One of the biggest challenges small to mid-sized businesses face is finding the right IT support solution to keep their employees happy and productive. But what exactly should an IT company do? If you’re not already familiar with the most common IT support solutions that most small to mid-sized businesses use, you should read our article about the different approaches we see most small to mid-sized businesses take.
Here are 7 key areas worth checking on to make sure your IT guy(s) or gal(s) are doing a great job for you:
1. Monitoring
It may seem totally boring, but good IT monitoring is a key component of keeping your IT systems working consistently and preventing downtime. To briefly overview, the practice of monitoring involves having specialized software checking in on all of your network devices and keeping watch on systems and software logs to find issues before they create a major problem.
Monitoring needs constant management. For example, if a new version of Windows comes out, your monitoring software needs to be updated and the routine alerts carefully reviewed to ensure that your monitoring set still works. Similarly, if a new network device is purchased, it needs to be configured correctly to ensure your IT administrator (or better yet, ticketing system) receives an alert if something goes wrong.
Both internal and outsourced IT solutions are going to struggle with monitoring unless they have a significant amount of scale. Good monitoring requires a lot of time and investment upfront as well as constant minor adjustments. The key to successful monitoring isn’t whether it’s been set up, but how monitoring procedures are built and maintained.
Good monitoring procedures also involve building routines and scheduling reporting and review procedures for all alerts as well as creating alarms for urgent issues. It’s tough for small IT teams to get this right, almost impossible for the solo crews to do, and often requires a more sophisticated outsourced IT vendor to get a good work product. If you have an internal or outsourced IT guy, you should consider hiring a separate service to handle your system monitoring.
Questions to Ask Your IT Guy
○ What software do we use to monitor our IT systems? How much does it cost per month/year? Why did we pick that one and how long have we had it? Have we looked into outsourcing this to a vendor that specializes in it?
○ Where are the monitoring alerts stored? How often are they reviewed?
○ How do we make sure new devices are captured by our monitoring systems? Can you give me a list of devices being monitored so I can make sure we’re not missing anything?
○ Can you show me a written procedure that’s used to monitor for a common problem (for example, to prevent failing hard drives or deal with low disk space before a drive fills up)?
2. Inventory/Asset Tracking
It’s challenging to effectively manage your IT unless you know what needs to be managed. Creating and maintaining an IT inventory is one of the most important things any IT guy (or gal) can do.
It’s important to use some sort of software solution to do this, and you need to ensure it’s regularly reviewed and updated. Ideally, that software solution should automatically track new assets that are brought onto your network.
It’s also important to ensure that scans are run on a scheduled basis to detect unknown devices. Ideally, every device that shows up on your network is reviewed by your IT personnel, preferably in short order. This can be particularly challenging if you let outside guests onto your internal secured WiFi network (tip: just don’t do it—that’s what guest networks are for!).
Inventory and asset tracking will be particularly challenging for the outsourced IT guy. The internal guy is better equipped to track down an unknown asset and figure out who it belongs to after it shows up on your system. The outsourced IT shop or managed IT services provider should have decent automated procedures to onboard new devices regularly.
Questions to Ask Your IT Guy
○ How do we track what new devices are brought onto our network?
○ Can you show me a current inventory of our workstations, servers, and network devices? Even better, can you give me a login for the software we use to track our assets?
○ What systems do we use to monitor our network for new devices that are brought online?
○ How often is our inventory list reviewed?
If it takes more than an hour for your IT guy to produce a report with all of your IT assets, chances are that your solution isn’t working as well as it should be (or it doesn’t exist at all).
3. Documentation & Procedure Creation
It’s easily the most boring part of managing IT for architecture firms, but it might be the most important in creating a consistent user experience. Creating good documentation and procedures for routine tasks is incredibly important. Given all of the line-of-business applications used in architecture firms, these procedures need to be detailed and thorough.
As a reference point, our new user setup guide for a mid-sized architecture firm (about 70 employees) who is a client of ours is 14 pages long with a revision history and a table of contents (see a sanitized example below):
While that may seem nauseatingly detailed (each of these steps has 1-2 pages of detailed instructions with screenshots that follow), that’s exactly what’s required to make sure that a new user is able to get right to work on their first day.
