To Policy or not to Policy the SMB IT

Lack of an IT policy can be costly to a business of any size!

Throughout the history of comparing large corporations and the SMB, Small and Medium Business, you have generally seen different methodologies for how the business is run, in large part due to budgetary reasons and the sheer difference in size.

Both sides generally have benefits.

The larger organizations can throw resources as issues to get them resolved.

SMB’s can be far more agile and react quicker to changes in the environment.

Much of the agility in the SMB world is due to the lack of red tape. This is critical to growing the business and being able to adapt to the market in ways the large corporations just can’t do. However one of the mistakes I see from time to time in the SMB space, and even the larger medium sized organizations, is the lack of control of their IT environment. With the capabilities that exist in today’s “connected” world this can get your business in hot water faster than you think.

Just to give you a potential and very costly result, think about what is coming down the pipe in regards to what many of your Internet Service Providers and the Recording Industry Association of America (RIAA). Starting soon, participating ISPs will begin to send warning letters to users and companies whose accounts are “allegedly” used to illegally share files. After six notices, the ISP could begin a series of “mitigation measures” which would most likely lead to disruption of your internet services. Most SMB’s depend heavily of the internet for business, especially with the booming of the Cloud / SaaS based technologies many are relying on.

That is just example of something that could happen to your business. There are many more and some far worse. In the past the problem was not so profound for SMBs. Most had little to worry about issues going beyond the end users. However with the move to the Cloud, the capabilities of the technology, and let’s face it the far more technical users that exist, there is more need ever to protect you’re your business no matter the size.

Now you might ask, what is a policy is going to do for me?

How is a policy going to stop someone from doing something that could harm my business?

It is simple; the policy by its self will not do anything for you. However the implementation of that policy will. An IT policy is much more than an agreement between the company and the end user. It also is a set of guides and regulations that am IT organization can build around.

For example if you have a policy regarding end users accessing questionable sites that have no business use, your IT can implement tools, either software or hardware, that can be used to regulate those activities. If you want a policy regarding access to documents, software, or any other resources, that can also be implemented.

Creating an IT policy is only part of the battle. You must make sure that there are tools to regulate to that policy.

You also want to make sure that the policy is geared towards your business. Although there are many common sense items in most policies, there are many that work for some and not others. An example would be a media company blocking access to or storage of media files. Probably would not work in that situation.

Another key with regards to policies is that you want to avoid creating that dreadful “red” tape. It does not need to be something that slows down your business.

Obviously this is never a “sexy” topic, but I find it important as so many businesses have been hurt by their own employees and not always with malicious intent. This is also why it is important to have a way to regulate the policy.