Why, when Information Technology (IT) is critical to the success in modern business, do so many companies play at it? Or is it just me?
It is a rare company these days that does not rely on some form of IT to help manage their business data/processes. Yet there appears to be a significant number that fail to give sufficient consideration to the hardware, software and networking they use (and the skilled staff required to maintain them) and are probably unaware of the risks they face.
Anyone can purchase a PC or Mac and access Google docs or some other (free) office tools to help them maintain communications and data. I accept sole traders and really small companies have fewer options but they should still manage the risks such a dependency presents. In these days of cyber attacks on organisations such as the NHS (111 service) in the UK. A lack of anti-virus/-malware/-ransomware protections and one ill-considered click on a link in an email can have a terminally impacted; although I am sure NHS 111 will recover.
Small-to-medium companies (in the UK) would be wise to be aware of Cyber Essentials, and I am sure other countries have equivalent national initiatives. But that is not the sum of the risks but advice needs to be sought to;
- ensure their networks are safe and resilient,
- data backup and recovery processes are established, regular and tested,
- maintain the hardware, and the operating system that runs on them (such as MS Windows), to keep them up to date,
- make sure all the software products they use are adequately licenced and current.
These all carry a cost but no business operates free of costs and the potential cost of not caring about these issues are likely to be far greater.
There is also the need to take care of any data (especially that of a personal nature) a company holds and adherence to regulations such as the General Data Protection Regulation (GDPR in the EU). Failure to do so can result in severe legal consequences especially in the event of a data breach.
However, I think one of the biggest, somewhat hidden risk, to medium size companies comes about when they decide to take on specialist software without engaging the required consultancy or worse, when they take it on themselves to develop their own software.
Small companies don't even consider engaging in such costly endeavours, seeing little opportunity to realise return on their investment. Larger companies on the other hand are able to secure the skilled resources and adopt the good engineering processes required to develop software in-hour, or contract development to an experienced third-party specialist.
Yet there are some middle-sized companies, dissatisfied with the limitations of generic products or unwilling to pay the costs of licencing specialist applications (or the consultancy costs require), that decide to develop their own.
The problem is, many companies are unaware of;
- the skills and experience required, and how much they cost,
- the Software Development Life Cycle (SDLC), how to manage a development project, how long they can take, and the commitment required from the business,
to do the job properly.
There are plenty of enthusiastic amateurs eager to make a profession from their self-taught (or YouTube/bootcamp acquired) skills, and there is value in having such individuals on a well managed (experienced) development team. But taking such, often cheaper and, inexperienced resource into a company to construct software critical to a companies business model is foolish at best and darn-right reckless at worse.
I equate such behaviour to paying someone with replacing a workplace roof because they won a prise for constructing Lego buildings or once successfully assembled a wooden rabbit hutch. Would you feel safe under such as roof?