Small and medium-sized businesses have a hard time deciding to implement corporate software, but they are the fastest to feel the effect: in such companies it is easier to make a successful implementation, train employees, and quickly achieve productivity growth (or not and give up). However, something can always go wrong – in any external and internal situation, for reasons beyond the control of the company. And while large corporations are worryingly but confidently searching for multimillion-dollar alternatives to multimillion-dollar solutions, small companies are struggling with difficulties that take money away every day. It could happen any day, and it’s best to know what potential problems await small companies.
Let’s start with the essentials. Security
Back in 2007-2010, even in large companies, one of the main security problems was the excessive curiosity of employees, second place was their naughty hands, and third place was attempts to compromise data or sell commercial information to competitors. After 2010, companies’ information security began to cover an increasing range of tasks: and today, in the spring of 2022, companies must assess internal, external, country and geopolitical risks. Previously, this seemed like a surprise if you are not a “Gasneftlesprom” company, but a small or small medium-sized business. Today, one of the critical points has become the issue of preserving critical data and accumulated databases.
So, let’s look at the security issue in more detail.
In the first place of security risks are the providers of services and software. We all know that large businesses have had problems with the services of large international IT companies. But we in our SMB market see things that are invisible in the noise of the news: denial of service, multiple price increases for important IT products, and even maternity mailings explicitly stating that customers will no longer be served, servers and infrastructure will be shut down, and “data will be used.” No backups are issued, either. In fact, many companies are facing the Achilles’ heel of cloud services: they can be shut down quickly and without warning, with customer data remaining on “extinguished” servers, where backups may also be (if the company has put too much trust in the vendor).
This is terrible because it gets in the way of the operational work of simple companies with hundreds and thousands of employees. By the way, if you are among these “abandoned” clients, we are ready to provide you with great software on great terms (details at the end of the article) – we are sure that in a crisis, every company must do for others everything that is possible and affordable for it. And yes, our CRM-system – the server, on-premise, that is, all of your data is stored on your own servers (or on your chosen reliable VPS) and is completely owned by you. This advantage has been appreciated by many customers and it really fits nicely into the information security loop.
But I would be lying if I said that this behavior of software vendors is something out of the ordinary in special circumstances. No, in just a few years we’ve seen both forced disconnections from the free plan, and servers going down for a couple of days, and data leaks, and unilaterally changing plans, and radical system updates without notice (up to and including changing functionality), and backups and database dumps from the cloud for money. It happens in companies that like to “change the concept” of development and growth on the fly. Customers suffer, of course, and, more importantly, end users – because they experience problems directly with the working tool.
But that’s not all. The supplier can suddenly disappear or cease to exist (especially if it is a dealer of a vendor with a “diversified” business). You’ll be calling the number that bombarded you with extraordinarily beautiful presentations and promises a couple of months ago, and the receiver will be a non-subscriber. So choose either directly systems developers (there are a lot of them on the market, moreover, there are even unknown, but diligent and of high quality), or reliable partners, checking their experience in the industry, discussing real scenarios of use and negotiating every point of future work (the vendor partners can achieve your payment at any cost, but do not have the necessary competence). You won’t hurt anyone if you’re careful in choosing a vendor.
Employees have always been the number one risk, but now they come second. It can be malice, carelessness, negligence or simple laziness – the root cause is irrelevant if your customer data leaks online and is sold by the pack or ends up at your competitors, who in most cases will not shy away from even the most modest database of a couple of hundred records.
Passwords that are poorly secured, unmonitored and stored in any way are still vulnerable.
