After Hours

10 tech mistakes small businesses make (and how IT consultants can help clients avoid them)

Small businesses must concentrate their time and energy on knowing their own industry -- and that often means that effective technology practices get overlooked. Erik Eckel explains the most common tech missteps he's encountered, along with preventive measures to protect businesses and prevent serious problems.

Small businesses must concentrate their time and energy on knowing their own industry -- and that often means that effective technology practices get overlooked. Erik Eckel explains the most common tech missteps he's encountered, along with preventive measures to protect businesses and prevent serious problems.


In today's microwave society -- in which just-in-time manufacturing models, heightened customer expectations, and 24x7 accessibility demands burden both manufacturers and service providers -- little time remains for much else. Small businesses often don't have the resources or inclination to track the latest computer news, security threats, or even common break/fix tips. And not all small business owners are adept at maintaining best technology practices.

As a result, small businesses frequently make certain technology mistakes. Here's a look at these mistakes, along with specific steps IT consultants can take to assist small businesses in correcting these common failures.

Note: This article is also available as a download, which includes an annotated PowerPoint presentation based on this information.

#1: Insufficient technical support

Many organizations go without technical support, relying instead upon an employee whose love of Warcraft may make him or her the local office "computer guru." Other organizations may depend upon a staffer's friend or relative (who's "interested in computers") to provide technology advice or assistance when critical systems fail or slow unacceptably.

Some turn to their hardware manufacturer's telephone support line for help, only to be disappointed when the solution to many problems proves to be performing a reinstallation (thereby resulting in the loss of all the business owner's data). Some rely upon a big box electronic store's service arm, never receiving the same (novice, often undereducated, and inexperienced) technician twice. And still others locate a student or individual who provides computer support "on the side."

These support methods are not cost-efficient. Nor are they effective information technology investment, troubleshooting, or administration options.

Small businesses need knowledgeable, trusted technology partners who are proficient with current technologies and willing to help learn their industry's operations requirements. Once a qualified technology expert is familiar with a client's needs, appropriate services and solutions can be recommended and deployed. The result is almost always more cost-effective, more efficient, more profitable operations for the client.

#2: Hardware/software issues

Smart organizations set PC service lives at three or four years. There's a reason.

"When you look at costs -- particularly around a four- to six-year lifecycle -- it may seem like you are saving money," says Info-Tech Research Group analyst Darin Stahl. "But really it's costing you." That's because support expenses increase. Retaining PCs longer than three or four years often results in repair and support costs that meet or exceed the price of new systems.

This is the second common tech mistake businesses make: They fail to standardize hardware components and software applications, where possible. The result is a mishmash of components that complicate troubleshooting, repair, and deployment and require companies to support a variety of programs with different license terms and renewal dates. Incompatibilities often result.

Worse, older and obsolete hardware is less efficient, increases downtime likelihood, feeds staff and customer frustration, endangers sales, and threatens other lost opportunities.

Small businesses can overcome common hardware and software issues by:

  • Retiring equipment at proper lifecycles, typically three to four years.
  • Standardizing hardware components.
  • Standardizing software applications.
  • Working with an IT consultant to leverage vendor relationships and reduce costs/negotiate more attractive pricing.

#3: Insufficient power protection

A single power outage, surge, or spike can damage expensive electronic components and result in critical data loss. Consistent surges and brownouts, meanwhile, shorten the lifespan of computers, printers, network components, and other equipment.

Many businesses deploy simple power strips. Others continue depending upon surge suppressors deployed five and even 10 years earlier. When thunderstorms, electrical outages, and other disasters strike, the damaged systems and corrupted or lost data -- not to mention downtime -- resulting from insufficient power protection prove costly.

Organizations should deploy quality battery backup devices (with built-in surge suppression) for all critical desktop PCs. Further, technology professionals should connect all servers to uninterruptible power supplies and test them regularly to confirm adequate failover protection is in place.

When deploying battery backups, businesses should properly install and configure corresponding cables and communications software. Network protections should be leveraged whenever possible, as well, in attempts to remediate cable modem, DSL, and other surge sources that can destroy telecommunications and computing equipment.

