I've only worked in a small business (15-20 employees) since I got out of school, and I've handled the technological necessities since I started because nobody else could. I've handled things on an as-needed basis: troubleshooting problems, setting up new computers, maintaining an iron grip on software installations, setting up the network and administering simple network devices, etc. However, I'm completely self-taught, and I have no idea if my hacked-together system looks anything like a properly-implemented corporate IT system. So I want to know what one looks like. Specifically, I'd like to know if there are any resources I can check out on my own that paint the picture of what I should be trying to achieve. NOTE: I'm NOT averse to hiring an outside IT firm or consultant to help with specification and implementation. However, I don't want to be at the mercy of a firm's "knowledge" and my own ignorance; you can waste a lot of money that way, regardless of scenario.
posted by KinoAndHermes to Computers & Internet (16 answers total) 12 users marked this as a favorite
I'm really looking for a hypothetical book or resource called "how to set up your business IT systems." Here are things that come to mind that I could use help with:
1. Centralized secure file storage and access restrictions. Granular, flexible permissions preferred as opposed to top-down permission management.
2. Centralized management of the various workstations, so I don't have to go to each computer to perform updates, install software, do maintenance and such.
3. Proper anti-virus/malware/trojan/etc solutions.
4. Secure, remote access options for computers.
5. Learning how to use group policy to restrict what people can do to their computers. Somehow stuff (including viruses) sometimes gets installed without me having to use my Administrator rights to install it even if the person only has User status. I'd really like to restrict people's access in Windows, but I'm not even sure what are the most important things to restrict, honestly.
6. Internet restrictions and firewall setup. I really don't know the level of rigor I need to go into here.
7. Restrictions on or at least logging of any information that is removed from computers. This is important for the sake of protecting trade secrets and confidential information since we do a lot of interesting, new stuff we’d like competitors to not get access to when we let an employee go.
8. Passwords: Do I let people set their own passwords or give them passwords? Can I set restrictions on what they can use as a password in Windows? Is it better to have a good, difficult password or to have people change their passwords frequently? What if I need to log into someone's account to make account-specific settings changes but I only know my Admin password? Right now, I know everyone’s password, because I assign it to them, but I highly doubt that’s typical.
9. General IT security standard operating practices. Yeah, I know this is general, but I’m sure it encompasses a lot of specific things I need to be aware of.
10. Email security and management. Right now, we do not run our own email server, but use our webhost for email. We have a ton of information stored in email. I don’t know if this is an acceptable setup or not, but it’s probably one of our most effective information storage mechanisms right now. I don’t know if I should be backing up all these emails on to my own physical media, and if so, what would be the best way to do it.
11. BACKUPS. I was going to write a whole post on AskMeFi just asking about backup philosophy, because I think it's so important. Right now, I do occasional, non-automated, backup images of peoples' entire HDDs because I don't want to miss any files they or their software might save in a squirrelly location deep within Windows. Some, not all, people save their work to our central NAS device, which is set up in RAID 1 at least for some basic hardware safety. Still, it needs its own regular backups. I don't know what the best options are. Preferably, I'd like to do incremental backups of people's changed files instead of whole backups, but I'm not sure the best way to easily do this. Also, where do I physically keep my multiple backups of the information? Presumably, spread out and not in the same building. They'd need to be synchronized, though. Backups, in general, are something I know I'm dropping the ball on, and I need to know how I should approach this.
I'm not expecting anyone to go answer these questions number-by-number. These are just some things that I could come up with right now in my head. I am surely missing many other important things. I can research individual aspects or ask additional specific questions later either here or on other, more tech-oriented websites you might recommend for getting answers. I just don't have the experience to know what a standard system SHOULD look like. I don't know if I'll need to hire a full-time dedicated IT professional (seems unlikely for my company size) or if I can automate and secure things where I can split the load between me and my secretary or if I need contract an outside firm. In any case, I need to be completely aware of what's going on since I'm the number two in the company and am keenly aware of the pitfalls, legal and otherwise, of lackadaisical information and software management.
One more thing. If you've read any of my other questions, you'll have seen that I'm exploring ways to move the file and project management aspects (and maybe other aspects) of my company to the cloud. There's a huge amount of information generated in this small company ranging from tasks and discussions to quotes from vendors to technical data and everything in between. I talked to a technology/IP lawyer recently who cautioned that the cloud is an uncertain setup if you're trying to protect sensitive information. Paraphrasing his words: "Even if the data is encrypted on their server, as long as they possess the encryption key, they can expose your data if necessary if compelled."
So my question would be, are there any cloud services that ARE secure enough to use for a business by his standard or is his standard overly strict? I've looked at Dropbox (explicitly told not use DB by the lawyer), Box, and Egnyte for file management. I'm testing Smartsheet and have also been recommended Wrike for project management. And I've diddled with Trello, Workflowy, and Asana for to-do lists (see my very first question.) I like the idea of centralizing data in the cloud for easy collaboration and as a sort of backup. It seems much simpler than creating and running my own in-house servers and systems, and I like that. But I don't want to be accused of not doing what I can to protect company information if we ever have to sue someone for disclosing what we deem confidential information. I'd appreciate any thoughts on the cloud's role in a small, technical business setup and specific suggestions if you've got any.
Thanks for sticking with me until the end. Again, in my role I have to consider all aspects of the business simultaneously, so I need to be very knowledgeable about all of them. If someone else implements an IT solution for us, I need to be able to competently oversee what they're doing and manage it myself if the need arises. Right now, though, I just want to make sure I can see the whole picture and make sure I have all the puzzle pieces I need.