IT Basics for Small Businesses
43 years in the computer industry, I don't consider myself a "geek". Like a good doctor, I have a good bedside manner when helping others.
Published:
Browse All Articles > IT Basics for Small Businesses
This paper was originally posted on Experts-Exchange in 2010 and has been updated as a six-part series with current information here and on my Blog site – www.notacomputergeek.com. As often as technology changes, a revision was way overdue and should likely a work in progress. So, keep checking back
Introduction
I have worked in the Information Technology industry since 1981 and have seen many changes. Working primarily with small businesses and for the last 21 years, more specifically with non-profit businesses. I know how difficult it is for businesses to budget for technology and stay (somewhat) current with technology. This paper serves to assist small businesses with advice, system administration, and tips. I have always been frustrated with the duplicated postings of 50-thousand-foot view “solutions” on the web, so I will try to provide detail, specifics, and reasoning.
This paper was originally posted on Experts-Exchange in 2010 and has been updated as a six-part series with current information here and on my Blog site – www.notacomputergeek.com. As often as technology changes, a revision was way overdue and should likely a work in progress. So, keep checking back!
Part 1 – Hardware
As with Maslow’s basic need, physiological, the first IT need is hardware. Years ago, desktops were the norm and now it’s laptops, tablets, and cell phones. Because of the recent pandemic, workers are more mobile than ever and sometimes prefer technology that is portable. By the way, because there are so many different types of devices used to get the job done, they are now collectively referred to as endpoints in a work environment. The following are best practices, and your situation may vary, so please comment and we can discuss it.
Desktops and laptops
It’s tempting to purchase the cheapest thing, but first consider how you or your staff will use the devices. Will you be doing basic word processing or designing an airplane and need high-end graphics. Different computers are designed for different purposes. Certainly, if your existing computers are three years old or less, you’re probably OK to continue using them. Anything five years or older is just asking for trouble and typical warranties are one to three years. Technology gets old and components begin to fail. You will also notice performance degradation using many of the more recent software products on older hardware. Most software developers will eventually stop supporting older hardware as they come out with newer releases. The cheapest computers normally have slower components, such as the processor or video chip. If cost is NOT the ONLY issue, then don’t purchase the cheapest one. You will get longer life out of a system that has better quality components - you should expect to get up to eight years out of a new computer. How long it lasts will depend on how it’s used and the environment it’s in.
Best practice specs for a typical office desktop computer would be similar to this: Intel i5 processor, 16Gb memory, 256Gb Solid State Drive (SSD), and one or two 24” monitors. Look at getting a larger drive if your data is not stored on a server or in the cloud. Laptop specs would be the same except with a 14” or 15.6” screen size. A docking station can be utilized to connect external ethernet, keyboard, mouse, and monitors to the laptop. I recommend larger, external screens if you plan to use the laptop for extended periods of time. It's better on your eyes and posture. If you want larger than 24” screens, sit farther away, to reduce the back-and-forth motion of your head. Windows 11 has certain hardware requirements that typically won’t support anything over about five years old, so you would have to use Windows 10 on an older computer. The next version of Windows is rumored to have increased requirements due to its use of Artificial Intelligence (AI).
Tablets
It may depend on your operating system of preference. Apple.com sells various iPads and there are a multitude of choices if you prefer Android or Google Chrome.
Typical business specs for tablets are 11” or 13” displays and 256Gb storage. Optionally, you’ll have to decide if you need a stylus, keyboard, or cellular service.
Planning
Try to get on a cycle that allows you to replace a few computers each year, making it easier to budget. For example, if you have 20 computers, try to replace four per year and after five years you’ve replaced all 20. Then, start over again with the oldest four. Believe me; you will have happier, more productive employees if they have adequate technology to perform their job. Right size the computer to the job. You wouldn’t want a travelling salesman to carry a desktop and a 24” monitor, would you? Give them a laptop. If one of your staff needs a new computer after 3 years, continue using the 3-year-old computer somewhere else in the organization where it may be perfectly fine. Keep in mind, most businesses don’t need to be on the leading edge of technology but shouldn’t be laggards either.
Server
If your office has over 10 employees, you may want to think about implementing a server. This will add complexity to your environment, but will provide centralized file storage, shared printers, and enhanced management of your endpoints. Whether or not to get a server is an in-depth question and will have to be addressed at another time.
Connecting
When connecting your computers using ethernet, look at purchasing faster ethernet components that support Gigabit (Gb) speeds. If you see 10/100/1000, Gb is the 1000 and has become the standard.
Nowadays, almost all endpoint devices have built-in Wi-Fi, except desktop computers. However, you can easily add a Wi-Fi adapter if you don’t have a wired ethernet connection nearby.
Bluetooth and wireless are two technologies that connect accessories to your devices. I prefer to use Bluetooth when I can, since it does not take up one of my USB ports.
Webcams
Laptops, tablets, and cell phones all have webcams built in. Desktop computers may have a webcam built into the external monitor, but usually, you’ll need to purchase an external webcam.
Modems, Routers, Switches
To connect the office to the internet, you’ll need to subscribe with an internet service provider (ISP). They will likely provide you with a modem, but you may also have the option to purchase your own. If you want more control and security, you can opt to get a router that would connect to the modem. However, configuring routers should be left to someone with more IT knowledge. Switches are mainly used to split a signal to multiple wired locations. One more option for a switch is called a PoE (power over ethernet) switch. This type of switch can supply power to whatever is plugged into the switch. Two common uses of these switches are wireless access points (WAP) and Voice over Internet Protocol (VOIP) or Session Initiation Protocol (SIP) phones.
Power supplies
Every desktop and server need an uninterruptable power supply (UPS). If the power goes out, the device will stay on for a period of time. Laptops have an internal battery, so it’s not a necessity, but at least plug it into a power strip in case there are power surges.
