How to Avoid Top 10 IT Mistakes Committed by Small- and Mid-Sized Businesses

– Dean Tremblay, Partner

In this article on BrightHub, GFISecurityLabs’ David Kelleher talks about common IT mistakes that small and mid-sized business (SMB) customers make. Avoiding these pitfalls is possibly the best reason for an SMB to outsource its IT to a dedicated managed IT service provider.

Below, we take Kelleher’s Top-10 list as a jumping-off point and describe how we help our SME clients protect themselves from a variety of business risks with proactive, outsourced IT management.

Connecting systems [such as new computers and mobile devices] to the Internet before hardening them.

Part of our managed IT service is to provision gateway access controls (a.k.a. firewalls) to protect internal IT systems. We also provide anti-virus and spyware controls to all of a customer’s connected systems.

Connecting test systems to the Internet with default accounts/passwords.

When we provision new computers, mobile devices and other connected systems on behalf of our clients, changing default passwords to strong, secure passwords is part of our process.

Failing to update systems. Security holes exist in your operating system and no software is perfect.

We provide both native Microsoft patch management as well as patch management from third parties for targeted applications, such as Adobe products, Java, QuickTime and others. This is part of our standard managed services offering because we believe strongly that it needs to be done.

Failing to properly authenticate callers.

Most of our clients provide us with a list of authorized individuals who are allowed to initiate changes on their networks. Where required, we can also use a challenge/response protocol to authenticate individuals who contact us for helpdesk support on behalf of a client organization.

Failure to maintain and test backups.

At Tango, we believe that any IT service is rendered irrelevant if excellent backups are not maintained. To protect client data from disaster, we regularly back up business data and we validate that the backups are successful on a daily basis. We also perform a test “restore” process once per month for any client engaged with us under a managed services contract.

Failure to confirm that your disaster recovery plan actually works.

We provide backup and disaster recovery services for SMB clients. In our experience, most SMBs do not have disaster recovery or business continuity (DR/BC) plans in place and find it too expensive to justify the cost of, for example, maintaining two completely redundant IT infrastructures with fail-over. Our cloud services offerings substantially reduce these costs and make DR/BC accessible to small and mid-sized customers.

Failing to implement or update virus detection software.

Tango implements a “defense and depth” strategy of protection against viruses, malware, spyware at the email server, the network gateway and the desktop to ensure that your systems are fully protected. This is another core service in our managed IT service offering, no exceptions!

Failing to educate users. Users need to know exactly what kinds of threats are out there.

In our managed IT service industry, end-user knowledge (and lack thereof) is perhaps the most common area of risk that affects our customers. A lack of awareness or sophistication can lead to users opening their systems to viruses, spyware, phishing and other threats. The solution is to mitigate risk through ongoing end-user training. In addition, Tango builds client IT architectures such that end users are removed from critical decision-making processes. For example, next-generation firewalls and email security applications remove most of the risk from vulnerability attacks. But, education is still the first line of defense!

Trying to do it all yourself.

Even if you have an IT resource on staff, it’s simply not realistic for an SMB to effective manage all aspects of IT effectively. In a previous article about knowing when it’s time to hire an IT resource <link once that blog is approved & posted>, I outlined that four skill sets that a corporate IT department of any size must possess, and provided an ROI/budgeting model to help you determine how best to fill those needs. Chances are good that a partially or fully outsourced managed IT service model will make the best sense for your business.

Failing to recognize “insider threats”.

Any malicious, untrustworthy or disgruntled employee presents a risk if they are not properly monitored. If you operate in a strict regulatory environment or have other reasons to be concerned about insiders hacking, stealing or selling your sensitive business and customer data, there are a number of checks that we can build into your IT architecture and roadmap. This may include implementing monitoring measures on specific systems, devices or network resources. It may also require high-security physical restrictions on employees who enter and leave your premises. Our IT strategy and virtual CIOservices can be leveraged to provide expertise, insight and solutions to these and other big-picture IT concerns.

What You Can Do Now

To evaluate your organization’s IT security against these and other potential risks, contact us for an IT security audit.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: