Seven Lessons That SMBs Can Learn from Big IT
Just because you don't have a large enterprise doesn't mean you can't run your IT operation like the big guys. Here are seven ways to help your SMB -- a small or medium-size business -- implement some of the lessons big IT operations have learned over the years. Using these tips, you should be able to improve productivity, cut costs, and keep your business running smoothly.
1. Standardize on Desktops and Cell Phones to Reduce Support Differences
This is not as easy as it sounds, because even if you buy multiple quantities of the same exact model of PC, the systems could still have subtle internal differences that can come back to haunt you when you have to fix them. Carey Holzman, an independent reseller based in Glendale, Arizona, ran into this problem. His company ordered a particular model of computer that contained specific parts meeting the corporation's strict requirements. Yet when he received the PCs, he found that the systems contained two revisions of the ATI video card, one of which caused an incompatibility with the mice the company used.
And unfortunately for Holzman, the PC vendor was of little help. "The vendor refused to acknowledge any responsibility for the video card incompatibility. We started ordering the computers without video cards after that--until the next problem cropped up, and eventually, [we] switched vendors entirely," he says.
To keep incompatibilities to a minimum, you should try to stock hard drives from the same vendor, and to standardize on the same model of peripherals such as printers, mice, and keyboards, too. You can also make use of Windows Inspection Toolkit or similar utilities to keep track of the specific configuration of your systems. Finally, use drive imaging software such as Acronis True Image or Norton Ghost to make copies of your basic system installation, so that it can be recovered easily in case of virus infections or other problems.
Many IT shops also buy spare PCs and use them for replacements. "The problem is that you are tempted to use it as new workstation, instead of as a replacement, and then you no longer have a spare," says Holzman. "You need to put it in the closet and use it only to help you through temporary IT emergencies." Besides keeping several spare PCs, it's also a good idea stock a spare laser printer and network hub in case yours go south.
Holzman also recommends retainer support contracts with a local technician, so you won't have to scrutinize the invoices trying to interpret the work that was done and whether the tech was being fair and honest.
2. Perform Off-Site Backups
Small businesses have basically two approaches to choose from in doing backups: One is to copy critical data to a series of external hard drives and periodically rotate them from your office to a remote location (such as a bank safe deposit box). The other is to use one of a number of online backup service providers such as Box.net, Symantec Online Backup, Carbonite, or Mozy that offer low cost gigabyte-level storage. Big IT typically uses off-site tape storage because of the quantity of the data involved, but for smaller outfits, online services are less expensive and more convenient.
The trick with either method is to use them religiously, and to ensure that all of your data is copied on a regular basis. The online backup option could be especially handy in more than one way: Earlier this summer, Damian Zikakis, a Michigan-based headhunter, had his laptop stolen when someone broke into his offices. He replaced it a few days later; and because he had used Mozy, he thought that he was covered in terms of being able to bring back his files from the Internet backup.
When Zikakis had a moment to examine the layout of his new machine, he "found several incriminating files. The individuals who had my computer did not realize that the Mozy client was installed and running in the background. They had also used PhotoBooth to take pictures of themselves and had downloaded a cell phone bill that had their name on it," he says.
Zikakis did a bit of head hunting on his own and contacted the appropriate police department with this information. They were able to recover his computer, and now have the task of figuring out who actually took the laptop originally and what law enforcement options to pursue.
3. Use Hardware to Secure Your Internet Connection
SMBs often are not as attentive to the security of their Internet connection as they should be, and the results of such neglect could be disastrous. Last year, hackers compromised the point of sale system (POS) of clothing designer firm Nanette Lepore. The hackers managed to reconfigure the outdated firewalls and sold some stolen credit card numbers from the company's high-end clientele.
This happened because the company's chain of retail stores had little or no security measures or proper procedures. "All of our store clerks were using the same password to access the POS," says Jose Cruz, Nanette Lepore's network manager. "It was wide open. No one had ever thought to change passwords periodically, or even use different ones for each user. Prior to my arrival here, the emphasis on POS security wasn't urgent. Needless to say, this all changed."
Cruz got a call that no one ever wants to receive--from the FBI, telling him that several of their customers had received fraudulent credit card charges. This led to finding out that the company's Netopia DSL routers had been hacked, and their firmware had been changed to allow hackers inside their network.