Printers/Copiers
Now that you’ve got all the input devices, you need an output device. For business use, I generally use printers, copiers, or all-in-one devices (print/copy/fax/scan) with toner technology and stay away from inkjet. The cost per sheet is usually better when using toner and the quality is better. If you don’t need to print color, then don’t waste your money. Color printers will cost more. Connecting printers can be done by USB, ethernet, or Wi-Fi. If you don’t want to purchase printers or copiers, there are probably vendors in your area who can lease them to you.
Purchasing
Support your local economy by purchasing computers from a local store or vendor. Dell.com is also a good value and easy to configure and purchase online. Remember though, it’s important to purchase as many computers at one time that are identically configured, so they will be easier to support. There’s nothing worse than trying to support an environment that is full of different brands, configurations, and operating systems. Try to standardize.
A bit of my history
Non-Profit Tips
Physical
Once you’ve purchased the right hardware, you’ve got to create a secure environment for it. While doing business, you’ll create lots of data that someone else may want or you can’t afford to lose. It goes without saying that your environment needs to have physical locks and/or a security system. Critical systems also need Uninterruptible Power Supplies (UPS) that keep systems running in the event of a power outage and shut them down properly if the power is out for longer periods. If you have a server in the office, I suggest keeping it in a separate room that has additional security such as another locked door (so it’s behind at least a total of two locked doors), walls that go above the fake (drop) ceilings, dedicated power outlets, proper ventilation, and non-carpet floors. I had a colleague once that locked her keys in her office. I grabbed a chair, popped the ceiling tile up, climbed over the wall, and retrieved her keys. So don’t be fooled that the drop ceilings provide a safe space.
Software
Threats to computers today are numerous with multiple points of entry for malicious activity. Whether you have one computer or a hundred you need a multi-faceted approach and something that detects various types of infection, such as viruses, malware, Trojans, spyware, ransomware, etc. Getting software that just checks for virus signatures is only partially protecting you. Choose a product that can deploy clients from a cloud interface and can monitor all computers from one centralized administrator console. If you are using an email server, such as Microsoft Exchange, choose a product that also monitors the flow of e-mail - many viruses and spam are transmitted by e-mail. Microsoft scans email, but you can also have an additional set of eyes (another product) scanning.
If your budget allows, purchase a network appliance such as a router or firewall that can do real-time scanning and content filtering. Along with e-mail, internet surfing is another likely place where a computer can get infected. Another way to protect your users from going to malicious places on the internet is to use an alternate DNS resolution company rather than your ISP. One example that was free for many years is OpenDNS, but now has a fee and is owned by Cisco.
Windows 10 and up users can use Windows Defender Firewall and Windows Security, which is built into the operating system. There are other free PC versions of various security programs, but I would not trust any free security solutions for your server. By the way, yes, your server needs the software installed on it. Even if no one ever uses the server, an infected endpoint can copy files to the server (specifically through network shares) or allow the bad actor to remotely access the server.
AV vs NGAV vs EDR vs XDR vs MDR
When computer viruses were first noticed, they really didn’t do much other than maybe keep your computer from working. To combat viruses, Anti-Virus (AV) programs were created, but really could only check for known signatures on a specific file or running process. Unlike AV, NGAV is typically cloud-based and can detect suspicious behavior. As bad actors got more sophisticated, companies needed to check for more things, so EDR (Endpoint Detection and Response) became the standard. EDR can deter malicious activity and utilizes forensic data stored on the endpoint. Now, security companies say their products are XDR (Extended Detection and Response), which looks at your entire infrastructure (not just the endpoint) holistically from many viewpoints and can then take action to mitigate the attack before you even know anything happened. MDR (Managed Detection and Response) is usually 24/7 and managed by an external vendor rather than internal resources.
Policies
Don’t leave your computer logged in while you’re away. How long is up to each company. At least have it set to lock after say, 30 minutes, so you must enter a password, biometrics, or passkey to get back in. I see people all the time go away for lunch and leave their computer open for ANYONE to use. Maybe a disgruntled employee wants to send an e-mail to the rest of the office on your behalf – yikes! If you don’t come back from lunch or that sales meeting, your computer will be vulnerable all night and the cleaning crew may love to surf pornographic sites for you – double yikes!
Have your company use strong or difficult passwords for their login accounts. Passphrases are longer and easier to remember. Many passwords can be guessed, hacked, or cracked easily. Office documents, such as Microsoft Word or Excel can also be individually password protected. Veracrypt is a good, free option to create an encrypted drive on your computer if your policies require it.
Training
A large percentage of malicious activity enters the IT environment when an end user does something they shouldn’t – opening an infected attachment, clicking a malicious link, creating poor passwords, and many more. End user training should be ongoing and provide examples of known attacks, so users can become familiar with identifying malicious activity. Many companies utilize vendors to perform simulated phishing attacks combined with additional learning if a user is successfully phished by the simulation. NIST (National Institute of Standards and Technology) defines phishing as “a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”
Cybersecurity
According to NIST, cybersecurity is “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.” By now, you’re probably heard this term many times. It really is a process and involves many things working together – physical security, software, policies, cybersecurity insurance, end users, and training. It's unrealistic to expect users to be cyber experts who can detect every malicious intention, so solutions must be implemented to assist end users while they perform their daily tasks - it’s a team effort.
A bit of my history
Non-Profit Tips
Part 3 - Software
This part discusses end user software (also referred to as apps). System Administration and server software will be covered in other blogs. So now you’ve got your hardware and it’s secure, you need software which allows you to do some work.
Operating Systems
If you’re on Windows 10 or 11 – great! If you’re on an earlier version, then you should plan to upgrade. Previous versions are already end of life (EOL) and Windows 10 will reach EOL on 10/14/25, which means you will no longer receive updates or technical support. No longer receiving updates can leave your environment vulnerable to malicious activity. There is still no official release date for the next version of Windows (12). For servers, you should be on Microsoft Windows Server 2019 or 2022. The next version of Windows Server (2025) will likely be available in November 2024. It is imperative that you keep your operating system up to date with the latest versions and updates.