Since surge suppressor quality varies, organizations should purchase such equipment from trusted vendors. And since surge suppressors (and batteries) wear over time, businesses should replace them regularly.

Simple power strips should be avoided whenever any computer, server, network device, or other important component is present.

#4: Illegal software

Possessing illegal software may be the easiest trap into which many organizations fall. The issue is widespread (the Business Software Alliance estimates 22 percent of all North American software is unlicensed), making it our fourth common tech mistake plaguing small businesses.

Certainly, licensing issues quickly prove perplexing. The differences between OEM, retail, and open license software escapes the understanding of many business owners. Yet manufacturers are becoming more aggressive in locking down licenses (via product activation technologies) and prosecuting offenders (often via the BSA, which has collected more than $81 million in settlements).

Many organizations don't recognize they do not "own" software, since programs and applications are commonly licensed. Worse, some firms use "borrowed" applications or pirated programs. Problems arise either in the form of audits and penalties or challenging delays (due to product activation conflicts and other licensing issues) when returning failed systems to operation.

Businesses must understand there are no shortcuts to running legitimate operations. All software, applications, and programs must be properly licensed.

With more manufacturers implementing product activation features, in which software programs report their installation and usage back to the manufacturer, overuse or outright piracy is becoming more difficult or impossible, anyway. But violations still occur.

Businesses can protect against licensing errors and penalties, and help ensure the fastest recovery times when failures occur, by carefully documenting and tracking all software license purchases and deployments.

Further, software licenses (including for operating systems, business line, and office productivity applications, accounting programs, security tools, and other utilities) should be purchased only from reputable technology partners. License sales on eBay that look too good to be true are.

Finally, when installing new programs, organizations should pay close attention to the license agreements they accept.

#5: Insufficient training

Mention software training in most any conference room, and you're likely to hear groans. Boredom, bad classroom experiences, lack of interest, or complexity all contribute to employees' resistance to learning new applications. But that doesn't change the fact that insufficient training ranks as the fifth common tech mistake impacting small businesses.

How bad is it?

It's estimated that office staff understand less than 20% of the available features in the software applications they use. That means 80% of the features, time-saving capabilities, and cost-reducing functions remain unused.

Gross inefficiencies result. As a consequence, many processes -- including repetitive data entry, complicated calculations, and automated data selection and reporting -- are completed manually, which introduces a greater likelihood of errors entering the process.

Tasks that could be completed in moments often consume exponentially more time. Considering that many of those tasks are repeated each business day by multiple workers, it's easy to see how the costs quickly become significant.

Most small businesses don't employ full-time trainers. Therefore it's imperative that small businesses identify technology partners, training centers, or other programs that assist staff in maximizing software applications.

Even when training resources are present, there's no guarantee staff skills will improve. For that to happen, businesses must make computer and software training a priority. Tap technology partners or other consultants to conduct regular lunch-and-learn sessions. The business can spring for lunch and, for a few hours of consultant's fees, expose entire departments to important new features and capabilities.

An organization's technology training commitment can be reinforced using performance reviews. Businesses can add specific course, off-site training, and even certification requirements to staff education programs and performance review objectives. When partnering with a local training center, businesses can create customized instructional programs or select prepackaged modules.

Organizations with limited budgets, meanwhile, can leverage self-paced instruction manuals and computer-based training aids to assist employees in improving their skills after hours or in their own homes.

#6: Security failures

Small businesses frequently fail to accommodate security issues. Organizations either don't recognize the risks or don't take them seriously.

The costs are staggering. Large U.S. organizations lose some 2.2% of their annual income due to security attacks, according to an Infonetics Research "Costs of Network Security Attacks" report. That's expensive. The FBI estimates such computer crime costs U.S. industry in excess of $400 billion.

Organizations don't need to have a high profile to become a target, either. Hackers have created innumerable automated programs that scour the Internet 24 hours a day, 365 days a year, seeking poorly secured systems, servers, PCs, and networks to infect and exploit.

