I don’t have to tell you why one person shouldn’t be solely responsible for processing the mail, handling the bookkeeping, signing checks and making deposits. Everyone knows the business risks inherent in solo access to critical information. However responsibilities are divided, we also rely on a documented system of checks and balances to maintain security and keep the business running smoothly and profitably. Businesses fail when they don’t keep accurate and accessible financial records.
So how is it that so many growing companies count on one person to know everything about their technology systems—even and especially passwords? If that sounds like your business, think about this for a moment: you have enabled a single person to have complete access to your financial systems with minimal controls. Why? How did this come to be a standard business practice?
If I’m starting to boost your anxiety level, you might find yourself puzzling over the answers. But I guarantee you it will be more productive to figure out what you don’t have access to and take immediate steps to correct that situation.
If all passwords to your servers are not available to you, if you don’t know where critical information is stored and how to access it, if you don’t have a roadmap to where things are in your systems, you need documentation. Technology requires the same level of detail that you require on your books, so that just as you keep track of you revenue and expenses, you have a complete and ongoing record of your technology network from setup through maintenance and updates.
Although it often elicits groans and moans, auditing your financial records serves a valuable purpose. So too does auditing your information system. When was the last time server passwords changed? When was the last time you made sure your access to your servers worked? What are the processes for adding new employees, and perhaps more important, removing access for departing employees? Cleaning up the trash isn’t glamorous, but it stinks when it doesn’t happen.
Odds are your IT person is the solitary keeper of all of the information housed on your system. If there’s no documentation to enable you or other appropriate people access, you’re running a risky business. As good as your technology wizard may be, company security is in danger.
Managed services providers, especially those that embrace ITIL, provide all the information you need as a part of their services. If you don’t have current documentation and lack basic controls on your systems, then it would be wise to call a technology consultant whose expertise will enable you to create a system of checks and balances. Bring in the right consultant and you’ll have IT processes as buttoned down as your financials.