One of the issues that I see quite frequently with SMEs is one where the business becomes dependent on a certain physical computer (or computers) working in a certain way, and if that computer either misbehaves of fails, there is some unwanted impact on the business. The situation that we should be in is that if we lose a physical computer, we should not care because any one computer should be instantly replaceable.
What we do need to care about in terms of loss is the actual data, not the physical device on which it runs. An analogy here is that if our house gets broken into, it shouldn’t bother us if the TV is stolen (as it can be replaced by insurance, it’s no big deal), but if grandad’s war medals are stolen, those cannot be easily replaced and are precious.
My philosophy is that the IT used in small to medium businesses should not be any different to that used in large businesses. The use cases and needs of business do not vary that much as the scale of the business increases, at least if we look at general IT needs such as email, file storage, security, and so on. That philosophy allows us to take look at behaviour in large businesses and fit it where we can into the world of the SME – i.e. you should follow large businesses in how they run the IT, even if you are just a one-person business.
Most IT sins can be absolved by using backups. Backups work as a “giant rewind button”, enabling you to go back in time before a disaster occurred. Large businesses put a significant amount of their IT budget into backups for this reason. The way that large businesses do their backups is by creating a central server where files are placed, and either train or force the staff to store their files only on that server. (That file store server can be in the cloud, and SMEs tend to do that now anyway.) If a disaster occurs – e.g. the file server catches fire, is stolen, or someone deletes something – the data can be retrieved from a backup.
Similarly, in terms of how large businesses use software, that software is usually server-based too. The database used by that software is similarly backed up so that, again, if the server catches fire the backup can be restored. In any size business we see more use in cloud-based software – all that’s happening here is that software is running on “someone else’s computer”, and they’re backing it up too.)
Large businesses have always worked towards the point where an individual’s computer is disposable. There is nothing of value on it – everything is stored on the network or in the cloud – and so if the individual’s computer is lost, stolen, or fails in some way, all the individual needs is a new computer issued to them and off they go again.
In small businesses, this philosophy doesn’t carry through in the same way. A large business will commission and deploy a computer system, and it does this with intentionality – the IT team will architect and design a system that will design out or lower risk, along with lowering the “total cost of ownership” (TCO). They do this by designing the servers (that store data and run the software), the “clients” (the computers that people use), and the network (that connects the two together). The clients are intentionally designed in this method to be disposable, to the extent that the IT department will create an “image” of what the computer’s needs to look like when it’s deployed such that when a user gets issued with a new computer, that image is written to disk and off they go.
In small businesses, computer systems are not designed. We know that we need IT in order to trade, but we will often do that by buying or finding a laptop, and buying Microsoft 365, and just using it. As we grow the business, we buy more PCs, obtain a new subscription for Microsoft 365, and off we go. We explain to staff how to access things and log-in, but there is no “system” as such. As the business scales, at some point there is a “growing up” process where the first system is implemented by evolving what the business has been running until now, and the business’s IT starts to look like that of a large business.
However, even in a SME without a system, it’s imperative to get the benefits of this “disposability”. This requires three things.
Firstly, you need to get the users to realise that philosophically their computer is disposable, and that all data must be, absolutely must be stored on the server, or NAS, or in the cloud. You can enforce this, but in an SME it’s usually better to get the user’s trained to do this.
Secondly, your backup game needs to be strong. If you are using a server or a NAS, this needs to be backed up. It is generally easier, safer, and more sustainable to backup to the cloud, rather than backing up to an external drive. Cloud-backup is fire-and-forget – you set it up and it just works. (You need to monitor your backup health regardless of how confident you are about the backup system, though.) If you are using Microsoft 365 or G Suite, you need to be implementing cloud-to-cloud backup to guard against data lose. Microsoft and Google do not lose data (they’re very good at backups!), but there’s nothing to stop a staff member deleting something and then having to restore it from a backup.
Thirdly, SMEs can run into problems of “barnacle-ing” their computers. Without a strict regimen of how the system should be built, things can just get thrown at and installed over time – everything can get a bit “Heath Robinson”. I call it “barnale-ing” because often when you try to de-barnacle the computer, it falls apart, in the same way that sometimes the only thing holding a boat together is the barnacles. This is another reason why it can be such a strong win to just dump everything into the cloud, and turn the individual computers, as much as you can, into “dumb” terminals where all they do is connect to data in the cloud.