Unfortunately, businesses everywhere are falling victim to compromised systems, robotic attacks, identity and data theft, and more. Organizations that fail to properly secure client and customer data often find themselves in the middle of security crises that result in bad press, lost sales, and forfeited customer trust.

Fortunately, completing simple steps assists small businesses in preventing security failures. Here are several best practices all organizations should adopt:

  • Implement and enforce strong password security policies for all PCs, servers, network equipmen, and software applications.
  • Regularly update operating systems, network equipment firmware, and applications with the latest security patches.
  • Deploy business-class firewalls in all locations; connect no systems directly to the Internet.
  • Secure all wireless networks.
  • Disable guest accounts.
  • Implement Internet and e-mail usage policies that preclude personal use of those technologies.
  • Prohibit file-sharing programs.
  • Deploy proven antivirus, anti-spyware, and anti-rootkit applications and update them regularly.
  • Regularly perform security audits and correct all deficiencies.

#7: Poor backup strategies

Despite numerous choices, methods, and options, many organizations fail to adequately back up data -- a mistake that can be unrecoverable.

Statistics reveal there is a 50% chance an organization will cease operations immediately when critical data is lost. Worse, an organization's odds of failure rocket to 90% within two years when critical data is lost. Data losses cost an average of 19 days' productivity. Recovering data from damaged disks, meanwhile, is incredibly expensive.

Even organizations that believe their data is properly protected may find themselves at risk. Occasionally, incorrect data (as in the wrong data) is backed up. In other cases, tape backups prove unreliable. (Gartner Group estimates only half of all tape backups restore successfully.) Fortunately, small businesses can follow simple steps to securely protect their data.

Since data backups are so critical to an organization's livelihood, small businesses should work with proficient IT consultants or technology partners to ensure the right data is being backed up and that it's being backed up as frequently as required. In addition, technology professionals should regularly test backup sets to confirm the data can be recovered in its entirety.

Consultants can work with small businesses to determine what data, files, and information should be backed up, how often to create the data sets, where to locate the backups, and how often to test the sets' integrity. Consultants also prove invaluable in updating backup routines when software upgrades, migrations, and other updates change critical file locations. Further, technology professionals can ensure business data remains secure, which is a critical concern for physicians, financial institutions, and even retail outlets.

#8: Virus exposure

Viruses not only remain a major threat, but their dangers are increasing. The BBC reports that unprotected PCs become infected within eight seconds of being connected to the Internet.

Infections are proving expensive, too. In the book The Dark Side of the Internet, author Paul Bocij estimates the average virus incident costs organizations $2,500 in remediation and data recovery expenses. A report by ICSA Labs places businesses' costs even higher (at $99,000 per incident).

And the numbers, varieties, and types of threats only increase. Malware programs are evolving at such a clip that many security software vendors have eliminated daily updates in favor of distributing patches every four hours.

Often, businesses and users simply fail to implement protection. A survey conducted by the National Cyber Security Alliance revealed that 67% of the respondents did not have up-to-date antivirus software. Worse, some 15 percent had no antivirus application installed.

#9: Spyware exposure

Before we address virus solutions, let's visit spyware, which is an equal threat -- and potentially even more daunting.

Spyware differs from viruses in its nature (spyware typically aims to track user behavior, collect user information or sensitive data, and display unwanted advertisements, whereas viruses often destroy data, corrupt systems, or enable hackers to remotely control a system). But spyware's business impact has reached epidemic levels.

The respected trade group CompTIA estimates spyware infections require two-and-a-half days to resolve and cost small and medium-size businesses $8,000 a year, which doesn't factor lost revenue. As evidence businesses aren't doing enough to protect themselves from the threat, CompTIA pointed to the information its research recently uncovered. More than a quarter of business users reported their productivity suffered as the result of a recent spyware infection, and more than a third reported being infected multiple times within the last six months, with some reporting being infected as many as 10 times!

No virus or spyware strategy is foolproof, but most technology consultants recommend the following steps:

  • Install reputable antivirus and anti-spyware applications.
  • In high-risk environments, a second standalone anti-spyware application is warranted.
  • Regularly update antivirus and anti-spyware programs.
  • Do not let antivirus and anti-spyware program licenses expire.
  • Perform regular automated antivirus and anti-spyware scans.
  • Regularly review security program log files to confirm proper operation.

