7 IT Housekeeping Things Every Company Needs to Do
How Our Client Relationship Began
Our new client "Sam" is the kind of business leader we love to work with. "Sam" acquired an existing company and asked us to make sense of the mystery equipment, chirping battery backup, tangled cables, software, and services he inherited.
What makes "Sam" the coveted client is how quickly he said he knew how to successfully run the business, but he needed technology help. He was confident in his expertise and completely comfortable talking about what he didn't know.
What we're sharing with you are some essential -- and often overlooked -- to dos we discovered.
In any case, these are reminders that IT teams sometimes fall short in delivering what you expect and need.
7 Overlooked IT Tasks That Need Attention
1. Anti-virus was disabled on all the devices. Windows Defender is included with the Windows operating system and is installed by default.
Action Items For You
☑ Windows Defender is not adequate protection because it is still reactive protection. That means it relies on previously discovered viruses to block them on your devices. Proactive protection uses machine learning to continuously detect and block potential risks before they become known.
While Defender is becoming more proactive, there are more widely adopted advanced endpoint security solutions available. We installed the proactive protection we use ourselves on “Sam’s” equipment.
☑ If you are going to continue using Windows Defender, make sure it is enabled.
☑ Confirm it is enabled from time to time. Undiscovered malware on a device can turn this protection off, and you won’t know it.
. . .
2. Windows updates had not been applied since 2019. This is a basic security housekeeping practice you can't afford to overlook. Windows releases patches in response to vulnerabilities in the operating system and known attacks.
Action Items For You
☑ Confirm that your servers, desktops, and laptops are configured to automatically install updates. Don’t rely on doing it by hand when you have time. You know what will happen.
☑ If you have an internal system administrator or an outsourced IT provider, they should implement a group policy that enables this feature and prevents individual users from changing it.
. . .
3. There were no login passwords on the desktops. There isn’t much more we need to say about that.
. . .
4. The company’s domain name was registered to a third party. It is not uncommon for your website developer to register your domain name for you.
However, your domain name is a valuable company asset that you need to retain ownership of. When a third party is the registered contact, they can control the ownership of your company’s domain name.
Action Items For You
☑ Do a whois (https://www.whois.com/) lookup on your domain name. There are 3 contacts: registrant, administrative, and technical. We recommend that your company be listed at least as the registrant and administrative. If your company is doing the technical development, then you will be the technical contact as well.
☑ Never use an employee’s name or email address as any contact. The risks should be apparent.
☑ Always use an officer of the company for all contact information.
☑ As a standard practice, we recommend using an email alias instead of a single person's address. An alias doesn't have an email inbox. Instead, it is a address that forwards all emails to one or more actual email address in the company. If one person leaves the company, then others in the company are still in the email communication loop.
☑ Check the expiration date for your domain name. If you are not the administrative contact, you will not receive renewal notification. Once your domain name has expired, it is available on the open market for anyone to purchase.
. . .
5. Neither the web developer nor the IT support provider has a secure website. Having an SSL certificate on a website has been standard practice for several years. It communicates to the website visitor that the company takes security seriously.
Action Items For You
☑ Make sure that your IT service providers have a secure site. It simply means they’re paying attention to basic security practices. A website – and providers -- without an SSL certificate should be avoided.
. . .
6. Both the web developer and the IT support provider are home-based companies. First, this isn’t a criticism of where a business chooses to operate. These are simply some perception points that need to be considered.
Action Items For You
☑ Google My Business is a way for companies to claim their business with Google. You earn a visible position in the top right corner of the Google page when your company is found in a search.
☑ Google also searches for and displays a photo of your business. When your home address is listed with your Google My Business account, then your home is the photo people see. A modest single family home with 2 cars in the driveway, overgrown grass, and a garbage can at the curb might not project the professional look you're going for.
☑ The Google account for "Sam's" web developer has a prominent red “Temporarily Closed” sign. Remember, these are the folks who host our client’s website and own their domain name. The domain is expiring in 3 weeks.
. . .
7. The IT provider has all of the client’s login credentials. When we asked for the login information we would need, we received a list of both the technical logins we need as well as every business account including their online financials.
Action Items For You
☑ Remember, the IT provider has a non-secure website, and he operates out of his home.
☑ What security controls does he have in place to safeguard his client’s accounts and login information?
☑ Who else is in his home that might have access to confidential information?
☑ The provider had a typo in his company’s name on his email signature. How much attention to detail is there?
☑ Create an account in LastPass and store all of your account login information securely.
☑ Only give login information to third parties on an as-needed basis.
One More Thing
If you are acquiring a business, a technology discovery is as important as the financial and legal due diligence.
Thanks for Your Thursday Visit
You're in business to grow and deliver what your customers and clients want most from you.
You've come to the right place. We share information, knowledge, tools, and resources to help you and your business thrive.
How to Talk With Your IT Team
Knowing the questions to ask your IT provider or internal team is the first step in planning your company's secure technology foundation.
This free eBook: Talking With Your IT Team About Everyday Business Technology gives you the questions to ask and the key listening points.
Grab Your Copy Now
Linda Rolf is a lifelong curious learner. She is fueled by discovering the unexpected connections among technology, data, information, people and process. For more than four decades, Linda and Quest Technology Group have been their clients' trusted advisor and strategic partner. They actively contribute to each client's success through mutual collaboration, thoughtful business analysis, enterprise software development, technology integration, database design and management, opportunity discovery, business growth strategy, and marketing initiatives.They believe that lasting value and trust are created through continuously listening, sharing knowledge freely and delivering more than their clients even know they need. As the CIO of their first startup client said, "The value that Quest brings to Cotton States is far greater than the software they develop."