New user setup procedures are just one category of documentation that’s required to make IT work correctly. Dozens of similar procedures should exist—some that are specific to an environment or office and others that can be used in a fairly standard way across clients or locations.
For example, the client referenced above has eight other client-specific procedure documents that ensure that we get their new systems and software setup correctly every single time.
Questions to Ask Your IT Guy
○ Can you show me a copy of our new user setup procedure?
○ Can you show me a copy of our new workstation setup procedure?
○ How often are our procedure documents reviewed and updated?
○ Can you go through the last 3 new user setups we've done and highlight any follow-up issues that we've had from that user in the 30 days following their setup? Are those issues dealt with in the new user setup documentation?
4. Patching
Running a close second to documentation for the most boring part of IT management, keeping your software patched and up-to-date is incredibly important for any architecture firm.
At a basic level, this should include centralized updates to Windows and common utilities such as Adobe Acrobat, Java, Flash, Chrome, etc. While each of these software applications have the ability to keep themselves up-to-date, they don’t always or reliably self-manage.
Good patching procedures will necessarily involve routines. For example, you’ll need to run patches on servers once per month at the same time every month. They’ll also involve automated alerting to ensure the system is back up and running as intended after patches are installed. If your IT guy’s approach to doing this involves doing it manually, there’s a very good chance it’s not being done effectively.
You also need roughly equal parts of caution and urgency. For example, if Microsoft releases a critical patch, that should be installed ASAP, within the next couple of business days, preferably after hours. But for more routine updates, doing them weekly, bi-weekly, or monthly is more than adequate.
Questions to Ask Your IT Guy
○Do we have centralized patching software? If so, what is it and what software does it patch?
○What is the patching schedule we use? How does the schedule differ between critical patches and routine patches?
○How often do we run updates for routine utilities like Chrome or Adobe Acrobat?
○What is our schedule for updating our line-of-business applications (applications like CAD for architecture firms or time and billing software for law firms)?
5. Backup & Disaster Recovery
As we get further down the list, we move from merely important to absolutely critical. Having a solid backup and disaster recovery solution is 100% necessary for any small to mid-sized business. But not all backup solutions are created equally. If your solution still involves tapes or USB hard drives, you should be very, very concerned. Modern backup solutions involve the following core components:
Image-based backups. This is different than older file-level backup technology. Image-based backups take snapshots of your system one or more times per day. Those“images” can be used to restore the entire system or an individual file in the case of loss or disaster.
Local data. Backups are only as good as your ability to restore them in a reasonably fast fashion. If a physical server were to crash, you wouldn’t want to wait to download all of your data from the cloud in order to get your team back up and running again. Having a copy of your data locally is even more important if you have your data stored in a cloud-based system like AWS or Azure. Should your IT system get hacked or a catastrophic outage occur, you’ll want a copy of your company’s data stored locally.
Offsite cloud-based storage. Tapes and USB hard drives just don’t cut it anymore. A good backup system will replicate your most current backup(s) to the cloud so you can recover from a physical disaster such as a fire, flood, or earthquake. The storage will come with a monthly cost which might be significant if you have lots of data. One way to keep the cost down is to implement some sort of cold storage system for archiving data. We like to use Dropbox Business for this purpose, as it comes with unlimited data and a reasonable minimum license count. (P.S. it’s great for a bunch of other things too).
One last item to note. It’s worth considering a cloud-to-cloud backup solution if you’ve got critical portions of your IT system located in the cloud. With most small businesses using either G Suite or Office 365 for email, both can be vulnerable to hacking and/or accidental deletion and neither contains the necessary abilities to restore data in the case of loss or malicious encryption.
Questions to Ask Your IT Guy
○ What backup software do we use to backup our servers? Workstations? Cloud-based infrastructure?
○ What schedule do the backups run on?
○ Where is the data backed up to?
○ How do you monitor the effectiveness of our backups?
○ How long would it take us to restore from a crash if our physical hardware failed and wasn't recoverable?
○ How long would it take us to spin up our system in the cloud if we had a physical disaster like a fire or flood at our office?
○ Do we have any workstation-level or cloud-to-cloud backups in place?
6. Budgeting.
A big challenge for most small to mid-sized businesses is staying on top of capital budgeting. As a quick reminder, the difference between capital and operational budgeting is whether you’re buying a physical asset (like desktop PC, server, or network gear) or paying a routine monthly or annual cost (like for IT support and/or software subscriptions). Many companies combine the two into a single IT budget. That’s a big mistake.