Further, businesses should avoid deploying "free" security products in businesses. These products are often deployed in violation of the license agreements (which require licensing the software in businesses, academic facilities, and nonprofit organizations) and don't support frequent updates, real-time protection, or automated scans.

#10: Unsolicited E-mail

Most every business and user is familiar with the problem of unsolicited e-mail, also known as spam. Spam messages have become a serious issue, particularly for small businesses that often misunderstand the problem and fail to take effective countermeasures.

The Radicatti Research Group estimates spam costs businesses more than $20 billion a year. Further, almost half of all e-mail is estimated to be spam.

Thus, small businesses are investing valuable time, money, and system resources processing, delivering, and even storing these unsolicited e-mail messages. In addition to lowering productivity (staff must regularly sift through hundreds or more junk mail messages, deleting the spam, in search of legitimate e-mail), spam takes a toll on an organization's servers and workstations, which often must dedicate processor cycles, disk space, and backup media to untold gigabytes of unwanted mail.

Technology consultants wield several weapons in the war on spam. In addition to network filtering software, consultants can deploy server-based spam protection. Some organizations choose to outsource e-mail processing to a vendor that can monitor e-mail streams and filter out unwanted messages.

But such filters can generate false positives. And they're not cheap. Therefore, it's often a good idea to begin by adopting effective methods for managing unsolicited e-mail messages. Here are several first steps all e-mail users and small business owners may take to minimize spam:

  • Do not publish e-mail addresses in plain text on Web sites; instead use form-based tools that prevent robotic harvesting.
  • Avoid forwarding chain e-mail messages.
  • Ignore credit repair, get-rich-quick, and other common e-mail solicitations.
  • Use reputable e-mail filters (such as those included in Microsoft Outlook, Google Gmail, and other programs).
  • Read all terms before ever submitting your e-mail address to another party.
  • Review privacy policies before ever providing an e-mail address.
  • Consider creating a free e-mail account (Yahoo, Hotmail, Gmail, etc.) for submitting to third parties.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

18 comments
thenewmagic
thenewmagic

How do I get permission to distribute this article via handouts or local newspaper?

fidelestamandfpi
fidelestamandfpi

Very interesting and well written. Thanks Fidele St-Amand

jsikon1971
jsikon1971

Definitely right on information. As a small busines owner I totally agree wiht this all and make some of these mistakes myself that I intend to rectify:-) Thanks Erik!

jackzufeltPR
jackzufeltPR

I have come across top mistakes that small business make generally but this is a topic which needs more attention. Jack M. Zufelt- Mentor To Millions www.jackzufelt.com www.dnaofsuccess.com

peterb
peterb

Great article! This top ten list is right on the mark. Because small businesses have less resources and manpower, they have a higher chance of encountering tech missteps. The Business Software Alliance (BSA) formed a multi-year partnership with the U.S. Small Business Administration in 2007 to directly respond to this problem. Through this joint effort, we educated nearly 100,000 small businesses on proper software management and the risks associated with the use of unlicensed software. Helpful resources including Best Practices, fact sheets, and a Software Strategies for Small Businesses webinar are available at www.SmartAboutSoftware.org. A recent project of the BSA is SAM Advantage ?, a new, world-class approach to Software Asset Management (SAM) that can help small businesses avoid the top 10 tech mistakes and other serious tech problems. To learn more, visit www.BSA.org. Peter Beruk Business Software Alliance

chris
chris

this is the perfect article. I am going to try and use these concepts in our company (marketing best practices). Thanks.

darin
darin

Power protection seems to be the red headed stepchild in most SMB. I have a customer that has 2 servers. I have been trying for 5 years to get a proper Rackmounted, high capacity UPS on site. looking at about CDN $2500. Nope to expensive. Two years ago the Desktop UPS they have connected to the servers failed. Took out the MB on the Windows server. After 2 weeks of recovery, my time quickly surpassed the cost of the UPS. Make comments about that, They still would not upgrade the UPS. They are still a customer, who would give up a client thats willing to throw money at you to fix what they break, but still would be nice to be able to leave the site an know not an issue. Some SMB cannot or will not budget for preventative as they don't see the need or the long term value.