Email
If you want to go the free route, there are many options, but you will not have your own domain name. Instead of yourname@mybusinessname.com, it will look like mybusinessname@outlook.com or @hotmail.com or @mac.com or @gmail.com or @yahoo.com, etc. If you want your own domain or more than just email, there are three main options: Microsoft, Google, or any other email hosting company. I realize Microsoft and Google are also email hosts, but they offer much more than just email hosting. If you are a Mac/Apple aficionado, sign up for iCloud.
Microsoft offers three options to their 365 Business customers – Basic, Standard, or Premium. Basic includes email with your own domain name, and web versions of Word, Excel, Outlook, PowerPoint, Teams, OneDrive, and SharePoint. Standard includes everything in Basic plus desktop versions of many of the standard apps. The desktop versions have more features and should run faster, since they are running locally and not across the internet. Premium includes everything in Standard plus apps for security and device management. Microsoft also offers many a la carte options if you need something specific. Do an internet search to see specific details and comparisons.
Google offers four options to their Workspace Business customers – Starter, Standard, Plus, and Enterprise. Starter includes email with your own domain name and web versions of many of the same apps that Microsoft provides. Standard includes everything in Starter plus per user storage. Plus includes everything in Standard plus more storage and endpoint management. Enterprise includes everything in Plus plus Enhanced support. Do an internet search to see specific details and comparisons.
There are a multitude of email hosting sites, and you will need to do your own research to see which one works best for you and your needs. Some of these sites include Zoho, IONOS, IceWarp, Fastmail, Bluehost, Hostinger, Rackspace, DreamHost, A2 Hosting, and many more.
Office Suite
It is essential to use a word processing app and a spreadsheet app. You can obtain a free suite of apps at openoffice.org but it is not as widely used as Microsoft or Google. Also, an important decision is the familiarity users have with these applications. As an employer it’s going to be easier to find someone who knows Microsoft Word or Google Writer than it is to find someone who knows OpenOffice Writer.
Web Browser
Web browsers allow you to interact with internet websites and is a matter of preference. Microsoft Edge, Google Chrome, Mozilla Firefox, Apple Safari, and many more can be used.
Miscellaneous
Adobe Reader (view PDFs), CCleaner (cleans unneeded files from your drive), Malwarebytes (scans for malicious files), McAfee WebAdvisor (identifies safe/unsafe websites when browsing the internet), VirusTotal (scans files, domains, IPs, and URLs). There is a ton of free software out there, but these are a few to get you started.
Most small businesses will also use industry specific software, such as an Accountant will need accounting software. Capterra’s website assists with selecting software and is a good source to review top software options.
Lastly, update, update, update. Software vendors routinely update their software because of security vulnerabilities and other deficiencies. By updating your software, you are protecting your systems from malicious intent.
A bit of my history
Non-Profit Tips
Part 4 - Backups
Repeat after me, “I will back up my data regularly.” I won’t yell and scream at you about the reasons why - let’s just say this is mandatory. We all have accidentally deleted a file. Disgruntled employees may delete entire folders. Ransomware can encrypt all your data. Disasters happen. These are all good reasons to back up and ensure business continuity.
Microsoft Windows and Windows Server have a built-in capability called Volume Shadow Copy Service (VSS). This feature will take snapshots of modified files twice a day allowing you to restore previous versions. Depending on how frequently you change things, you can expect to have about 7-10 days of file changes using the default storage size - 2% of your internal drive. Microsoft claims this will take care of 80% of restores rather than retrieving files from an external backup.
For small amounts of data, you may want to use a flash drive and copy/paste or drag important files to it. External USB drives are also helpful for making backups and can be used with the built-in Microsoft Windows backup program. Offices with servers only need to backup data from the server since any company information should be stored on the server and not on local hard drives. This also makes it easier and faster to re-deploy a new computer if you don’t have to worry about what data is stored on it.
In addition to many 3rd party backup programs, another option is to subscribe to an online service, such as iDrive or Carbonite. Online services have their own software which you configure what to backup. Once configured, you can forget about it, except for periodic verification that it continues to backup or if you want to change what is being backed up. These sites usually charge monthly fees based on how much data you’re backing up.
Backups are intended to restore what may have been lost, stolen, or accidentally deleted, so it’s also a good idea to implement multiple methods. Suppose you have a single computer, and you back it up daily to an external drive – great, but what if a tornado or fire destroys the building – there goes your computer and your backup. The multiple methods approach I like to use is to utilize VSS, then backup the same files to an external drive nightly. The external drive is then swapped with a different external drive weekly and one of them is always stored off-site. This external drive backup is an image of the computer I’m backing up, so it’s also getting operating system files and configuration. Lastly, I also use an online backup service which backs up files as they change.
If you are using Microsoft OneDrive, Microsoft SharePoint, or Google Drive they all have built-in version history. Even though this data is in the cloud, it is your responsibility to back up the data. Cloud data is also susceptible to a ransomware attack that will encrypt the data.
A bit of my history
Part 5 - Domains, websites, and Social Networking
Domains are needed mainly for email addresses or websites. We’ve covered email addresses in a previous blog, but I wanted to talk a little about websites. Your domain name would be in the form of mybusinessname.com, but you can also choose many different domain name extensions, such as .org, .net, .tech, .online, etc. I believe there are over 400 different extensions. Some of the popular domain registration companies are GoDaddy, IONOS, Network Solutions, Namecheap, etc. If you are not adept at creating webpages from scratch, then opt for a hosting company that offers a WYSIWYG (what you see is what you get) creation tool. Most of these sites will offer various templates to get you started and you fill in the blanks. Once you’ve published it to the internet, you now have an online presence where you can direct potential clients. If you want to make frequent content updates, but don’t want to do it on your website, you can choose to also have a Facebook page. Either way, you’ll need a strategy to direct people to your pages. If you are a very small company, on a tight budget, or have limited time, skip the website and just set up a Facebook page with your contact info.
The first question I ask a client is, “Strategically, what do you want your website to do?” Do you want six pages of seldom changed information or a fully configurable website with calendars, blogging, animation, shopping cart, etc. Many companies have grand ideas for their websites, but I caution you to only put up as much as you can maintain. You want to drive people to your site – not away. It’s also very common to completely redesign your website every 3-5 years to keep it fresh looking.
