4 IT Mistakes All Startups Should Avoid

3/31/14Follow @metricstream

Information Technology (IT) can be a startup’s biggest asset. Take, for instance, the cloud, mobile devices, and social media—they have all opened up exciting new business opportunities for startups, while also offering them the tools to grow their business powerfully.

Yet, we have seen multiple startups make critical IT mistakes. Consequently, their business operations become less efficient, less secure, and more complex. Let’s look at a few of these mistakes that startups should avoid.

1. Ignoring the Need for a CRM System

As a startup, you’re a small business. You don’t have too many customers to track, and spreadsheets do the job fairly easily. So why invest in a CRM system?

Well, let’s look at what might happen if you don’t have a CRM system. Your sales team might not have the ability to distinguish between cold leads and warm prospects. They might not be able to identify opportunities for upselling. Or, they might end up contacting leads who have already purchased your product/ service—these customers get irritated, while your company ends up looking unprofessional. Worse still, a sales person might leave the company and take their spreadsheet with them—which means that you lose all data about the customers and prospects they were managing.

If you have a CRM system, your sales team has a better view and understanding of customers across the enterprise. The system acts as single, unified source of customer data. It helps you efficiently coordinate marketing activities, while also forecasting sales, and identifying areas of concern/ opportunity.

Implementing a CRM system from Day One is crucial. The longer you wait, the more difficult it will become to collate data for hundreds of customers.

Look for a CRM system that is intuitive and fairly easy to use. It should be automated, scalable, and configurable. Pricing does matter, but with the advent of the cloud, there are multiple affordable options that you can choose from.

2. Inadequate Information Security Measures

In 2013, the New York Times announced that hackers had infiltrated its computer systems, and seized the passwords for its reporters. Later, Adobe suffered a massive cyber-attack that compromised about 38 million user accounts. Similar breaches affected the Department of Energy and the Washington State Courts.

If these large organizations with sophisticated security measures can fall prey to security attacks, then how much more at risk are startups? Take the example of LivingSocial—in early 2013, the e-commerce startup was hit by a cyber-attack that compromised data for more than 50 million customers.

The Online Trust Alliance estimated that in 2013, over 740 million records were exposed. Some 89 percent of the breaches in the first half of the year could have been avoided if companies had employed simple controls and security best practices.

Realizing this, regulators are toughening their investigations of how effectively companies—including startups—are complying with IT security regulations and standards such as HIPAA, PCI DSS, FISMA, GLBA, and NIST SP 800.

In that light, let’s look at a few security measures that startups should implement. A centralized firewall alone is no longer effective. You need a multi-layered security approach, right from the local desktop level (e.g. anti-virus software) to the network level (e.g. two-factor password authentication). Encrypt all sensitive information, as well as communications with wireless devices such as credit card systems. Establish comprehensive IT policies, and update them regularly. Conduct security audits to identify loopholes.

3. Leaving Mobile Devices Unprotected

The BYOD trend offers startups the benefits of cost savings, flexibility, and convenience. Yet devices such as cellphones, tablets, and laptops often hold sensitive corporate data including IP, customer details, and trade secrets. What if these devices connect to an unprotected network? What if they get stolen or lost?

A 2014 PricewaterhouseCoopers report indicates that only 42 percent of organizations have a mobile security strategy, while even fewer (39 percent) have deployed mobile device management software, and only 35 percent have strong authentication on devices.

Increasing security attacks on mobile devices have made it critical to improve security controls. As a startup, you should consider all mobile devices as integral parts of your infrastructure. Implement the same degree of protection for these devices as you would for desktops, networks, and servers.

Make sure that employees understand the do’s and don’t’s of working from their devices. Encourage them to create separate mobile work accounts, and access the Internet only over an encrypted network. If a device is lost or stolen, enforce PIN locks to shut down the device; or, remotely wipe the device clean of all sensitive data.

4. Never Changing Conference Call Numbers and Passwords

This may seem like a relatively mild issue. Yet at MetricStream, we discovered that by not changing our conference call numbers and passwords at regular intervals, we were opening ourselves to the risk of ex-employees “spying” on our calls.

As a startup, you will probably have numerous conference calls with your staff to discuss information such as sales numbers, marketing and strategic plans, key customer accounts, prospects, and intellectual property. Most employees will be given a passcode to participate in these calls. When they leave the company, they take the knowledge of these codes with them. That’s why it’s important to change your conference call details regularly.

The same applies to passwords for things like social media. If someone who manages your company’s social media account leaves the organization—particularly on bad terms—there is always a risk that he/she will log onto the company’s social media account and post unsavory information, or reveal company secrets. So make sure that you have a policy to change passwords every month for all your accounts, and educate employees on the need to do so.

IT mistakes can be a serious cause for concern. Yet, don’t let the thought of them paralyze your business plans. The key is to be aware. When you identify and understand potential mistakes, you are empowered to ensure that they don’t occur.

Shellye Archambeau is CEO of MetricStream, a Palo Alto, CA-based company offering governance, risk, compliance, and quality management solutions to enterprises in the pharmaceutical, medical device, high tech manufacturing, energy, financial services, healthcare, manufacturing, food and beverage, and automotive industries. Follow @metricstream

By posting a comment, you agree to our terms and conditions.

  • incontroltech

    The main issue for most companies that is the root cause of all of the issues mentioned is a solid IT Asset Management solution.
    Funny companies put so much into their ERP system to manage their finances but little into ITAM – you cannot manage or secure what you do not know about – that simple!