The stores now use SonicWall integrated security devices, and Cruz has implemented password change policies and other security procedures to ensure that he won't get a repeat of what happened before. Such an approach can help an SMB keep private information secure. Another good policy: Ensure that all network access is turned off when an employee leaves the company.
4. Use a VPN
Many larger IT shops make use of virtual private networks (VPNs) to ensure that their communications are kept confidential, and that traveling users can access home office files and other resources when on the road. Many of these VPN products can be quite expensive, but the SMB alternatives don't have to cost a lot of money.
Some, such as Openvpn.org, are free, while low-cost VPN service providers such as LogMeIn.com's Hamachi can run about US$50 per person per year. "Hamachi allows us to connect to hundreds of our customers and monitor live videos of our security cameras discreetly and without having to worry about being compromised by unauthorized users," says Ben Molloy, the vice president of Pro-Vigil, a San Antonio, Texas-based company that provides security for off-hours construction sites.
And VPNs come integrated in a variety of lower-cost security gateway appliances, too. Nanette Lepore makes use of the SSL VPNs that are included in the SonicWall appliances to connect their stores together, and to ensure that no one can compromise their communications.
The Lepore firm even set up temporary accounts for guest workers and maintenance personnel that are purposely time-limited. Granting accounts for temporary personnel without such time limits is another common mistake. Time-limited accounts mean that the IT staff doesn't have to remember to remove the account when the maintenance is completed.
5. Run Personal Firewalls, Especially on Windows PCs
Windows is notorious for being a security sinkhole, and most larger IT operations now require their PCs to run some kind of personal firewall to prevent infections and malware from taking over. A wide range of products is available, but the key is to pick one, make it standard, and make sure that all employees are educated about why it is necessary to keep the firewall running at all times, especially when traveling. Inexpensive but effective firewalls include AVG from Grisoft.com, Online Armour, and Kaspersky Labs.
However, you can't always manage each individual machine, and a careless user could turn off these defenses and let viruses in. This is where having a drive image copy can come in handy.
Another way to enforce security policies and other protective measures is to deploy some endpoint security tool that will block unhealthy PCs from gaining network access. Napera is one product that is specifically targeted at SMB installations, and McAfee and Sophos have others.
Matt Stevenson, who is the director of information technology for Talyst, a pharmacy automation vendor in Bellevue, Washington, has been using the $3500 Napera appliance on his 120-node network for the past six months. "A lot of our staff is out in the field, and they attach to a wide variety of networks. When they come back to our office, the Napera box forces their PCs to become compliant and to ensure that our network won't get infected," he says.
6. Rely on VoIP PBX for Your Phone System
As more and more big IT shops can attest, using a VoIP PBX telephone system has tremendous cost advantages. The biggest one is for your remote workers who can have extensions on your headquarters' phone system. These systems are also very flexible in terms of call handling, and offer other features such as call forwarding, multiple simultaneous rings (where an incoming call can be answered wherever it is more convenient), so-called follow-me (where incoming calls are routed to particular numbers at particular times of the day), and do-not-disturb.
"Now businesses are able to get features that can set the rules on how they are contacted, and be able to conduct more business when they aren't in their office," says Henry Kaestner, the founder and CEO of Internet phone provider Bandwidth.com, one of the many vendors that offer this kind of service. CBeyond and Asterisk are other companies that offer VoIP PBX.
These systems start at around $400 a month and have the advantage of being able to grow or contract with your staffing needs. They also can present your company as more professional, with features that are normally found on very expensive phone systems. The downside is that you need to ensure that your network is up to snuff to handle all the voice traffic; and to get the most out of these systems, you'll want to find a VAR or consultant who specializes in VoIP PBX installations.
7. Have a Solid Test Plan for Adding New Technology
The big guys don't put some new tech into their operations without first doing a lot of testing first. Put together a test lab or designate one office that will be your "beta bar," and encourage your most technical staffer to try out new things before getting them deployed.
Ramon Ray, the owner of the site Smallbiztechnology, advises that in addition to testing, it's important to analyze a variety of options. "Just don't just go for the first choice, but think and review the pros and cons and what else is available to you. During the testing, it is also important to consider your future needs. Many smaller businesses don't think of their future growth, which will affect their IT plans," he says.