What crucial components do Small Business Owners leave out of their planning that can sink their business? Part 1 of 3

When an individual makes a decision to leap into the role of entrepreneur, there are a lot of resources available to help them. These resources help them figure out everything from how to write a business plan, to where to buy the business license and how to pay employees. All of these are obviously crucial to the smooth running of any small business. Imagine this though, you get your license, you set up shop, you hire employees or initially run your business on your own. You're there! You're a small business owner. You have customers, you're getting paid. Then, one night something happens.

Scenario 1: You're sitting on your sofa, sending a note to a friend about the YouTube video you just watched and your PC shuts down. You don't panic because it's happened before and you were able to do that golden command, "REBOOT", and everything came back. You were never sure about why it shutdown, but hey, as long as you got it back. Right?

Only this time, your pc won't come back up.

What are you going to do? Oh wait, your wife has a pc that you can use tomorrow. Only, your accounting software isn't loaded on her pc. Ok, so you won't be able to process customer billing. You can do that by-hand if needed. Oh, but your portal to your bank is registered on that pc and its payday. You always issue your payroll checks first thing in the morning so your employees can run to their banks at lunchtime. Remember thinking you should write that website information down somewhere?

Scenario 2: You're sitting on your sofa, sending a note to a friend about the odd pictures you just got from him via email and your PC shuts down. You don't panic because it's happened before and you were able to do that golden command, "REBOOT", and everything came back. You were never sure about why it shutdown, but hey, as long as you got it back. Right?

Only this time, your pc starts up but lines and lines of stuff roll across the screen and then your screen is blank, except for a single blinking cursor in the upper left hand corner. This doesn't look promising. Well, not a huge big deal, you use this pc to send business communications and customer information, nothing you have to have the next day. Of course, all of your personal information is on the pc because it didn't make sense to buy a pc specifically for business when you could use your personal one. You keep your banking and credit card information and in a special text file that no one would ever guess the name of, you keep your account information and passwords loaded. How else would you remember all of those passwords?

Scenario 3: You're shutting down the shop pc for the night, running the reports from your online customer reports when a message pops up on your screen informing you that you don't have virus protection for your pc and asks if you want to install it. How nice? "Someone" is worried because you don't have virus protection. You know you bought that though. It should be working. What was going on? Well, you might as well buy this new one from whoever this is. You put in your credit card information, the page says HTTPS so you know it's safe, and wait. And wait… And wait… Maybe you have to reboot. The reboot seems to take FOREVVVVEEEERRRR. Then, nothing.

So, what do you do? You're not a pc expert. You bought your machine at one of the local retail electronics stores, maybe you can take it back there first thing tomorrow morning and they can fix it.

So what does this have to do with Small Business Owners and what they leave out of their plans? 3 out of 5 Small Business Owners forget to include technology and business continuity in their plans.

There are a lot of considerations related to technology and business continuity for which small business owners are not prepared, because they are issues they've never had to deal with before. So the question arises, what SHOULD be included?

• PC Protection
  
• Data Protection
  
• Environment Protection
  
• Device Protection
  

Forgetting or underestimating any of the above can hurt a small business owner's reputation and credibility. Many small business owners go into business with excellent business plans as far as market research, understanding how to fill out all the proper forms but what about technology? What about security? And what about business continuity?

Part 2 to come next week.

PCI Compliance for small businesses – Keep It Simple

The PCI-DSS were not pulled out of the air or specifically written up to drive merchants crazy. They are all based on security standards that have been around for years with updates as technology has evolved. PCI Compliance requirements on the surface can be intimidating if you don't have a large Tech Support team and a rather large bankroll. There are however ways to insure your environment is compliant without breaking the bank.

KEEP YOUR ENVIRONMENT SIMPLE – the simpler the environment, the easier the Compliance Standards are to meet.

• Purchase authorized PIN and Credit Card devices from your bank. Ensure they are PCI Compliant.
  
• Don't store customer data in your environment. This doesn't mean don't have a marketing mailing list. This means don't include any customer financial data.
  
• Use commercial products for your POS system that are certified PCI Compliant.
  
• Trust your employees, but verify. DO background checks to insure you're not hiring an individual who shouldn't be trusted with someone else's personal information.
  
