The top IT mistakes small businesses make and how to fix them

Laurene Hamilton, Head of Technology Operations and Co-Founder of IT outsourcing firm Seeto, runs through the most common technology oversights organisations make, and explains what they need to do to put them right

Many small and medium-sized businesses find themselves making mistakes around device provision and security, and HR issues including on and off-boarding staff.

That's according to Laurene Hamilton, Head of Technology Operations and Co-Founder of IT outsourcing firm Seeto.

Hamilton explained that smaller businesses often don't start to consider device security until they're quizzed by existing and potential investors.

"In the past 18 months I've seen a lot of common problems around device security and in fact information security as a whole," she began.

"Those issues tend to arise off the back of investor due diligence questions, where businesses need to tell them about the physical security of their data and other assets. You'll often see that the devices their staff are using are on local accounts, and perhaps they got them from a high street store, but now they need to control them and put policies around them.

"That device management issue can quickly scale as businesses scale, because you don't know what data's stored on them. Are they using approved applications or completely doing their own thing? It can be a free for all."

Register now for the Women in Tech Festival Global 2021!

She recommended that organisations buy devices from reputable resellers.

"Organisations should never go to a high street retailer for their devices, or they'll end up with consumer versions of operating systems rather than for instance Windows 10 Business, or Pro. We use a couple of resellers: Insight and Eximedia.

"To secure devices we recommend Microsoft Intune. As it's cross platform compatible. Startups and scale ups like to offer platform choice to employees. It's important to have a device management platform that can manage all devices, rather than having different devices managed on different platforms.

"You don't want to have multiple things to log into as an IT administrator, you want one that covers it all."

The other common issue Hamilton highlighted was around HR systems and processes, especially joining and leaving.

"I see a lot of issues with the on and off boarding process. It's important because if you're starting a business you need your employees to have a good experience from day one. Sometimes it can be difficult to know how to do that, or how to get laptops on time and get accounts provisioned properly. It also involves taking users through where they get started with systems and tools."

Read the latest in-depth market guide to the leading HR platforms, rated by end users, on Computing Delta.

"And it's the same with off-boarding, where someone decides to leave the business, that needs to be tight. You could be opening up risk if you're not off-boarding employees in a timely manner and ensuring your information is secure."

She added that she oftens sees smaller organisations managing all staff via a spreadsheet stored on one person's laptop.

"Often the HR system is just a spreadsheet on the CFO's computer. We like to implement what we call an ‘opinionated tech stack'. We like to work with best of breed tools, in this case it's Google Workspace, Microsoft 365 for productivity, all wrapped in a big secure bubble with identity management from Okta.

"We're strong believers that all information on an employee should come from HR. So we implement a strong HR system from the very beginning, because small, dynamic businesses often don't have that from the start. We integrate that with the identity management platform that can distribute access management to the core business technology tools.

"Then you're capturing the important information on employees from the very beginning, it sits in the HR system, and then that's the single source of truth on that employee. All the manual tasks are taken away - no one has to go and create email accounts or usernames and passwords."

Hamilton explained the importance of all of this being wrapped within an overarching identity management system.

"Okta is a single sign on platform. A business could easily have 15-20 different applications, each with a single username and password. That's 20 passwords either someone's writing down in a book, or they save it in their browser. So with Okta that allows the IT admin to have control over application access, but also to implement single sign on to take away that requirement from the user. That takes away the IT administration challenge, and also means the end user experience is much nicer as they don't need to set up 20 different accounts."

Microsoft vs. Okta, who leads the identity management race?

So what could go wrong with organisations which don't take steps to properly manage devices and data?

"There are gaps there for information to be lost through if you don't do this. Employees could accidentally or maliciously introduce malware into their devices if they have free reign to use them.

"Also corporate data could more easily be lost if it's all stored locally. It might not be backed up, or if the device is lost or stolen, you can't secure it remotely. You need to ensure employees are using devices in the right way, and storing data in the correct places. And those devices need to be regularly updated, and encrypted. Without all of that you're opening up business risk.

"All of these controls can be light-weight, but it puts the business in a better position and provides reassurance that their data and assets are secure," said Hamilton.

Earlier Computing caught up with Mark Ridley, co-founder of Seeto, to find out what makes a great CTO, and how organisations know when they need one.