Only a few years ago, having a website was all you needed to worry about, now there is a long list of social networking sites. The most common business sites are Facebook, X (formerly Twitter), LinkedIn, and Instagram. It can be daunting to know which ones to use, how they work, and what to post. This might be a good time to find a vendor who can do this for you or set it up and show you how to do content changes or posts. Three things to watch out for as an employer: 1) Review what you or your employees post. You don’t want any lawsuits or bad publicity, 2) Your employees should be working, not participating in personal social networking, and 3) Social networking has become one of the top ways that viruses, malware, and malicious intent can spread.
You now have a website or social media site – great, but how do you drive traffic to it? Post relevant, quality, timely content and add appropriate keywords and tags to your pages. Also, add links to your other sites and posts to promote your message. Be patient, it will take time for your pages to be seen and ranked by the search engines and you want to be near the top. To get better visibility, all search engines allow you to buy search ads, but this can get expensive.
One caveat – malicious intent through social engineering, which is defined as the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Too many people post too much personal information on their websites and social media sites. Criminals use this information to formulate attacks on you. It is very common for businesses to list staff names and email addresses on their websites. However, it’s easy for criminals to get this information and create a spoofed email that looks like it’s coming from the CEO and sent to the CFO requesting funds be transferred to another bank account. It’s also easy to find someone’s name, address, phone number, relatives, schools attended, photos, etc. and then pretend to be that person for malicious reasons. Be careful what you share online.
A bit of my history
Part 6 - Support
Have you tried restarting the computer? Don’t laugh, it fixes a lot of problems. Same goes for other devices too – printers, modems, etc.
OK, so you think you’ve got your IT issues covered because one of your staff took some computer classes. It’s helpful that your staff can work on some computer issues, but you still need to establish a relationship with a local professional IT vendor. A few words of advice from them can go a long way to keep you out of deep, perhaps costly problems. Technology issues are vast and change quickly, so you need someone whose skills and knowledge are up to date. Today, specific skills in cybersecurity are very important to keep your environment safe and adhere to any business regulations.
Here are your support options in order of worst to best:
The best option for your company will either be 6, 7, or a combination of the two. I usually recommend that a SMB either hire in-house staff or find a vendor that can come on-site at regularly scheduled days and times. These approaches are easier to budget, are proactive, and allow the support to get familiar with your staff and environment. Small, routine issues fixed early can reduce the likelihood of a major disaster.
As a rule of thumb, the minimum number of IT support hours per week should be about 20% times the number of computers you have. For example, if you have 100 computers in a server environment, you will need about 20 (100 x 0.2) hours per week to keep your environment running smoothly. 10 computers would be about 2 hours per week. There are a lot of additional factors where this will vary, but this is a starting point, and you can adjust later as needed. Effective IT support will also automate many things to help reduce future need.
Back in the 1990s when computers were being utilized more and more to get the work done, IT was thought of as a necessary evil when it came to spending on it. That’s why the CFO was usually in charge of IT – to keep costs in check. Now, IT expenses should be budgeted, and IT considered a strategic part of your business.
Non-Profit Tip
Technology is so integrated into our work lives and unfortunately has become more complicated, ever-changing, and vulnerable. There are many other facets not covered here, such as policies, processes, data, audio video, peripherals, disaster recovery, budgeting, strategic planning, and training, but the basic areas covered here will help you manage your IT successfully. With the information in this article, you can now see what’s involved, contain costs, and talk intelligently with those you rely on to manage your IT environment.
I have worked in the Information Technology industry since 1981 and have seen many changes. Working primarily with small businesses and for the last 21 years, more specifically with non-profit businesses. I know how difficult it is for businesses to budget for technology and stay (somewhat) current with technology. This paper serves to assist small businesses with advice, system administration, and tips. I have always been frustrated with the duplicated postings of 50-thousand-foot view “solutions” on the web, so I will try to provide detail, specifics, and reasoning.
This paper was originally posted on Experts-Exchange in 2010 and has been updated as a six-part series with current information here and on my Blog site – www.notacomputergeek.com. As often as technology changes, a revision was way overdue and should likely a work in progress. So, keep checking back!
Part 1 – Hardware
As with Maslow’s basic need, physiological, the first IT need is hardware. Years ago, desktops were the norm and now it’s laptops, tablets, and cell phones. Because of the recent pandemic, workers are more mobile than ever and sometimes prefer technology that is portable. By the way, because there are so many different types of devices used to get the job done, they are now collectively referred to as endpoints in a work environment. The following are best practices, and your situation may vary, so please comment and we can discuss it.
Desktops and laptops
It’s tempting to purchase the cheapest thing, but first consider how you or your staff will use the devices. Will you be doing basic word processing or designing an airplane and need high-end graphics. Different computers are designed for different purposes. Certainly, if your existing computers are three years old or less, you’re probably OK to continue using them. Anything five years or older is just asking for trouble and typical warranties are one to three years. Technology gets old and components begin to fail. You will also notice performance degradation using many of the more recent software products on older hardware. Most software developers will eventually stop supporting older hardware as they come out with newer releases. The cheapest computers normally have slower components, such as the processor or video chip. If cost is NOT the ONLY issue, then don’t purchase the cheapest one. You will get longer life out of a system that has better quality components - you should expect to get up to eight years out of a new computer. How long it lasts will depend on how it’s used and the environment it’s in.
Best practice specs for a typical office desktop computer would be similar to this: Intel i5 processor, 16Gb memory, 256Gb Solid State Drive (SSD), and one or two 24” monitors. Look at getting a larger drive if your data is not stored on a server or in the cloud. Laptop specs would be the same except with a 14” or 15.6” screen size. A docking station can be utilized to connect external ethernet, keyboard, mouse, and monitors to the laptop. I recommend larger, external screens if you plan to use the laptop for extended periods of time. It's better on your eyes and posture. If you want larger than 24” screens, sit farther away, to reduce the back-and-forth motion of your head. Windows 11 has certain hardware requirements that typically won’t support anything over about five years old, so you would have to use Windows 10 on an older computer. The next version of Windows is rumored to have increased requirements due to its use of Artificial Intelligence (AI).
