Does this look like how you manage the systems in your business? You’d be surprised how many times I hear “yes, it is.” Then again, maybe you wouldn’t.
Too many times the systems used to manage a small, and not so small, business are treated as a nuisance rather than tools. Like any tool your systems need to be cared for properly, upgraded as necessary, protected and kept sharp.
Over the next few installments, we’re going to talk about how the systems that keep your business running can be and should be managed, protected and strengthened. We’ll discuss how you can set up protocols to protect passwords, how often and where you can or should back up your data, and how to identify and mitigate threats to your data.
These won’t guarantee that you’ll never have a systems problem, breach or loss of data. But, hopefully they will provide you with tips that will minimize the chances of that happening.
Your business depends on information you can trust. Some of that information is intrinsic and obvious, some of it not so much. A lot of the information you need comes from the data you capture, save and analyze from the systems you use to manage your business.
Some of the systems may be simple, a spreadsheet to track the hours of your employees or card files to keep track of inventory. Some of the systems may be more sophisticated, a payroll system that makes sure deductions and taxes are calculated correctly, or an accounting system that lets you measure the profitability of your business or where investments will have the greatest return.
So a starting point is to identify the individual systems you use in your business.
I mentioned a couple of them above but you should make a list so you know what is running in your business, Again, you might be surprised by how many business owners don’t fully realize how many systems they have running. Here is a partial list to get you started:
> CRM (customer resource management)
> Operating System – primary
> POS (point-of-sale)
The above listing may not be complete relative to your business. If not, go ahead and add what I missed.
Once you have listed all the systems you use, then you should determine whether the system is wholly contained inside your business (internal) or is connected to a server or company outside your business via an internet connection (external). A system that is wholly contained internally doesn’t mean you can ease up on how you manage it, but may not require all the protocols we’ll discuss today or in subsequent articles.
Once you’ve determined what systems you use, and whether they are internal or external, the next step is to determine who has access and at what level. Depending on what a specific system does will determine which employees should have access and with what permissions.
Typically, the highest level of access is for the system administrator. Administrator access should be restricted and tightly controlled. While it may be tempting to have yourself as the sole administrator, it is good practice to have one other person with administrative permissions on select systems. This provides the business a backup should one person be away and changes need to be implemented.
Each system usually will have different levels of user access as well, limiting what parts of the system they can access and/or what kind of input they are allowed to enter. For example, if you have a payroll system, you could allow employees to enter their hours but not their pay rate.
In addition to system access, you will also want to determine who has what access to system interfaces, i.e. what data from one system gets transferred to another, and who has the ability to make or change how data passes from one system to another. An example of this would be an interface from your POS system to your inventory system and more, accounting, payroll (is there a commission component to compensation?), and possibly others.
Access is a tightrope, and there is no right or wrong way to determine who should be granted what kind of access. The general rule of thumb is you want to restrict access to protect your business, but not so much as it causes dysfunction. So how much access is too much? I’ve always found it is easier to grant as little access as necessary initially, and as conditions warrant allow additional access. It is far easier to grant new systems access to an individual than to take it away.
It is also a good practice to re-evaluate systems permissions periodically. When employees get promoted or move to a different department, their access requirements to company systems may change as well. Sometimes access to certain systems should be removed when an employee changes position. New access should not be added without a review of current system access to determine if any is no longer needed.
Another thing to consider as you evaluate the systems your business uses, is the management and updating of those systems. It doesn’t matter whether this is an internal or external system, or whether it is a manual or computer system, at some point they will need to be upgraded. For a manual system it can be done at your convenience, though that may get driven by the interface to a computer system which has issued a new release and requires a revised interface.
There is another area where the nuisance part of systems happens. Most software programs are continually updated with new features, bug fixes and general improvements. It is important to stay current with these updates. Microsoft continually sends updates to Windows and will tell you when a particular released will no longer be supported. Some other software programs don’t. Rather, they will notify you of an update or send you new code you need to install. To insure your systems are running the latest version, you should have a specific person who is responsible for system upgrades. Most often this would be one of the system administrators. And it is incumbent upon the business principal to make sure all systems are using the latest version.
Along with making sure the systems themselves are up-to-date, it is important the hardware is also up-to-date. This may come as a result of an upgrade to a specific system that requires new capabilities from a specific piece of hardware, adding another device to an existing network, or replacing a device already attached. As with software updates you will probably want to keep this ability reserved for your system administrators. However, keeping the hardware updated may require outside help to make sure all the hardware works together.
A lot of the above may seem like common sense, and a lot of it is. The key is it also requires advance planning, to keep the tools of your business cared for properly, protected and sharp. In the coming installments we’ll look at systems security, how much and often you should consider backing up your data, and how to minimize threats to your data.
Comments? Thoughts? Reach Steve Bina at: firstname.lastname@example.org