The single biggest IT risk in small business and 9 ways to deal with it

The dependence of small business on IT systems and the people who run them increases continuously. Whether the accounting systems, corporate web site, inventory system, the online shopping cart, marketing automation, email servers, the customer management system, internal database servers, manufacturing automation servers and the like. The list goes on and on. Without those IT systems, business grinds to a halt. And without the people that maintain them, you risk business grinding to a halt if something goes awry. IT systems have loads of risk vectors. Hackers, Malware, viruses, ransomware, hardware and software failures and the like.

However those don’t create the biggest risk a small business owner has with respect to IT.

The biggest IT risk a small business owner faces is being unprepared for the loss of a (or the) key IT person or key software developer.

Examples of the key person(s):

  • The developer who wrote the code for the product.
  • The sysadmin who knows all the configuration and passwords.
  • The director who knows where all the vendor logins are including the payment processors.
  • The development architect who knows how all the systems fit together and where the vulnerabilities are

Losing any of these types can be hard on a small business. If your business has several of these people in one person then you are at a HUGE risk if that person walks.

What can you do to mitigate the impact if that key person is gone?

Here are 9 steps that can help when that happens.

System configurations backed up

Make sure that the existing staff has backups of key system configurations saved in a known location. Firewalls, key routers, switches, IP addresses of networks and servers and other company configuration setup should be saved in a known and agreed to place that the owner knows about and understands how to access. This should be also documented.

Login/Password locker

It is wise to use a corporate password locker such as 1Password or Lastpass. Key system passwords should be stored here with the master password to the locker available to the owner.

System diagrams

Simple block diagrams should be in a known location that diagram key systems, how they are connected, where they are located etc. This will enable the owner to help locate systems in case an issue arises and will help them direct new personnel or vendors when repairs or service is needed.

Key 3rd party vendor information

A list of all 3rd party vendors that are used by the IT / Development teams should be kept in a known place. Contact information for the account representative, as well as services provided and key contract or agreement details.

Backup locations

The locations of on-site backups of systems should also be documented. Additionally off-site backup locations and / or vendors should be detailed in the 3rd party vendor section.

Process and procedures and site/documents

The owner should know the processes used to get IT and development work done, including how to deploy system updates for key servers, web sites and online apps. If for no other reason than to train the replacement employee.

Monitoring Notifications

If your company uses automated monitoring such as Icinga or similar, then the owner or replacement personnel need to be added to the notification list.

Job Descriptions

A documented set of job descriptions will help in the hiring process after the key person leaves. This will give the owner more detail on what the key person does, and the attributes and skills needed in a replacement employee.

System/Content Deployment steps

The steps, logins and other necessaries required for making site or system updates to key systems need to accessible and understood so that another employees or the owner could execute them or show them to a contractor in a pinch. You may think this is far fetched but if something happens you want to be able to update content and code if needed.

Final Thoughts

As part of your on-going training and planning it would also benefit the company to conduct a risk and vulnerability assessment so that key risks are known and can be planned for. Additionally, transitions can be planned for as well with succession planning as part of leadership/career development and key employees being cross trained regularly. Finally, the owner should audit these areas periodically to validate readiness and expose weaknesses.

The above 9 steps won’t eliminate the pain of losing a key employee but they will enable the business to move along and speed the on-boarding process of the replacement. The wise small business owner will do well to track and keep up with these areas.

 

Leave a Reply

Your email address will not be published. Required fields are marked *