Tablets
It may depend on your operating system of preference. Apple.com sells various iPads and there are a multitude of choices if you prefer Android or Google Chrome.
Typical business specs for tablets are 11” or 13” displays and 256Gb storage. Optionally, you’ll have to decide if you need a stylus, keyboard, or cellular service.
Planning
Try to get on a cycle that allows you to replace a few computers each year, making it easier to budget. For example, if you have 20 computers, try to replace four per year and after five years you’ve replaced all 20. Then, start over again with the oldest four. Believe me; you will have happier, more productive employees if they have adequate technology to perform their job. Right size the computer to the job. You wouldn’t want a travelling salesman to carry a desktop and a 24” monitor, would you? Give them a laptop. If one of your staff needs a new computer after 3 years, continue using the 3-year-old computer somewhere else in the organization where it may be perfectly fine. Keep in mind, most businesses don’t need to be on the leading edge of technology but shouldn’t be laggards either.
Server
If your office has over 10 employees, you may want to think about implementing a server. This will add complexity to your environment, but will provide centralized file storage, shared printers, and enhanced management of your endpoints. Whether or not to get a server is an in-depth question and will have to be addressed at another time.
Connecting
When connecting your computers using ethernet, look at purchasing faster ethernet components that support Gigabit (Gb) speeds. If you see 10/100/1000, Gb is the 1000 and has become the standard.
Nowadays, almost all endpoint devices have built-in Wi-Fi, except desktop computers. However, you can easily add a Wi-Fi adapter if you don’t have a wired ethernet connection nearby.
Bluetooth and wireless are two technologies that connect accessories to your devices. I prefer to use Bluetooth when I can, since it does not take up one of my USB ports.
Webcams
Laptops, tablets, and cell phones all have webcams built in. Desktop computers may have a webcam built into the external monitor, but usually, you’ll need to purchase an external webcam.
Modems, Routers, Switches
To connect the office to the internet, you’ll need to subscribe with an internet service provider (ISP). They will likely provide you with a modem, but you may also have the option to purchase your own. If you want more control and security, you can opt to get a router that would connect to the modem. However, configuring routers should be left to someone with more IT knowledge. Switches are mainly used to split a signal to multiple wired locations. One more option for a switch is called a PoE (power over ethernet) switch. This type of switch can supply power to whatever is plugged into the switch. Two common uses of these switches are wireless access points (WAP) and Voice over Internet Protocol (VOIP) or Session Initiation Protocol (SIP) phones.
Power supplies
Every desktop and server need an uninterruptable power supply (UPS). If the power goes out, the device will stay on for a period of time. Laptops have an internal battery, so it’s not a necessity, but at least plug it into a power strip in case there are power surges.
Printers/Copiers
Now that you’ve got all the input devices, you need an output device. For business use, I generally use printers, copiers, or all-in-one devices (print/copy/fax/scan) with toner technology and stay away from inkjet. The cost per sheet is usually better when using toner and the quality is better. If you don’t need to print color, then don’t waste your money. Color printers will cost more. Connecting printers can be done by USB, ethernet, or Wi-Fi. If you don’t want to purchase printers or copiers, there are probably vendors in your area who can lease them to you.
Purchasing
Support your local economy by purchasing computers from a local store or vendor. Dell.com is also a good value and easy to configure and purchase online. Remember though, it’s important to purchase as many computers at one time that are identically configured, so they will be easier to support. There’s nothing worse than trying to support an environment that is full of different brands, configurations, and operating systems. Try to standardize.
A bit of my history
- I learned how to punch cards in college on an IBM Mainframe.
- The first computer I programmed Basic on in college was a Tektronix 4051. You could literally watch a circle draw, but it was so cool.
- The first computer I bought for work was an IBM PC AT to program sports games and text adventures. I believe that was the early stages of AI.
- My first portable computer was a Mac SE, it came with a bag, and I think it weighed 40 pounds.
- My first cell phone was a Motorola Bag Phone. With the battery, it weighed 6 lbs. I think I paid about $20/mo + $0.31/min for incoming calls AND outgoing calls.
Non-Profit Tips
- It’s tempting to use the most recently donated hardware but check the age. Larger, for-profit companies tend to turn their hardware over more frequently, so it’s possible to obtain donations from them that are still usable.
- Many funders are willing to pay for one-time (think projects) technology expenses, but not ongoing (think monthly or annual) technology expenses.
- There are a few online sites that sell used hardware to non-profits, such as techsoup.org and good360.org.
Physical
Once you’ve purchased the right hardware, you’ve got to create a secure environment for it. While doing business, you’ll create lots of data that someone else may want or you can’t afford to lose. It goes without saying that your environment needs to have physical locks and/or a security system. Critical systems also need Uninterruptible Power Supplies (UPS) that keep systems running in the event of a power outage and shut them down properly if the power is out for longer periods. If you have a server in the office, I suggest keeping it in a separate room that has additional security such as another locked door (so it’s behind at least a total of two locked doors), walls that go above the fake (drop) ceilings, dedicated power outlets, proper ventilation, and non-carpet floors. I had a colleague once that locked her keys in her office. I grabbed a chair, popped the ceiling tile up, climbed over the wall, and retrieved her keys. So don’t be fooled that the drop ceilings provide a safe space.
Software
Threats to computers today are numerous with multiple points of entry for malicious activity. Whether you have one computer or a hundred you need a multi-faceted approach and something that detects various types of infection, such as viruses, malware, Trojans, spyware, ransomware, etc. Getting software that just checks for virus signatures is only partially protecting you. Choose a product that can deploy clients from a cloud interface and can monitor all computers from one centralized administrator console. If you are using an email server, such as Microsoft Exchange, choose a product that also monitors the flow of e-mail - many viruses and spam are transmitted by e-mail. Microsoft scans email, but you can also have an additional set of eyes (another product) scanning.
