I believe small businesses should have a plan for their IT. There will be differences between businesses for obvious reasons, but in large part there are some common key elements that make up a good IT plan for all small businesses.
Here are the basics that a small business should have as part of their IT:
- Web content filtering
- Centralized anti-virus/anti-malware
- Centralized patch management
- User control
- Central access / permissions control
- Role-based permissions
- Limit admin permissions
- Data Loss Prevention
- Data Redundancy
- Onsite backups
- Off-site backups
- Historical backups
- Centralized storage
- Equipment list
- IP list
- Username / passwords
- Network diagram
Not only are these the basics, but they’re the top priorities as well.
As a business owner, this is what you expect from your IT person or IT company:
- You expect them to keep your network and information secure.
- You expect them to control your staff and give them access to information they need but limit them from causing harm or accessing information they shouldn’t have.
- You expect them to keep your data safe and make sure you never lose any.
- You expect them to document your network so that if they get hit by the proverbial bus someone else could take over and keep you up and running.
Security is concerned with keeping bad traffic out of your network. That included threats like viruses and malware as well as attacks and attackers. Without security, your network will get hacked and become a zombie in someone’s botnet army.
User Control is concerned with giving your staff access to the data and programs they need, but limiting them to only what they need. In addition to data and programs, it also covers permissions so that staff do not have the power to make changes they shouldn’t. This protects against inadvertent as well as intentional changes and also serves to contain viruses, bot attacks, or crypto-attacks in the event that one of your machines does get compromised.
Data Loss Prevention is just what it sounds like. This is how you ensure that your data doesn’t get lost. It’s concerned with making sure all the data you need to save in centralized, stored on redundant drives so it can survive the loss of a hard drive, and backed up correctly so you can recover lost or corrupt data as far back as you need to go.
Documentation is the most overlooked element of basic IT. Everyone seems to recognize the need for documentation, and business owners expect that it is in place. But most IT people don’t like creating and keeping documentation up to date and very few business owners ever review their documentation. Combine those two and you have a recipe for disastrously bad or incomplete documentation.
Unfortunately, even though these basics are so fundamental to your business IT infrastructure, they are rarely done well enough for most businesses.
And the really tragic part is you usually won’t know they aren’t good enough until it’s too late. Once your network gets hacked, gets a virus, suffers a major data loss, or your IT person quits or gets fired, that’s when you’ll find out how bad off you really are.
But it will be too late then.
So what do you do?
Start a conversation between IT and business owner. Ask questions and compare expectations. Then review what’s in place now and decide where you want it to go.
That will make a huge difference.
Another option is to get an outside review. A separate company or consultant can spot things with a fresh set of eyes and they typically have experience much above that of the in-house IT person or team.
– Weston Henry
What else is part of basic IT for a business?
How can business owners measure their IT so they know if it’s really meeting their needs or not?