Bad I.T.-- whether internal or external-- can hurt your business in so many ways, from downtime that kills production, to loss of revenues. Some shameless I.T. providers may even literally try to withhold access to your technology to keep you from seeking out better solutions. In this vital discussion, learn how to recognize the warning signs of bad I.T., protect your business, and build a true partnership with your I.T. provider.
Tom:
I’m going to have to keep this guy around forever because I’m screwed if he’s gone and all the reasons why that’s a really, really bad situation to be in. And it’s never as bad as they think.
Christina:
There’s that and then there’s being in a bad contract. Is there any other main point to hit for being held hostage?
Todd:
Lot poor documentation, secretive, [crosstalk 00:00:32] there’s not a lot of… what?
Tom:
Hoarding.
Todd:
Hoarding information. Let’s see what else? Passwords that are only known-
Tom:
I’ll throw out our saying. Yeah. Tim’s saying that he shared with us and we’ve said a hundred times is no cowboys, no pirates, and no ninjas in IT. Cowboys just do whatever the hell they want. And they just… No pirates is hoarding information and ninjas are no sneaking in and fixing something and not telling anybody and disappearing and not actually providing customer service.
Todd:
Why’d you ever tell us that? That’s like awesome.
Christina:
It’s good.
Speaker 3:
We’re going to wake up and there’s going to be a whole new card on the sprint about this now.
Todd:
Pirate swords and ninja stars.
Tom:
Yeah, your Cowboys can kill the ninjas and the pirates can go drowned.
Todd:
Then that just summed it up. Ideally if possible, I would love to get the questions that a business owner should ask to know whether they are being held hostage.
Tom:
Mm-hmm.
Todd:
That would be wonderful.
Christina:
Okay. So would it be helpful for me to ask those questions? Like, should we come up with them right now or…
Todd:
Meh. Tom will pull this crap out of his butt. All good.
Christina:
I’m just trying to find my place here. [crosstalk 00:02:27]
Tom:
I think you can ask the question. So how does a business owner know if they’re being held hostage, if they’ve never thought about it from that angle before, how do they know?
Christina:
Okay.
Tom:
What are some telltale signs? And what can they do about it at some point? So if a business owner starts to realize that may be the case, what should they do?
Christina:
Okay.
Tom:
Hire JMark.
Todd:
Yeah. Say it just like that. Clear as mud?
Christina:
Sure. Pretty much.
Todd:
Awesome. Oh yeah. We’re not broadcasting so-
Tom:
Yeah, this one we definitely don’t want to.
Todd:
Yet. Okay. Welcome again. We are talking today about kind of an interesting topic that we had some fun with in the past that we have lots of interesting analogies with, and that topic is about being held hostage. No, we are not talking about being held in a bank or being physically held up hostage, but being held up by your IT. We have seen this play out over and over again over the years, where an organization will be held hostage by an internal IT person, by their IP company. Generally, it’s a smaller company that’s less mature and in other ways as well. So Tom, why don’t you tell us a little bit about some of these… What have you seen and what exactly does it really mean to be held hostage and why is it so damaging?
Tom:
Yeah, a great question. Well, what oftentimes happens as a business grows is they bring someone on to be responsible for the IT environment. And as an organization grows, so does the proprietary knowledge of the person responsible for IT because they’ve added applications, they’ve added customizations. They’ve added these functionalities within an organization that only the guy knows whether that’s in-house or outsourced. And if that person were ever to get hit by a bus, disappear, fall off the face of the earth, win the lottery then the organization feels like they wouldn’t be absolutely sunk.
Tom:
And there’s just no way that this person could go away. It’s almost like a sacred cow, like oh yeah don’t make Bob the IT guy mad because he might not fix your stuff in those kind of circumstances. And so it really leaves the business owner or people responsible for running the company feel like they’re being held hostage by Bob the IT guy or whoever it may be that really, they feel kind of powerless in order to create accountability for.
Todd:
And I think if anybody is listening to this or watching this, they might come to the conclusion that we’re talking about something that rarely happens, but it happens quite often.
Tom:
Mm-hmm. It happens so often that one of my good friends and board members, Tim has a saying that we share inside the organization and that is: in IT you can have no cowboys, you can have no pirates and you can have no ninjas. And it all revolves around this. And what we mean by that is no cowboys, which means you can’t just go off and do whatever you want to do and not worry about the ramifications. No pirates means no hoarding of information. Everything that you do has to be documented and shared. And no ninjas. And that means that you don’t go in and fix something and then disappear when nobody knows that you were there and not provide your customer service.
Tom:
And so it’s kind of a fun play on those things, but in terms of how significant it is we had to come up with these fun ways to share with our organization that you can’t hoard information. And oftentimes in IT, you have somebody who feels like that’s how they create power is by being this person of great significance. That is all-knowing, kind of an oracle of IT and that’s how they prop themselves up. And that is just bad. Bad for every organization in any circumstance.
Christina:
So when we’re talking about being held hostage, I feel like a lot of business owners have never thought of it that way. And you’ve already given some examples, but can you give any more of how maybe they can know that they are in that position?
