A Dime a Dozen Small Business, Tech and Talk

Larry Seltzer at eweek published an article on the current San Francisco case where a Network Admin was the only individual to have business critical knowledge and passwords for key IT infrastructure. Allegedly, this now jailed employee changed all the passwords and is refusing to divulge them.

As Mr Seltzer states;

If critical information exists only in the brain of one person, that person is a disaster waiting to happen.

This situation is not just an IT issue, in the SMB space this crosses many boundaries as we do more work with less people than large organizations, we all wear many hats. In this tongue-in-cheek titled post Can your Small / Medium Business pass the Beer Truck Test? I wrote;

Who else knows where that payroll or financial information is? Who else has any idea on your accounting system, or any other technology resources that you have?

As a small / medium business manager or general manager it is absolutely critical that your IT (either outsourced or internal) is part of your agenda. Your infrastructure must become systems dependent - not people dependent.

This is a case where Managers abdicated their IT responsibility, they did not delegate it. In the SMB space we have less redundancy in our staffing of various critical functions.

Without getting into possible deliberate misconduct as in the above case - how many scenarios can you think of that would have more of an impact on a small / medium business with one person gone?

Like your controller who suddenly has a death in the family - 3 days before payroll?

On this blog I have posted many summaries of how even SMB managers can save time and money utilizing ITIL processes . This post is not one of those summaries, but a real world example of how “practicing what I preach” has just saved me an inordinate amount of time.

This is one small example - but scale this small example over time, and you begin to see where the time and productivity savings start to accrue.

The Incident

At my organization we use many of the same make and model of laptop computer. Approximately 6 months ago, one of these computers died. The symptoms were extreme corruption of the video screen and then a failure to boot up properly.

My home built Asset Management system told me that the unit was under warranty, So I called the vendors warranty support line.

The support issue lasted almost 2 weeks and took hours of my time, on phone calls, repair work and shipping;

* the support representatives shipped a new hard drive for the laptop. I had to remove the old drive, return it to the vendor, install the new drive, and start to reinstall the operating system. No luck - still dead - The operating system install died halfway through.

* they then shipped new memory (RAM) chips - I had to remove the old memory and install the new chips - Again no luck - still dead.

* Finally they sent a service technician to replace the Video Processor and Main Board - voila - it was actually the video board that was the problem

So the ITIL Incident Managememt Process has a “failure to boot” of that particular asset

The Problem Management Process documents that the Video Processor card was the culprit that caused that incident.

The Benefit?

I just had another laptop of the same Make and Model fail with the exact same symptoms. Will I have to repeat that 2 weeks and countless hours?

No!

I will be calling the Warranty support line again, but due to my documentation from the first incident and problem, I can reference that first “service Ticket” with the vendors support staff - we know what the fix will be.

They will still have to replace that video processor - but we will avoid the days and days of shipping new parts and hours on the support line.

Duuh Can’t you remember that?

Of course - I personally could remember that first incident - but the point is that regardless of your IT being supplied by a provider, or internally - anyone could avoid that wasted time and effort.

The Caveat

I have written in the ITIL summaries that the process of managing the ITIL framework can be the most difficult. If staff do not follow the framework, all the knowledge captured in that first incident and problem resolution is wasted if the second time it happens some tech just ignores the historical information and picks up the phone to repeat it all over again.

Just took a week’s R&R - no phone, no laptop - just beach and Canadian cottage country.

Got a few books read including; Risk: The Science And Politics Of Fear by Dan Gardner

I loved it - a book most all politicians and marketers won’t want you to read.

Dan - if I went though it again with a fine toothed comb - I am sure I saw a couple of relative statistics of your own!

I recently read John Kotter’s Leading Change , as the author identifies in this quote;

we don’t realize a crucial fact: changing highly interdependent settings is difficult

The more interrelationships and dependancies that exist within a given environment - the more difficult the human and technical processes of change becomes.

I think you would agree that scheduling a free evening for an event can be easy with two people - but try and get consensus on a time and date with thirty people.

