One of the toughest thing I come across working in IT is trying to help business owners understand what is the most important parts of IT within their business. Many business owners understand the basic concept that IT is necessary evil to their operations but they fail to understand the areas they can't see or they put to much assumption in. Everyone seems to understand that they need technology to compete in todays modern society, which is a very obviously statement. But to understand what technology really is at the heart of things for their business, they fail at understanding what it is is and how important it. The answer is one simple word "DATA". Technology is all about data. Email is data being sent back and forth. Word and Excel documents are just data once again. The information you use for your Point of Sale system, Record keeping, Book keeping, even Contact Management system is all just DATA.
Now so far much of what I have talked about seems rather obvious when I put it in these words, but most businesses fail on the handling and care of data. Imagine you were to buy a new vehicle and wash it regularly, make sure it clean, take it for trips to the grocery store or even across the country. You spend money on fuel and insurance, you may look for economic solutions to keep those costs down, but you do understand they are necessary part of operating a vehicle. You rely on certain parts of your car to keep it useful to you, and other components that a failure is annoying but you can learn to live with out. If the radio stops working that is not the end of the world, but if a tire blows out, then this will impede your ability to use your vehicle. The good news and the piece of mind most drivers have is their spare tire in the trunk. The vehicle came equipped with a spare tire, so your down time will be minimal, is the thought of most vehicle owners for this situation. So when is the last time you checked that spare tire to make sure their was still air in the tire, or have always assumed just because their is a spare tire, there should always be air in it? If the spare tire is also flat, we can seek comfort because of mobile phones we can call for other assistance and our down time now is extended but still some what manageable. Now what if your spare tire is flat, you are in an area with no cellular signal because you have driven to a very, very remote area? Imagine you just drove for over 2 hours at 60mph without cellular reception this entire time. OK the situation has changed very drastically now. How long would it take you to walk to find help? How long will have to wait for maybe someone to be able to come by and fix it, if any one travels this remote route? Do you have food to survive? Is there now a possibility your life might actually be in danger? Now imagine the vehicle is your data, and imagine your spare tire is your backup that you have just assumed would be there. Imagine your remote location without cellular reception is your data not moving for an unknown amount of time and wondering how long you can survive being down. Imagine this whole situation if you allowed more room in your budget for a professional mechanic/IT person to check your spare tire/data backups properly. Maybe having the mechanic/IT person spend time coming up with other additional backup an safeguards, even though having additional cost, could have made all the difference.
IT is unfortunately seen as a red mark by many business owners when they look at their accounting. Although ironically they do not consider building or liability insurance a red mark to cut from the budget but a necessity. Even more ironic is how many business owners will gladly throw large sums of money at large accounting firms, such as KPMG, Grant Thornton or Deloitte, because they handle and work with the data in your system to regain potential profits. Many business owners, in my experience and other IT professionals, will not pay for IT professionals to check their data backups. The business owners assume they are ok, like the spare tire in the trunk of their vehicle.
In one large organization I worked as the IT Director for several years. The company had 10 locations, and did several millions of dollars in sales each month. One day their Point of Sale provider made some big experimental changes during regular business hours, and the results were catastrophic to that single day of sales. All sales and data input on that day had been destroyed, I had backups from before the disaster but not for during the occurrence of the disaster. The company went into immediate alert and made sure every shred of processed paper work was sent to head office. Over the next few weeks all information was manually re-entered by administration staff in effort to mimic the input of work of employees from 10 locations. In the end I think the cost was a wash for what they made in profits that day and what they spent in the weeks to come to correct the event. But they were able to re-establish the integrity of their data again. Another organization that I occasional do work for, in the process of resolving another issue, I had discovered their offsite backups were over 3 months old. Even though management had assumed, like the spare tire in the trunk, that it was always there and available. In this case I was able to catch it, but if I had been contracted to look after their IT, this issue would have been caught in within two days, three if you include a weekend. Sooner if it had been the direct backups and not the off site backup media. But if I had not caught their failure with their off site media and their server room had been exposed to a disaster such fire, flood, or even an air conditioning failure, I suspect their business operations would have been over in less than a year. Statistically over 50% of small to medium sized business go bankrupt within a year of a major data failure. Only 6% of these small to medium sized business ever recover completely.
Technology has provided some great services to assist keeping the costs lower than they have been in the past. Cloud based solutions are a fine example of that, but like a spare tire, you need to have professional IT people to occasional look at your data and insure it is covered in this modern changing world. As technology changes, so do the methods your data is protected and so do the threats that your data is vulnerable to.
Another thing to consider about your data is how business owners expose it to potential dangers. Do you have professional trained IT people looking after your data, maintaining and planning how data is looked after in your organization, or do you have employees you assume know what they are doing? This is an easier question to answer than you might realize, and I will help you answer it with another question. If this was a company vehicle, that was used by many employees and even your family, would you have this same employee fix or work on the brakes for it because you thought it seemed simple enough and they seem to know what they are doing? If you said yes, then I assume this employee is a licensed auto mechanic, because if they are not, you are putting your life, your employees life, your family members lives and your vehicle in danger. Just like an professional auto mechanic, IT people many times make what they do look easy. You have seen IT professionals install software and it is easy enough to do and in many case you are correct. But do you realize most IT professionals question software before they install it. There is lots of safe and properly written software out there. But I have seen many users with good intentions download software from non safe sites and with a lack of knowledge to realize the potential danger. The assumption that giving everyone administrator rights makes things easier for an organization and cuts down on IT costs is a huge misguided misconception. Hackers love this thinking, because if you have 50 users on a server all with administrator rights, then the hacker just needs to now find a way into any one of the 50 accounts to own your server. If there are only 50 users and only 3 accounts with administrator rights, then they have to figure out one of those 3 users. Which do you think is easier to keep secure, 50 accounts or 3 accounts?
For more information and statistics in this post see the follow articles:
http://www.certustechnologies.com/scary-statistics-data-backup-failure/
https://securityintelligence.com/media/2016-cost-data-breach-study/
https://www.linkedin.com/pulse/statistics-data-loss-backup-laughing-matter-dale-shulmistra