If your budget allows, purchase a network appliance such as a router or firewall that can do real-time scanning and content filtering. Along with e-mail, internet surfing is another likely place where a computer can get infected. Another way to protect your users from going to malicious places on the internet is to use an alternate DNS resolution company rather than your ISP. One example that was free for many years is OpenDNS, but now has a fee and is owned by Cisco.
Windows 10 and up users can use Windows Defender Firewall and Windows Security, which is built into the operating system. There are other free PC versions of various security programs, but I would not trust any free security solutions for your server. By the way, yes, your server needs the software installed on it. Even if no one ever uses the server, an infected endpoint can copy files to the server (specifically through network shares) or allow the bad actor to remotely access the server.
AV vs NGAV vs EDR vs XDR vs MDR
When computer viruses were first noticed, they really didn’t do much other than maybe keep your computer from working. To combat viruses, Anti-Virus (AV) programs were created, but really could only check for known signatures on a specific file or running process. Unlike AV, NGAV is typically cloud-based and can detect suspicious behavior. As bad actors got more sophisticated, companies needed to check for more things, so EDR (Endpoint Detection and Response) became the standard. EDR can deter malicious activity and utilizes forensic data stored on the endpoint. Now, security companies say their products are XDR (Extended Detection and Response), which looks at your entire infrastructure (not just the endpoint) holistically from many viewpoints and can then take action to mitigate the attack before you even know anything happened. MDR (Managed Detection and Response) is usually 24/7 and managed by an external vendor rather than internal resources.
Policies
Don’t leave your computer logged in while you’re away. How long is up to each company. At least have it set to lock after say, 30 minutes, so you must enter a password, biometrics, or passkey to get back in. I see people all the time go away for lunch and leave their computer open for ANYONE to use. Maybe a disgruntled employee wants to send an e-mail to the rest of the office on your behalf – yikes! If you don’t come back from lunch or that sales meeting, your computer will be vulnerable all night and the cleaning crew may love to surf pornographic sites for you – double yikes!
Have your company use strong or difficult passwords for their login accounts. Passphrases are longer and easier to remember. Many passwords can be guessed, hacked, or cracked easily. Office documents, such as Microsoft Word or Excel can also be individually password protected. Veracrypt is a good, free option to create an encrypted drive on your computer if your policies require it.
Training
A large percentage of malicious activity enters the IT environment when an end user does something they shouldn’t – opening an infected attachment, clicking a malicious link, creating poor passwords, and many more. End user training should be ongoing and provide examples of known attacks, so users can become familiar with identifying malicious activity. Many companies utilize vendors to perform simulated phishing attacks combined with additional learning if a user is successfully phished by the simulation. NIST (National Institute of Standards and Technology) defines phishing as “a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”
Cybersecurity
According to NIST, cybersecurity is “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.” By now, you’re probably heard this term many times. It really is a process and involves many things working together – physical security, software, policies, cybersecurity insurance, end users, and training. It's unrealistic to expect users to be cyber experts who can detect every malicious intention, so solutions must be implemented to assist end users while they perform their daily tasks - it’s a team effort.
A bit of my history
- The first virus I saw was the Monkey Virus and it was transmitted when a 3.5” disk was left in a computer that was rebooted.
Non-Profit Tips
- Contact your regional CISA (Cybersecurity and Infrastructure Security Agency) agent and develop a relationship. They are a wealth of information and through their Cyber Hygiene Vulnerability Scanning Program, they will perform routine scans of your wide area network (WAN) at no cost.
- There are several discounted products at techsoup.org.
Part 3 - Software
This part discusses end user software (also referred to as apps). System Administration and server software will be covered in other blogs. So now you’ve got your hardware and it’s secure, you need software which allows you to do some work.
Operating Systems
If you’re on Windows 10 or 11 – great! If you’re on an earlier version, then you should plan to upgrade. Previous versions are already end of life (EOL) and Windows 10 will reach EOL on 10/14/25, which means you will no longer receive updates or technical support. No longer receiving updates can leave your environment vulnerable to malicious activity. There is still no official release date for the next version of Windows (12). For servers, you should be on Microsoft Windows Server 2019 or 2022. The next version of Windows Server (2025) will likely be available in November 2024. It is imperative that you keep your operating system up to date with the latest versions and updates.
If you want to go the free route, there are many options, but you will not have your own domain name. Instead of yourname@mybusinessname.com, it will look like mybusinessname@outlook.com or @hotmail.com or @mac.com or @gmail.com or @yahoo.com, etc. If you want your own domain or more than just email, there are three main options: Microsoft, Google, or any other email hosting company. I realize Microsoft and Google are also email hosts, but they offer much more than just email hosting. If you are a Mac/Apple aficionado, sign up for iCloud.
Microsoft offers three options to their 365 Business customers – Basic, Standard, or Premium. Basic includes email with your own domain name, and web versions of Word, Excel, Outlook, PowerPoint, Teams, OneDrive, and SharePoint. Standard includes everything in Basic plus desktop versions of many of the standard apps. The desktop versions have more features and should run faster, since they are running locally and not across the internet. Premium includes everything in Standard plus apps for security and device management. Microsoft also offers many a la carte options if you need something specific. Do an internet search to see specific details and comparisons.
Google offers four options to their Workspace Business customers – Starter, Standard, Plus, and Enterprise. Starter includes email with your own domain name and web versions of many of the same apps that Microsoft provides. Standard includes everything in Starter plus per user storage. Plus includes everything in Standard plus more storage and endpoint management. Enterprise includes everything in Plus plus Enhanced support. Do an internet search to see specific details and comparisons.
There are a multitude of email hosting sites, and you will need to do your own research to see which one works best for you and your needs. Some of these sites include Zoho, IONOS, IceWarp, Fastmail, Bluehost, Hostinger, Rackspace, DreamHost, A2 Hosting, and many more.