Information Technology is Interdependent!

And guess what - IT by its very nature is interdependent. The fabric of our businesses are woven with technology, from Accounts Payable to Purchasing to Customer Management. Is it any wonder why it can be so difficult to improve internal process with technology?

Many businesses in the small, medium enterprise space make this tendancy worse by not having any communication with IT, or about IT. You may have an IT Manager - but it is often an empty title as his or her mandate is simply to keep that pesky email server or database running. Who needs to meet regularly with IT?

Blame also resides with IT staff, too many of us don’t think strategically enough - or at least don’t articulate it properly if someone is actually listening.

The Hard Questions

As a small business manager, I have every confidence that you pose the “hard questions” to your finance adviser, your prospective suppliers and any other critical relationship that you are entering. You ask these questions to know what change is occurring and to intervene if it is a “bad” change.

But you have to ask the those hard questions with IT staff as well - but to do that, to ask those questions, means that IT has to be part of the conversation. The hard questions are not a one time thing after something failed to work properly - they are daily or weekly meetings on the inter-relationships of your organization and its technology infrastructure.

The questions have to be the “Why do we do this?” the “How do we do this?” the “What are the alternatives?” questions. Change happens - Change is difficult, but if you are not openly talking about it - it can be impossible.

As an SMB Business Manager - Are you asking these questions on a regular basis?

We all have email accounts that support roles - not individuals in our organizations.

You know the ones, careers@yourcompany.com, information@yourcompany.com, sales@yourcompany.com, etc

A common thing in the SMB space is to have John in HR have a second E-Mail address assigned to him with the careers@yourcompany.com address. Then Jane in Marketing has the address for the information@yourcompany.com account.

I don’t recommend this. Over time these role based EMail accounts grow in number, then when John or Jane in leaves, we hope that someone remembers to move that careers@ or information@ account to somebody else.

If you are using an EMail platform (Such as MS Exchange) that supports public folders and distribution lists you can avoid this risk of losing EMail accounts, and at the same time, improve information retention if it is required.

Distribution Lists

Distribution Lists can have email addresses just as individuals do. So an information@yourcompany.com email account could be created as a distribution list with more than one member of sales or marketing as members. Members can be easily added or removed and nothing can get lost.

Public Folders

Microsoft Exchange Public Folders (and Lotus Mail Enabled Databases) can also be effective. They also have EMail addresses, so when that CV is emailed to careers@yourcompany.com, it is tucked permanently into a safe storage area and the applicable individuals can be notified via an associated distribution list.

Regardless of who comes, or who goes, you no longer worry about what information may be missed.

Here is another example - As an IT Manager, when I purchase software for the business, every vendor on the planet requires that the software be registered with an email address.

I don’t use my personal EMail address for this - I use a Public Folder with a distribution list. Those registration and licencing emails can then never be lost.

Believe me - nothing is worse than trying to find out licencing information about some software that you previously purchased, but the IT or AP staffer used their personal address - and since they have been gone for 2 years ……….

Two years after I am gone, my replacement will still have all the required licencing and registration information safely tucked away in that EMail folder.

If there is equivalent functionality in Google Mail - Please let me know!

Here are three references, all geared towards IT in the SMB space - they are all different - yet there is a common thread that they all allude to.

Ann All in this post called SMBs and the Outsourcing Decision at IT Business Edge quotes;

SMBs showed far less interest in outsourcing than their larger competitors, planning to spend less on consulting/outsourcing/training services and managed services than the big guys.

Then Darren Dahl at Inc.com has the following quote in this article “How to trim your IT budget without making sacrifices.”

Some businesses are ditching their IT departments in favor of outsourced teams.

Third, Jared Goralnick has an excellent blog post called Wake up: your technology adviser sucks quotes;

The influencers who spread outdated, expensive, and erroneous information should get a clue or quit their jobs–because they’re not helping anyone.

The Common Thread?

