One of the first places young companies cut costs is on basic IT expenses. At Electric, we’ve seen it all: from 50-person companies running off of the founder’s home Wi-Fi router to large companies refusing to pay $5/month for a business-grade G Suite account.
We try to avoid unnecessary expenses as much as the next company, but when you consider how much time you and your team spend connected to the internet, using your laptop and how much business transacts over email – all of a sudden, these “hacks” start to get extremely costly.
Two years and tens of thousands of support tickets later, we’ve compiled the seven most common IT blind spots that startups encounter:
1. Using the Wi-Fi router from home (in your office)
Home routers were built to support short-term, light use for a small number of devices and users. They weren’t meant to cover large areas, reliably connect 40+ devices at the same time, and definitely weren’t built with the security concerns of a business in mind. Worse still, we often see companies paying $500-$1,000/month for high speed internet, but their router isn’t physically capable of delivering that speed! In addition, the more complicated your set up, the more frequently we see support tickets for tasks like rebooting your router. Depending on the size of your office and security requirements you can upgrade to a commercial-grade switch and access point for as little as $500. Companies like Ubiquiti have made this cost-effective and user friendly.
3. Employee-owned devices (laptops and tablets)
In the beginning, it can seem like a no-brainer to skip the investment of providing devices to your entire team – particularly when they are willing to bring in their own laptops from home. Here’s the problem: if you don’t provide company-owned devices it can be next to impossible to enforce basic data security policies. For example, when your traveling sales rep accidentally leaves her personal laptop at the airport, your customer data and proprietary information is exposed to anyone who picks up the computer. By providing pre-provisioned devices to every employee you can ensure that proper steps have been taken to secure yours and your employees data.
4. Not defining on/offboarding policies
As your team grows, you’ll be making personnel decisions that will have a direct impact on the devices and software you need to acquire and provide to employees. There will also be those instances where someone leaves or is let go and you need to ensure that your customer data and security are protected – sometimes at a moments notice. Creating policies that are consistently applied while on and offboarding employees will help you keep track of devices that are available to new users (i.e.: don’t buy new laptops if you already have them) and minimize the risk of a disgruntled former colleague downloading customer lists or having access to business-critical information after their departure.
5. Too many admins
Just like there can be “too many cooks in the kitchen,” there can be too admins in the software! It can happen before you even realize it: one day, you find a half a dozen Google Analytics admins and ten admins in Salesforce. Similar to on/offboarding, administrative powers within important pieces of software can be abused when a disgruntled ex-employee is at the helm or a legacy third party vendor still has access to information after their contract has ended. Before any new admins are added to a piece of software – and when they are deleted – it is important to understand who the primary admin and owner of the software should be. It is good practice at this time to also conduct a review of who is already on the account and make changes based on current needs. Setting a quarterly reminder to do a quick software admin review and ensuring that after an employee is offboarded or a vendor relationship is ended, you do the same, will minimize the risk of any surprises.
6. Lacking an emergency backup plan
What happens if and when you do have an outage? A security threat or data loss? Would you know what to do? Creating a business continuity plan in conjunction with an IT emergency plan will be key to ensuring that your customers are minimally (if at all) impacted and your data remains secure when disaster strikes. Consider how to communicate with your team and customers, paying special focus to those most critically impacted. Create a plan around and consistently backup your data and information. Identify and catalog the most critical software necessary to run your business then prioritize restoring functionality to those systems first in the recovery process. Finally, every company should have a cyber-security insurance policy to protect against the financial fallout of a hack or data loss.
7. Missing a robust security strategy
Every company says they care about security but what does that actually mean? A few key areas to pay attention to are the assessment of the actual threat, understanding the gaps in security that could make that threat a reality and determining what’s necessary to maintain business continuity during a breach or attempt. For example, if a computer was lost or stolen right now how would that data be protected? Do you currently use two-factor authentication on your business-critical apps? Do you strictly limit access to employee and customer data? How is that enforced? The list goes on. As a startup, once you start acquiring customers and generating revenue it’s extremely important to have a basic IT risk assessment completed and consider working toward some sort of industry standard security audit (such as SOC-2).
8. Purchasing a tool instead of solving a problem
As in anything else, making a purchase does not equate to solving a problem. We see a lot of companies investing in tools like anti-virus, mobile device management, and barely make it halfway through implementation. The best way to think of a technology purchase is to double the cost – half the money gets spent on the purchase but the other half should be devoted to the internal resources and plan used for rollout and ongoing maintenance. You can also work with a partner on these sorts of things, but always have a plan. For example, for every 10 companies we talk to who have purchased Okta, only 4 have actually used it. Don’t be one of those companies.
IT infrastructure is the foundation of virtually all of the work that your company does. If any one of these blind spots resonates with you, chat with one of our team members. We’re proud to be one of the fastest-growing, most advanced IT providers on the planet. Most importantly, we love talking to people and helping them solve problems!