Office Suite
It is essential to use a word processing app and a spreadsheet app. You can obtain a free suite of apps at openoffice.org but it is not as widely used as Microsoft or Google. Also, an important decision is the familiarity users have with these applications. As an employer it’s going to be easier to find someone who knows Microsoft Word or Google Writer than it is to find someone who knows OpenOffice Writer.
Web Browser
Web browsers allow you to interact with internet websites and is a matter of preference. Microsoft Edge, Google Chrome, Mozilla Firefox, Apple Safari, and many more can be used.
Miscellaneous
Adobe Reader (view PDFs), CCleaner (cleans unneeded files from your drive), Malwarebytes (scans for malicious files), McAfee WebAdvisor (identifies safe/unsafe websites when browsing the internet), VirusTotal (scans files, domains, IPs, and URLs). There is a ton of free software out there, but these are a few to get you started.
Most small businesses will also use industry specific software, such as an Accountant will need accounting software. Capterra’s website assists with selecting software and is a good source to review top software options.
Lastly, update, update, update. Software vendors routinely update their software because of security vulnerabilities and other deficiencies. By updating your software, you are protecting your systems from malicious intent.
A bit of my history
- My first email address was a bunch of numbers @compuserve.com. Remember dial-up modems? When we went from 300 baud to 1200 baud, it was like lightning!
Non-Profit Tips
- Donor Management - The Cadillac here is Blackbaud Raiser’s Edge NXT. This can be expensive but also the fullest features. I would recommend it for larger non-profits that would have several people using it. The software is very modular as you can add necessary features to the base product. Other popular options are eTapestry, Bloomerang, and DonorPerfect. The best thing to do is put together a committee to evaluate a short list of products that best meet your needs and decide as a group. A good package used properly can pay for itself and generate much needed revenue.
- Microsoft 365 – Microsoft offers 10 free Microsoft 365 Business Premium licenses to qualifying non-profits and discounts for their other options.
- Google Workspace – Google offers Google Workspace for Nonprofits at no charge and offers discounts on Standard, Plus, and Enterprise options.
- Server – Obtain your Windows Server software and server CALs from Techsoup.
- If you are state or federally funded, you may find that your agency is mandated to use specific applications – primarily for client data or reporting.
Part 4 - Backups
Repeat after me, “I will back up my data regularly.” I won’t yell and scream at you about the reasons why - let’s just say this is mandatory. We all have accidentally deleted a file. Disgruntled employees may delete entire folders. Ransomware can encrypt all your data. Disasters happen. These are all good reasons to back up and ensure business continuity.
Microsoft Windows and Windows Server have a built-in capability called Volume Shadow Copy Service (VSS). This feature will take snapshots of modified files twice a day allowing you to restore previous versions. Depending on how frequently you change things, you can expect to have about 7-10 days of file changes using the default storage size - 2% of your internal drive. Microsoft claims this will take care of 80% of restores rather than retrieving files from an external backup.
For small amounts of data, you may want to use a flash drive and copy/paste or drag important files to it. External USB drives are also helpful for making backups and can be used with the built-in Microsoft Windows backup program. Offices with servers only need to backup data from the server since any company information should be stored on the server and not on local hard drives. This also makes it easier and faster to re-deploy a new computer if you don’t have to worry about what data is stored on it.
In addition to many 3rd party backup programs, another option is to subscribe to an online service, such as iDrive or Carbonite. Online services have their own software which you configure what to backup. Once configured, you can forget about it, except for periodic verification that it continues to backup or if you want to change what is being backed up. These sites usually charge monthly fees based on how much data you’re backing up.
Backups are intended to restore what may have been lost, stolen, or accidentally deleted, so it’s also a good idea to implement multiple methods. Suppose you have a single computer, and you back it up daily to an external drive – great, but what if a tornado or fire destroys the building – there goes your computer and your backup. The multiple methods approach I like to use is to utilize VSS, then backup the same files to an external drive nightly. The external drive is then swapped with a different external drive weekly and one of them is always stored off-site. This external drive backup is an image of the computer I’m backing up, so it’s also getting operating system files and configuration. Lastly, I also use an online backup service which backs up files as they change.
If you are using Microsoft OneDrive, Microsoft SharePoint, or Google Drive they all have built-in version history. Even though this data is in the cloud, it is your responsibility to back up the data. Cloud data is also susceptible to a ransomware attack that will encrypt the data.
A bit of my history
- Amusing story, but true: A company called me one day and needed some assistance. I went to their office and one thing they asked was, “Can you check to see if our server backups are working?” After a brief look, I said, “No. The last successful backup was 3 years ago.” The last IT person that helped them instructed them to pull this tape out, then put this one in and swap them every week. They had been doing this diligently for three years but were never told how to verify that the backups were working! This could have been a very tragic lesson for the company if something bad had happened, but fortunately, they were OK. Side note – 3 years of neglecting their IT environment left them with many problems, but IT Support will be a future blog.
Part 5 - Domains, websites, and Social Networking
Domains are needed mainly for email addresses or websites. We’ve covered email addresses in a previous blog, but I wanted to talk a little about websites. Your domain name would be in the form of mybusinessname.com, but you can also choose many different domain name extensions, such as .org, .net, .tech, .online, etc. I believe there are over 400 different extensions. Some of the popular domain registration companies are GoDaddy, IONOS, Network Solutions, Namecheap, etc. If you are not adept at creating webpages from scratch, then opt for a hosting company that offers a WYSIWYG (what you see is what you get) creation tool. Most of these sites will offer various templates to get you started and you fill in the blanks. Once you’ve published it to the internet, you now have an online presence where you can direct potential clients. If you want to make frequent content updates, but don’t want to do it on your website, you can choose to also have a Facebook page. Either way, you’ll need a strategy to direct people to your pages. If you are a very small company, on a tight budget, or have limited time, skip the website and just set up a Facebook page with your contact info.
The first question I ask a client is, “Strategically, what do you want your website to do?” Do you want six pages of seldom changed information or a fully configurable website with calendars, blogging, animation, shopping cart, etc. Many companies have grand ideas for their websites, but I caution you to only put up as much as you can maintain. You want to drive people to your site – not away. It’s also very common to completely redesign your website every 3-5 years to keep it fresh looking.
