Congratulations, you’re starting a small business.
If you are a fairly typical entrepreneur, odds are you are over 30, went to business school, spent just 2.5 years in your last job, and will start only one business (the LinkedIn analysis of 120 million profiles notes that less than 2 percent of entrepreneurs will start more than one business).
Also fairly typical: the advisers that most people wouldn’t go into business without. It’s a good bet you started with a lawyer and got an accountant or business manager. Assuming you aren’t also independently wealthy, you also developed a business plan because the bank, Small Business Administration, or other funders would require it as a prerequisite for getting a business loan. And, of course, you’d have hired someone to handle your marketing, sales, and website.
Let’s see, what are we missing? Oh yes, technology. And why isn’t that in the top five?
There are a lot of factors, but to me, the overriding issue is a combination of the three worst words in tech — plug and play — coupled with an inexplicable trust of online service providers.
We all think we are pretty good at “computing” because we are pretty good users of our home and work computers. This overestimation of our own capabilities is unique to technology. People don’t think they can be their own lawyers because they’ve watched a lot of “Law & Order.”
And then there’s trust. We may find it necessary to use any number of online services and software, but trust should never be a factor. Just a few headlines should get our skepticism radar pinging:
Technology is the central gear that enables the rest of the business engine to turn. That makes it just as important as having a business plan or a marketing department.
It’s also — as my mom and yours always said — easier to do things right the first time.
Technology is composed of a lot of complex systems working together to make an even more complex system. There are many considerations, but here are a few that are both extremely important yet often overlooked.
Build your technology on a solid foundation. That means putting in a properly configured hardware-based firewall and switches to put solid security at the front door to your network.
Find a tech Sherpa. You’re going to need a technology partner. You might not need a contracted service provider at these early stages, but it doesn’t hurt to start looking for a trusted partner. As you grow, a technology partner will be a very important part of your team. Look for someone who is curious about your business and about how you do things, not just trying to pigeonhole you into a standard portfolio of services and hardware.
Security. Establish it. Right from the beginning. This is as important to your business success as locking the front door. Set up strong user policies for personal devices, for email, for home computer use, for having copies of work data at home (don’t), and for having to earn permission to access the work network from home by having a secure and up-to-date personal network (do). Once you have policies, it’s crucial to train users. Do not fall victim to the “everybody knows that” theory of security. If that were the case, we would not be having this particular conversation.
Know the best practices for hardware, software, communications, and user access. And follow them right from the beginning. Business cultures are hard to change once lax practices have become acceptable. Every exposure, hack, and ransomware incident from Equifax to the state of South Carolina happened because a single employee did something he or she shouldn’t have done — or had access he or she shouldn’t have had. Users must be engaged, involved, and empowered for your business to be truly secure. You also have to understand, model, and reinforce the importance of security. Without those two things, no security expense can protect you.
Choose your partners carefully. “Trust but verify” applies pretty much to all of our endeavors. In business, partnerships have proved to be a big hole for technology security. We are quick, it seems, to give vendors access to our systems, to not monitor how it is used, to forget they have it, to never ask about the security on their end, and — far too often — to regret all of that. This is the Cambridge Analytica-Facebook debacle. But smaller-scale problems happen all the time to businesses just like yours. Develop a vetting procedure for outside access into your systems. Monitor it regularly and take away what is no longer needed.
Technology is a complex system. Its tendrils reach into every aspect of your business. That can be a key to empowering growth or a big problem. It’s just like Mom said: Do it right the first time. It saves a whole lot of hand-wringing and yelling later on.