7 Smart IT Housekeeping Things Every Company Needs To Do. Even Solopreneurs.

One of the great things about a new client is learning from them. It’s easy to make assumptions about what a client knows. Sometimes we’re wrong.

Created by Quest Technology Group in Canva

How It Started

Our new client “Sam” is the kind of business leader we love to work with. “Sam” acquired an existing company and asked us to make sense of the mystery equipment, chirping battery backup, tangled cables, software, and services he inherited.

What makes “Sam” the coveted client is how quickly he said he knew how to successfully run the business, but he needed technology help. He was confident in his expertise and completely comfortable talking about what he didn’t know.

What I want to share with you are some essential and often overlooked to dos we discovered.

o Some of these you probably know.

o Some you are already doing.

o Some might be new.

In any case, these are reminders that IT teams sometimes fall short in delivering what you expect and need.

7 from Our Growing List of Discoveries

1. Anti-virus was disabled on all the devices. Windows Defender is included with the Windows operating system and is installed by default.

Action Items

• Windows Defender is not adequate protection because it is still reactive protection. That means it relies on previously discovered viruses to block them on your devices. Proactive protection uses machine learning to continuously detect and block potential risks before they become known.
  
  While Defender is becoming more proactive, there are more widely adopted advanced endpoint security solutions available. We installed the proactive protection we use ourselves on “Sam’s” equipment.
• If you are going to continue using Windows Defender, make sure it is enabled.
• Confirm it is enabled from time to time. Undiscovered malware on a device can turn this protection off, and you won’t know it.

2. Windows updates had not been applied since 2019. This is a basic security housekeeping practice you shouldn’t overlook. Windows releases patches in response to vulnerabilities in the operating system and known attacks.

Action Items

• Confirm that your servers, desktops, and laptops are configured to automatically install updates. Don’t rely on doing it by hand when you have time. You know what will happen.
• If you have an internal system administrator or an outsourced IT provider, they should implement a group policy that enables this feature and prevents individual users from changing it.

3. There were no login passwords on the desktops. There isn’t much more we need to say about that.

4. The company’s domain name was registered to a third party. It is not uncommon for your website developer to register your domain name for you.

However, your domain name is a valuable company asset that you need to retain ownership of. When a third party is the registered contact, they can control the ownership of your company’s domain name.

Action Items

• Do a whois (https://www.whois.com/) lookup on your domain name. There are 3 contacts: registrant, administrative, and technical. We recommend that your company be listed at least as the registrant and administrative. If your company is doing the technical development, then you will be the technical contact as well.

• Never use an employee’s name or email address as any contact. The risks should be apparent.

• Always use an officer of the company for all contact information.
• As a standard practice, we recommend using an email alias instead of a single person’s address. An alias doesn’t have an email inbox. Instead, it is an address that forwards all emails to one or more actual email address in the company. If one person leaves, then others in the company are still in the email communication loop.
• Check the expiration date for your domain name. If you are not the administrative contact, you will not receive renewal notification. Once your domain name has expired, it is available on the open market for anyone to purchase.

5. Neither the web developer nor the IT support provider has a secure website. Having an SSL certificate on a website has been standard practice for the past several years. It communicates to the website visitor that the company takes security seriously.

Action Items

• Make sure that your IT service providers have a secure site. It simply means they’re paying attention to basic security practices. A website — and providers — without an SSL certificate should be avoided.

6. Both the web developer and the IT support provider are home-based companies. First, this isn’t a criticism of where a business chooses to operate. These are simply some perception points that need to be considered.

Action Items

• Google My Business is a way for companies to claim their business with Google. You earn a visible position in the top right corner of the Google page when your company is found in a search.
• Google also searches for and displays a photo of your business. When your home address is listed with your Google My Business account, then your home is the photo people see. A modest single family home with 2 cars in the driveway, overgrown grass, and a garbage can at the curb might not project the professional look you’re going for.
• The Google account for “Sam’s” web developer has a prominent red “Temporarily Closed” sign. Remember, these are the folks who host our client’s website and own their domain name. The domain name is expiring in 3 weeks.

7. The IT provider has all of the client’s login credentials. When we asked for the login information we would need, we received a list of both the technical logins we need as well as every business account including their online financials.

Action Items

• Remember, the IT provider has a non-secure website, and he operates out of his home.
• What security controls does he have in place to safeguard his client’s accounts and login information?
• Who else is in his home that might have access to confidential information?
• The provider had a typo in his company’s name on his email signature. How much attention to detail is there?
• Create an account in LastPass and store all of your account login information securely.
• Only give login information to third parties on an as-needed basis.

One More Thing

If you are acquiring a business, a technology discovery is as important as the financial and legal due diligence.

We love building tools that make everyday things easier. Explore our ever-growing collection of free tools and resources. Grab your free copies.