Only a few years ago, having a website was all you needed to worry about, now there is a long list of social networking sites. The most common business sites are Facebook, X (formerly Twitter), LinkedIn, and Instagram. It can be daunting to know which ones to use, how they work, and what to post. This might be a good time to find a vendor who can do this for you or set it up and show you how to do content changes or posts. Three things to watch out for as an employer: 1) Review what you or your employees post. You don’t want any lawsuits or bad publicity, 2) Your employees should be working, not participating in personal social networking, and 3) Social networking has become one of the top ways that viruses, malware, and malicious intent can spread.
You now have a website or social media site – great, but how do you drive traffic to it? Post relevant, quality, timely content and add appropriate keywords and tags to your pages. Also, add links to your other sites and posts to promote your message. Be patient, it will take time for your pages to be seen and ranked by the search engines and you want to be near the top. To get better visibility, all search engines allow you to buy search ads, but this can get expensive.
One caveat – malicious intent through social engineering, which is defined as the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Too many people post too much personal information on their websites and social media sites. Criminals use this information to formulate attacks on you. It is very common for businesses to list staff names and email addresses on their websites. However, it’s easy for criminals to get this information and create a spoofed email that looks like it’s coming from the CEO and sent to the CFO requesting funds be transferred to another bank account. It’s also easy to find someone’s name, address, phone number, relatives, schools attended, photos, etc. and then pretend to be that person for malicious reasons. Be careful what you share online.
A bit of my history
- In the 1980s, the “internet” was a bunch of Bulletin Boards you could view (if you were granted access). Many of them were hosted at universities or in some geek’s basement. I remember people publishing lists of public bulletin boards. Can you imagine cataloging the internet now and publishing a list of all the websites!
Part 6 - Support
Have you tried restarting the computer? Don’t laugh, it fixes a lot of problems. Same goes for other devices too – printers, modems, etc.
OK, so you think you’ve got your IT issues covered because one of your staff took some computer classes. It’s helpful that your staff can work on some computer issues, but you still need to establish a relationship with a local professional IT vendor. A few words of advice from them can go a long way to keep you out of deep, perhaps costly problems. Technology issues are vast and change quickly, so you need someone whose skills and knowledge are up to date. Today, specific skills in cybersecurity are very important to keep your environment safe and adhere to any business regulations.
Here are your support options in order of worst to best:
- Ignore it: Yes, this is a strategy employed too often. I’ve seen IT environments neglected many times over my career, but this strategy usually ends in failure. If you don’t update your hardware, software, polices, procedures, or security, eventually, you’ll learn the hard way and wish you had done things differently.
- Utilize existing staff that are paid to do something else: Sounds good but wait! Just because someone has some technical aptitude doesn’t mean they can manage your IT. They may be able to fix small problems, but you will end up with the same results as Option 1.
- Find a volunteer: This can work, but sometimes you get what you pay for. This person should still be in the IT field developing their IT knowledge and be involved regularly with your environment or this will end with the same results as Option 1.
- Hire an online vendor: The number of companies providing this service has exploded in the last few years. Yes, this can seem cheap and is usually based on the number of devices supported, but I compare this type of support to insurance. You may never use it, but it can be handy to have if you need it. Read the Service Level Agreement (SLA) carefully since it will describe what is or is not included. Not all problems can be solved remotely, so will they come on-site? This type of service will typically require someone from your office to be the point of contact or the vendor’s boots on the ground, which will waste your staff’s time costing you more in the long run.
- Hire a local vendor (on-call): This option is “pay as you go” but can be the most expensive. If you call them only when you need them, you will pay their highest hourly rate, or they may not be immediately available. This option is a lot like needing a plumber or electrician at your house for a specific reason.
- Hire a local vendor (MSP - Managed Service Provider): Depending on your agreement with them, they will spend a scheduled amount of time per week or per month on your account for a fixed fee. This option enables them to be proactive and will likely get to know your staff and environment better. Once your staff knows when the support will be there, they can start saving their issues for when the technician arrives – thereby maximizing the technician’s time. If it’s an emergency, they will usually give scheduled clients preference. When signing the initial agreement, try to negotiate a trial period or limited period until they prove they are the right vendor for you. BTW, it goes both ways – I have past clients I will refer to someone else if they need further assistance.
- Hire in-house staff: If your organization is larger, this will be a cost-effective option and usually provide the fastest support to your end users.
The best option for your company will either be 6, 7, or a combination of the two. I usually recommend that a SMB either hire in-house staff or find a vendor that can come on-site at regularly scheduled days and times. These approaches are easier to budget, are proactive, and allow the support to get familiar with your staff and environment. Small, routine issues fixed early can reduce the likelihood of a major disaster.
As a rule of thumb, the minimum number of IT support hours per week should be about 20% times the number of computers you have. For example, if you have 100 computers in a server environment, you will need about 20 (100 x 0.2) hours per week to keep your environment running smoothly. 10 computers would be about 2 hours per week. There are a lot of additional factors where this will vary, but this is a starting point, and you can adjust later as needed. Effective IT support will also automate many things to help reduce future need.
Back in the 1990s when computers were being utilized more and more to get the work done, IT was thought of as a necessary evil when it came to spending on it. That’s why the CFO was usually in charge of IT – to keep costs in check. Now, IT expenses should be budgeted, and IT considered a strategic part of your business.
Non-Profit Tip
- If you can’t find a professional IT volunteer, then interview several IT vendors and ask them if they provide a discount for non-profits – many of them will.
Technology is so integrated into our work lives and unfortunately has become more complicated, ever-changing, and vulnerable. There are many other facets not covered here, such as policies, processes, data, audio video, peripherals, disaster recovery, budgeting, strategic planning, and training, but the basic areas covered here will help you manage your IT successfully. With the information in this article, you can now see what’s involved, contain costs, and talk intelligently with those you rely on to manage your IT environment.
43 years in the computer industry, I don't consider myself a "geek". Like a good doctor, I have a good bedside manner when helping others.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)