alphadogg
alphadogg

In an article written by a consultant, the number one most serious error by SMBs is not hiring a consultant. Irony can be pretty ironic sometimes...

tptbusines_98
tptbusines_98

Hello, I agree with everything listed, but you know, most SMBs have a "if its not broken, why fix it" mindset. Most SMBs will look at this listing as unnecessary expenses and not "insurance". How and what process would you use, to educate clients and potential clients about your list?????

robo_dev
robo_dev

I've seen at least four or five cases where faulty backup strategy or poor power protection really cost some businesses money. One dentist had stored all his backup tapes in the attic! Another medical office was running daily backup, consistently. Only problem was, the person running the backup was making an incremental backup each day, and over-writing the media....for three years (!) One office had a lightning strike to the flagpole out front....took about a month to recover fully.

ssharkins
ssharkins

Erik -- excellent article -- thank you!

greenhouse
greenhouse

Great list! I found all of these things when I first came to the small business where I now work. The most gratifying thing is that I have already corrected almost all of the things listed! It is hard for SMB to part with the investments needed, but much more expensive to hear the "I told you so" when you're not able to do business for 1+ days. I would still like to do more training but at one point we sent an entire department to classes on Windows and MS Office and it has made supporting them much more effective and successful.

fatpat_92
fatpat_92

Just wonder what's the difference between the desktop and the rackmount UPS. I found that APC 3000VA destktop version was more expensive than the rackmount version, plus it had bigger batteries with longer backup time. For cost consideration, I'd prefer a rackmount one.

straightlineeng
straightlineeng

Persistance IS the better part of valor. It boils down to how long you can see the same mistakes being made month after month. It took 3 years for the idea of pay me now or pay me later, to set in with the owner. I was polite about questioning their recovery strategy. Slowly it went from none to some. Then, after a catastrophic even, the light came on. Months were lost, many hours wasted by the SMB re-entering past transactions . We now are on a regular maintainance schedule. This includes hardware and software. Backups are daily. I am not a "black hole", where money disappears. Service is a good thing, holding your tongue is even better. It was really hard to watch. The Queen Mary does not turn on a dime. Hang in there, making suggestion to the person who signs the check.

kipgregory
kipgregory

Erik - Congratulations on writing one of the strongest arguments I've ever seen in print for why SMBs should retain an IT consultant. But now here's the challenge. I'm a small business, and I'm nodding my head in agreement while reading each of your points (been there, done that for almost every one). The issue now is where do I turn to find someone who can provide all of those services? You've sold me on what a good consultant can do, and if I were in Louisville, I'd be picking up the phone right now. But I'm in wherever and want/need to find someone local. How do I do that? And what questions should I pose when I find them, to vet them properly? What's a reasonable fee? How do I find out going rates in my market because NYC is one thing, Davenport, IA another. What if I'm reluctant to sign a long-term contract agreeing to 2 or 4 or whatever hours a month of "maintenance" when I doubt that after the front-end issues are cleaned up, keeping things on track is going to require that much time? What should I be asking and where should I be turning? A "companion" piece that addressed those concerns would be a very valuable guide. (And I'm not talking hypothetically.) Again, terrific job!

EdGallagherMVP
EdGallagherMVP

One of the big mistakes I find people make is in thinking that the VA rating is the only thing to pay attention to when buying a battery back up solution. There is a reason (other than the case) why there is a substantial price difference between UPSs of the same VA rating, even from the same manufacturer. I took 3 days of training from APC to learn what I needed to know to make the right decisions.

santeewelding
santeewelding

Haunt the forums more than you apparently do. I am as you are, and I cite your questions as the answer to one of the big reasons why I came here and still linger. All the sharp people here necessitate even sharper, gnarly questions to see what they're made of. It is as a job interview, the likes of which, and to which, very few here have ever been subjected, judging by reactions.