How can a business manager in the SMB/SME space make an informed judgment on the correct technology options for their business when;

Well, when you have no idea of the correct technology options for your business?

Who do you ask?

What is different about that type of relationship?

What lack of knowledge needs to be overcome?

Can I trust where that knowledge is coming from?

I included the article above by Darren Dahl as an example because it is skewed on the portion of outsourcing the entire tech team - the business owner is a techie - so the above questions don’t apply.

And Jared’s article is brilliant - if you have been following this blog - you will know that I echo Jared’s opinion (see About Me)

I will follow up with some future posts on some of the questions for business managers to ask.

In this post on application auditing, I wrote how we found some “orphan accounts” hiding in some of our databases and applications. These orphans are old accounts belonging to staff that no longer work with us.

In my opinion it is critical that you have a complete, and documented resource exit process for any staffer that leaves your organization. This process should be a complete checklist of all activities and actions required by your internal departments to ensure that nothing will be forgotten.

This checklist can include fairly obvious items such as obtaining physical assets such as keys, codes, laptops or cellular phones, to less obvious items such as forwarding incoming email (especially important for customer facing roles) to removing network, VPN and any other accounts.

This urgency increases for any Software as a Service accounts that you may be using. Failure to remove login priveledges for an ex-employee to a hosted application(s) can allow an ex employee to access that data from absolutely anywhere.

A few recent articles point out the critical nature of ensuring that passwords are appropriately managed.

Thomas Claburn at Information Week Canada quotes Google;

Password security is particularly important for Google because Google Account passwords unlock the keys to an individual’s Google kingdom from anywhere in the world.

And John Jainschigg at Baseline quotes;

That lack of central control can be problematic when users leave the company, as IT management may forget to revoke their access to SaaS applications.

In the SMB space, it is often a Human Resources Manager, or an employees direct superior that takes the lead when an employee leaves. They may remember “Retrieve Keys” and “Get Mail address for final papers” etc. But too often any other issues or assets are performed only as an “if Remembered” basis.

A documented process will ensure that “if remembered” becomes “always remembered”

Brian Flora in CIO.com has an excellent read on ITIL in the small business / medium business space.

When it comes to smaller IT organizations, this means missing the opportunity to “design in” great service oriented processes at a relatively early stage, before bad habits and inefficient processes have a chance to become company culture.

I hate to admit it - but compared to my notes on this blog, you can also see the difference in a professionals writing

I came across a print advertisement pointed at the small / medium business space that stated you could fork over some cash, then your web site would be “Search Engine Certified”

Two words come to mind - B.S.

Search Engine Certified does not exist.

Search Engine Optimization (SEO) exists. SEO is a time consuming and painstaking process of optimizing your web site copy and structure to assist your web site in generating traffic from search engines.

If you think search engine optimization is easy - Just ask Amrit Hallan or The Search Engine People

Technology Marketing Myth 1 is here

Even in the SME space - we spend a lot of money on technology assets. (I hear all the financial types saying too much!)

Yet too often we do not carefully and completely track the life-cycle of that hardware or software asset from the cradle to the grave - and that can waste money.

IT Asset Management is the concept of tracking and managing this asset life cycle.

How Does IT Asset Management save money?

1) You already bought it once - do you remember? Why buy it again?
2) Where is it now? - You think that the remote sales guy that used to work for you had a Laptop and cellular phone. (Sorry, he had a projector and printer too)
3) warranty & service agreements - You paid for it, don’t spend money again.
4) Service History - As detailed in my blog about ITIL reducing the cost of support by not re-inventing the wheel

Larger organizations can use dedicated asset or seat management tools and applications, smaller organizations can use free tools or existing software tools. The key is to identify and record all asset purchases with an asset number, plus all the details, both physical and financial of that asset.

The amount of data that you collect may be incredibly deep for larger organizations - to just basic information for smaller businesses.

The extra few minutes that is required updating your Asset Management tool after every Move / Add / Change (MAC) is miniscule compared to the long term benefits.