Do it right from the beginning; it’s easier
By Laura Haight
Congratulations, you’re starting a small business.
If you are a fairly typical entrepreneur, odds are you are over 30, went to business school, spent just 2.5 years in your last job, and will only start one business (the LinkedIn analysis of 120 million profiles notes that less than 2 percent of entrepreneurs will start more than one business.)
Also fairly typical is the advisors that most people wouldn’t go into business without. It’s a good bet you started with a lawyer and got an accountant/business manager. You wouldn’t go into business without them. Assuming you aren’t also independently wealthy, you also developed a business plan because the bank, Small Business Administration or other funder would require it as a prerequisite for getting a business loan. And, of course, you’d have hired someone to handle your marketing/sales/website.
Let’s see, what are we missing? Oh yes, technology. And why isn’t that in the top five?
There are a lot of factors, but to me the overriding issue is a combination of the three worst words in tech (plug-and-play) coupled with an inexplicable trust of online service providers.
We all think we are pretty good at “computing” because we are pretty good users of our home/work computers. This overestimation of our own capabilities is unique to technology. No one thinks they can be their own lawyer because they’ve watched a lot of Law and Order.
And then there’s trust. We may find it necessary to use any number of online services and software, but trust should never be a factor. Just a few headlines should get our skepticism radar pinging:
- Microsoft Azure users hit by 300% rise in cyber-attacks (Computer Business Review)
- 273 million passwords stolen from Google, Yahoo, Microsoft in major security breach (Komando.com)
- Tech-support scammers revive bug that sends Chrome users into a panic (Ars Technica)
- Tesla Hackers Hijacked Amazon Cloud Account to Mine Cryptocurrency (Fortune)
Technology is the central gear that enables the rest of the business engine to turn. That makes it just as important as having a business plan, or a marketing department.
It’s also – as my mom and yours always said – easier to do things right the first time.
Technology is comprised of a lot of complex systems working together to make an even more complex system. There are many considerations, but here are a couple that are both extremely important yet often overlooked.
Build your technology on a solid foundation. That means putting in properly configured hardware-based firewall and switches to put solid security at the front door to your network.
Find a tech Sherpa. You’re going to need a technology partner. You might not need a contracted service provider at these early stages, but it doesn’t hurt to start looking for a trusted partner. As you grow, a technology partner will be a very important part of your team. Look for someone who is curious about your business, about how you do things, not just trying to pigeonhole you into their standard portfolio of services and hardware.
Security. Establish it. Right from the beginning. This is as important to your business success as locking the front door. Set up strong user policies for personal devices, for email, for home computer use, for having copies of work data at home (don’t), and for having to earn permission to access your work network from home by having a secure and up-to-date personal network (do). Once you have policies, it’s crucial to train users. Do not fall victim to the “everybody knows that” theory of security. If that were the case, we would not be having this particular conversation.
Know what the best practices are for hardware, software, communications, and user access. And follow them right from the beginning. Business cultures are hard to change once lax practices have become acceptable. Every exposure, hack, and ransomware incident from Equifax to the State of South Carolina happened because a single employee did something they shouldn’t have done or had access they shouldn’t have had. Users must be engaged, involved, and empowered for your business to be truly secure. You also have to understand, model, and reinforce the importance of security. Without those two things no security expense can protect you.
Choose your partners carefully. ‘Trust but verify’ applies pretty much to all of our endeavors. In business, partnerships have proven to be a big hole for technology security. We are quick, it seems, to give vendors access to our systems, to not monitor how it is used, to forget they have it, to never ask about the security on their end, and - far to often - to regret all of that. This is the Cambridge Analytica-Facebook debacle. But smaller scale problems happen all the time to businesses just like yours. Develop a vetting procedure for outside access into your systems. Monitor it regularly and take away what is no longer needed.
Technology is a complex system. It’s tendrils reach into every aspect of your business. That can be a key to empowering growth or a big problem. It’s just like mom said: Do it right the first time. It saves a whole lot of hand wringing and yelling later on.