• Only allow access to customer data to those employees who have a definite business need.
  
• Purchase and maintain antivirus and malware software for all pc's (and servers) in the environment.
  
• Use Windows Update and apply security fixes. Same for other operating systems. They too get hacked.
  
• Don't browse social media sites on your work pc. (This may be considered overkill by some but if you flat don't allow it in the first place, you don't have to potentially worry about a Trojan getting through your virus protection).
  
• Use individual logons for all employees. This makes a trail to troubleshoot potential misuse much easier.
  
• Find vendors who will partner with you, regardless of your small size, to help you maintain your environment. Insure THEY are security minded and compliant.
  
• Write some basic policies and procedures and have employees sign-off that they have read them and understand them. (Core policies and procedures are available that you can fit to your environment).
  
• Turn on Windows Firewall.
  
• Purchase a warranty on your hardware. (This goes to recovering from a disaster and environment stability).
  
• Back up your data. You can purchase an external hard drive from many vendors for under $200 in a lot of cases. Windows has a built-in backup program. You don't have to purchase additional software.
  
• Follow basic security rules published by vendors such as Microsoft. They have security baseline documentation that will guide you into creating a more secure environment.
  
• Fill out your self-attestation paperwork and provide it to your merchant bank.
  

 

None of these recommendations are expensive nor should they drive any Mom-and-Pop-sized shop out of business. Best of luck.

 

Where do you start when you have nothing to start with?

Ever walked into a new management position and thought, "Holy crap, what did I get myself into?" Old hardware, no warranties on equipment, no support on software and software either at or past support deadlines litter your server room or datacenter. You spend the first week answering calls from Senior Vice Presidents who insist you fix their systems as your first priority. Employees trail into your office with complaints about everything from work hours to irate development managers who don't understand why your team can't keep their applications running. What do you do?

If your response was not "RUN", then keep reading.

First you watch, you listen, and you ask questions. Evaluate the reasons for the environment getting into the dilapidated state in the first place. Listen to the business leaders and your new team. Listen to the vendors that have supported the environment. Of course, everyone will have their own perspective. Take the emotion out of the equation, don't allow blame and finger pointing to color your game plan.

Then, act.

Start with the basics.

1. Supporting the business
   
   1. Can the current systems sustain projected business growth?
      
   2. If not, what is the business willing to invest to support that growth?
      
   3. What is the business's risk appetite?
      
   4. Is there a cohesive vision of what the business needs?
      
2. Resource Planning
   
   1. Does your team have clear job descriptions?
      
   2. Is there a proper staffing model?
      
   3. Do the technologists have adequate training for the technologies necessary to support the business?
      
   4. What is the percentage of effort spent on supporting the existing environment versus enabling the business to do more?
      
3. Governance
   
   1. Is there a documented governance framework in place?
      
   2. Does the culture lend itself to structure and standards?
      
   3. Is there a cohesive vision of IT's role?
      

      
       

• Understanding the business goals will go a long way toward insuring your credibility as you present your vision for transforming the services your team provides. Do your best to understand the agendas of those you work for and with.
  
• Creating a stable environment for your team will go a long way toward insuring they believe in you enough to not abandon their posts. They'll at least, "go along for the ride".
  
• Bring in vendors who can partner with you to help stabilize and then transform your environment.
  
• Don't make promises you can't keep.
  
• Working with your team, create policies and procedures to insure everyone is aware of the new rule book. It's unfair to existing employees to change the rules and not enlist their support and buy-in. While some may push back at the new structure and boundaries, most will understand the need in order to move forward.
  
• Create a remediation plan with business drivers, costs and estimated effort in time and resources. When you do this, take into consideration that everyone has "day jobs". They may be unwilling to put in the additional effort that would be required to clean up. So, reward them. Complement those who do well, who perform above and beyond. Give them public appreciation. Give them feedback, both positive and negative. Employees deserve to know whether they are adhering to the "new world order" or are not meeting expectations.
  

Lastly, don't expect miracles. The environment did not languish into this state over night. It will take time, concerted effort and focus to get yourself into a positive place. It will also take compromises. What may be seen as the best technical approach may not be the best business approach. After all, isn't an IT department's role to support the business? Best of luck.