Small and Medium size businesses usually can’t afford an IT department with specialists in every technology field. So they hire an IT consulting company to come in and take care of the network.
In the Seattle area we find that 85% of small and medium size businesses continue to see network failures even after hiring an IT Support company. I’ve found that there are 10 areas most Seattle business owners and even Seattle IT Consulting companies miss.
Here are the first questions I ask my new clients:
1) Are your computers on an accounting life cycle?
2) Do you buy warrantees for your hardware that lasts the life of the system?
3) How old is your oldest server?
4) Is all your most important information on your oldest server?
5) Does the business owner have the Admin password(s) for the network?
6) Does everyone in the company have the same access rights to the company data?
7) How many weeks, days and/or hours could your company go without access to company data?
8) How often is your backup tested? (Assuming the backup is being done)
9) Do you have an offsite backup of the company data?
10) How long would it take to restore a file, a server or a server room?
Here is my rule of thumb recommendations. Laptops and desktops are designed to last 2 to 3 years. Servers are designed to last up to 5 years. (A beefy desktop is not a server and will only be reliable for 2 to 3 years.) Putting the systems on an accounting life cycles means that the each month money is set aside to replace the system at the end of the accounting life cycle. Systems past their life cycle have a 50% chance of failing each year after the life cycle. If the business is not setting money aside, the business may be stuck with an unexpected bill to replace the server when these odds finally catch up.
Even small companies can buy 1 hour onsite warrantees for their hardware. This means that within 1 hour a hardware certified technician will be onsite with all the replacement parts needed to fix the system. A good warrantee reduces the risk and loss that comes with days of lost network availability.
Question 3 & 4
Most businesses start with one server. Then buy another and another. Usually the customer information and the most important data are located on the first server. I’ve noticed that businesses avoid making changes to their systems when things seem to be running well. When things start failing businesses are even more unlikely to make a major technology change. This means that often the oldest server, with the highest risk of failure, also holds the most important business data.
Best practices say that the admin password should never be known by non-corporate employees. Even within the organization the administrator password should be locked in a safe and never used except in an emergency with the owner watching.
Users who need administrator security level access should not have access to the network administrator password. Each administrator should have an individual account with admin rights. This way, in case of a problem, each administrator’s actions can be tracked individually. If a particular administrator’s account is compromised, the owner still has access to an uncompromised Network Administrator account.
Why is this important?
- First companies who outsource their IT to another company can shut down the admin accounts if the business owner wants to switch IT Support companies.
- Second if an administrator makes a mistake, the person who made the mistake can be identified. When two or more people use the same admin account, it’s not always possible to know who made the particular mistake.
Imagine a bored receptionist exploring the network who finds he/she has access to the accounting and payroll files. I’m always amazed how often I find this situation on a new client site. Soon salary and private HR information are spread through the corporate gossip system. I often recommend a security audit when I see a very open or a very complex data security model and will discover this situation.
New entrepreneurs seldom worry about the network going down. Most of the information is in his/her head so losing the computers isn’t that scary. This attitude often stays the same as the business grows. Most small businesses couldn’t go three days without the network. On the other end of the spectrum, enterprise level businesses that can’t go without their data for more than 3 minutes. I’ll usually see a physical reaction of worry as the owner thinks about the consequences of this question.
Statistically 1 in 10 companies tests their backups. The best practice recommendation is to check the physical backup every quarter. Statistically 25% of those backup tests fail. 50% of company backups chronically fail. Often an onsite backup is one tape sitting on top of the server that just failed! Without going further, this question is important because the statistics on backups are depressing and devastating for most businesses.
The importance of this question is that restoring data requires more than just a data backup. For example: If the server is gone, how long will it take to get a server replacement?
- If the data is being stored off site, how long will it take to get that data back?
- If a new server is bought will there need to be software licenses purchased for the operating systems and the applications?
- Small businesses sometime only have one small business server so will the domain need to be reconstructed as well?
- Will the applications need to be reinstalled before the data can be restored?
Solving these and other problems after the server is down can take days. A disaster recovery plan addresses these problems before the server goes down.
When planning, designing and implementing new networks these are 10 areas I find important to consider. I’m interested to hear what other questions you might be asking when you walk into a new network?