Make it part of your routine. This makes it such that it usually only takes a few minutes and the changes between versions in the updates are minor. Some phones and tables allow for auto app update. So that can be a help as well. For me, I do this each Monday morning. I apply any security patches that windows says are needed. I also update browsers and key apps I use on my computers and phones.  Because I do this every week, it usually only takes a few minutes. So while my updates are applying  I can get a cup of coffee and then I am usually ready to roll.

Note: For real migrations, like moving from Windows 8.1 to Windows 10 on your laptop, or from Yosemite to El Capitan on your Macbook, you will need more time. I usually do these on weekends or on days when I have a lot more time available for my devices to be down.

Method 2: Migrate to hosted versions of server apps you run in-house

If you have your own hardware servers that run your accounting application or exchange server or other key software for your business check into moving those to the cloud. Many software vendors such as Quicken, Microsoft and others  who sell installable software are now also offering cloud versions of the same applications. By migrating to cloud versions you lose the headache, cost, space and risk of having to deal with hardware in your location or co-location facility. And you can usually benefit from the cloud versions of software being updated very regularly and always having the most recent security patches. This method can take a decent amount of effort depending on the system but there is a nice long term payoff.

Method 2a: If you have physical servers running that you cannot migrate to the cloud, consider extending warranties on them.

Many vendors like Dell or HP will extend onsite-parts replacement warranties for not too much money. Of course this assumes that your situation can be without a server for a day while you wait on the tech to arrive and make the repairs. Note: If you sign up for these with a vendor, make sure they have parts they keep in stock for your server or computer model. We had a warrantied system at one job I had where they didn’t immediately know if they had a replacement for our model when we needed it. If your server has been classified as “end of life” then you won’t be able to get extended warranty and you will have to migrate to other hardware if you want support.

Method 3: Initiate off-site automated backups of your data

One insidious form of technical debt is in-adequate system backups. Losing company data can be catastrophic for a small business. Luckily, there are many services that offer automated and secure file backup for your business servers and user devices such as laptops, desktops and even phones and tablets that are affordable and easy to use. Services such as Crashplan,  Carbonite, and if you are an Apple user, there is iCloud. There are plenty of others as well. Most of these services offer client programs that you install and run that will automatically backup and encrypt your files and store them securely in the cloud.  That way, if something happens locally you can recover your data usually via a pretty easy to use web site that allows you to login and select the files you need to restore. The prices for these services have come down tremendously in the last couple of years.  If you are not doing offsite backup  these services make it pretty painless to get started.

Technical debt can affect your company in many ways. These methods offer ways to begin to take small steps to alleviate some of that debt.