Your IT guy’s job is to stay on top of the IT assets and make sure they’re replaced routinely on a schedule that makes sense for your business. For example, we recommend a 4-year replacement cycle for laptops and a 5-year cycle for other desktops. The reason is that after a few years, even good quality laptops usually begin having performance problems or physical issues like keys falling off or touchpads that don't work as well as they once did. Alternatively, the desktop PCs for your administrative employees usually run reliably for around 5 years before they begin to exhibit more IT issues.
If your firm doesn’t stay on top of capital investment in IT, your operating costs will inherently go up. Just as a new building is more efficient and less expensive to operate than a 20 year old one, keeping your IT assets current helps keep IT support and operating costs in line.
Keep in mind that your biggest cost is and will always be your people. Ensuring they have current and effective capital IT assets (like relatively new PCs and current software) also ensures that your labor costs are in line with the work you're performing.
Questions to Ask Your IT Guy
○ What are our standard replacement cycles for workstations, servers, and network equipment?
○ Can you help me develop a proposed capital budget for IT asset purchases for the next two years?
○ What are our oldest and most vulnerable IT assets (hardware and software)?
○ What devices can we retire so you don’t continue burning time and energy keeping them up and running?
○ How do we create consistency in our IT capital expenditures so as to not negatively impact cash flow?
7. Security.
Last but not least, probably the most important thing your IT guy should be doing is securing your systems. While this isn’t something that one person can do alone, someone needs to lead the charge. If you’d like to learn more about the basics and more advanced security measures that architecture firms should have in place, you can read our other articles: IT Security 101 For Small To Medium Sized Businesses and 6 Things You Should Do Immediately If You Think You Got Hacked.
Solid IT security has three basic components: controls, tools, and monitoring. You need to have all three in place and working consistently in order for your systems to be secure. You’ll also need the proverbial “push” from the executive team to make sure security is a priority for your organization.
Controls go along with documentation and procedures and involve things like security groups, permissions, and audit routines. Ensuring that you’ve got security groups and that permissions aren’t being granted on a one-off basis is a good example of a control. Another is turning on multi-factor authentication for your e-mail accounts or anti-spoofing technology for the principals and management of the firm.
Tools consist of software and hardware designed to keep your systems secure. Aside from basics like endpoint protection software and a commercial-grade firewall, you may also need more advanced tools like dark web monitoring and end-user education and reporting software if you want to stay ahead of the curve.
Finally, you may need to monitor for security incidents to make sure you’re closing loopholes and being proactive. You’ll need both standardized monitoring tools (for things like your firewalls), and may need more advanced security information management systems if you want to make sure that you’ve got top-tier security.
Security is very difficult for outsourced or internal IT guys to do well. It’s even tough for the outsourced IT shop. You need scale and sophistication to create professional-grade security as an IT service provider. In reality, only top-tier managed IT services providers and/or specialized managed security services providers (MSSPs) will be successful at keeping your systems safe and secure.
Questions to Ask Your IT Guy
○ What protection do we have from outside intrusion into our network?
○ How often is our firewall’s software updated? How often is the configuration reviewed?
○ What software do we have to protect our workstations? How is it monitored?
○ What software do we have to prevent our email system from being hacked? What about spoofing? Phishing?
○ When was the last time we had a seminar on IT security for our employees?
○ Have you run a search for any of our credentials that might exist on the dark web?
○ Do we have any sensitive information on our systems like credit cards, social security numbers, and/or HR or payroll information?
○ Do we have plans or details on any high-security buildings or high-value residences on our system? Might any of our high-profile clients be potential targets of hackers or other security threats?
○ What’s our plan for dealing with a security incident?
What things have you found that your IT guys haven’t been doing?
Drop us a line at hello@dyncomputing.com so we can get the conversation started.
A little about us: Dynamic Computing provides managed services IT , IT support, IT consulting, & cyber security services to top-performing small to mid-sized businesses in the greater Seattle area. We're focused on being the premier managed IT services firm in the Pacific Northwest, and we act as a complete IT solution for companies that don't have internal IT departments. Our clients typically range from 10 to 200 employees and we work primarily with professional services firms in the Puget Sound Region.