Tom:
Great question. I think one of the easiest ways to know is we’ve got a checklist that we can provide of questions to ask IT. And if they’re willing to give it and not worry about it, which includes like admin passwords and processes or documentation for how to set somebody up or how to disable a user or how to install an application. If they’re willing to do that and share that, they’re not holding you hostage and they’ve got your best interest at heart. But if they look at you like, wait a minute, why do you want this information? This is my information, this is not yours. It’s like well, my business. And we’ve literally been in circumstances where we were evaluating a network and the IT guy said, “well as long as I’m in charge of IT, nobody is getting that password.”
Tom:
And the business owner looked at him and said, “okay I would like for you to meet your replacement, you’re fired. You’re no longer in charge of IT, give me the password.” And it happened all in about 10 seconds because he realized that the guy wasn’t focused on his best interest, longterm. That he was trying to create value or substantiate value by hoarding this information. And so one of the best things that you can do is just ask for that information to say, “hey, we’re putting our business continuity plan together. You’re a part of that. If you get hit by a bus, we want to make sure that we’ve got this documented. Can you provide me with this list of things that we need as an organization?” And if they’re happy to do that and provide that to you, then you’ve checked the box that you’re in good shape, but it’s when you get that push back that you need to start questioning whether or not you’re in a bad situation.
Todd:
So let’s break it down a little bit deeper though. What are these things that they need to look for or ask for? So for example: passwords would be one, the backup disaster recovery plan, documentation of the network, specifically passwords to network devices, past administrative passwords to that domain or system. What else?
Tom:
Yeah, well it’s just documentation as a whole. So if you think about one of the bad things that oftentimes happens with small IT organizations is they’ve created workarounds. Like everything is not set up to best practice and love the street. And because it’s not set up to best practice, there’s these things that will break on the network and there’s a set of steps that people have to go through in order to resolve these one-offs or these things that are not set up well on the environment. And so it’s like, hey we know that once a week, you have to go in and do this process to reboot the server. Do you have that documented? And if not, do you mind document it? So it’s kind of the SOPs, the standing operating procedures that it takes to run IT in that environment.
Tom:
And one, if they don’t have any documentation they’re already not following best practice. So that’s a red flag, but two if they’re unwilling to provide good documentation and or train others on being their backup, then that’s another great big red flag. And then there’s just the fundamentals that you brought up, like I need to be able to access everything on the network,:firewalls, routers, switches, computers, domain, servers, whatever it may be I need access to it. I want it all documented in a secure environment that only you and I have access to, but it gives me safety to know that if something were to happen to you, that we can still run your organization.
Todd:
Also, I think just speaking from experience here, a lot of IT people, documentation is not their favorite thing. And so I think the first red flag is that you ask for documentation and there is none. And then the second red flag is you ask them to create documentation and they don’t, then there’s definitely some big problems.
Tom:
Big problems. And the truth is that people that get put into this circumstance and they kind of go through this process and they realize that they’re in a little bit of trouble and they think that there’s no exit strategy. There’s no way out of it. And the reality of it is that that two out of eight, I don’t know, two out of seven clients that we walk into have this kind of a situation. And so we’ve got a whole lot of experience noodling through the network and figuring these things out, using our tools, making sure that we understand what’s going on. Sometimes having to reset passwords or reset devices in order to make sure that we recover them. But we know everything that needs to happen because we’ve done it so many times.
Todd:
This isn’t some kind of a trick or anything. I mean, bad things do happen. I mean, we had an incident that Jeremy told me about in sales that a number of years ago, there was an entire IT team that was out in training somewhere and on their way back they had an unfortunate accident and everybody died. And they called in JMark and we had to start fresh for everything is what I heard because all that information wasn’t documented. And it’s truly unfortunate that something like that can happen, but that’s why we create backup and disaster recovery plans. That’s why we create documentation. That’s why there are succession plans and things like that. And all that is around the safety of the organization because not having that information can cost a lot more than having it. It’s not worth saving a relationship because you don’t want to confront somebody that’s holding you hostage.
Speaker 3:
[inaudible 00:13:56] would have to be as drastic and dramatic a situation as that, the IT guy could typically be on vacation. At a previous company I worked for, there was a time where there were just three of us. The owner was at a trade show and so there were two of us there that day, server crashed, everything went down, everything was black. We didn’t know what to do. The owner was at a trade show and he was speaking. So we couldn’t get a hold of him, the outside guy that we had hired, the IT company… It was a one man show was on vacation. He hadn’t even actually informed anybody that he was going to be gone for a week. And so there was literally nothing to do. We went home and could do no work for about three days until the owner got back and was able to get ahold of this guy who was camping up in the mountains and get that guy, put them in touch with somebody else who could come and fix things. And we were down for three days with nothing to do.Tom:
Yep. Go ahead, Christina.
Christina:
Oh, you go ahead. I was about to move on to something else, so.
Tom:
Well and that’s exactly what I was going to say was that’s exactly the reason why we don’t have any single points of failure inside of JMark is because we want people to be able to go on vacation. You know, we talked not long ago about people first and technology second. And part of people first is enabling people to go on vacation without getting a thousand phone calls while they’re on vacation because they’re the only ones that know a piece of information. If it’s not documented, it didn’t really happen. And so we have to make sure that not only are we doing what’s right, we’re documenting it. And then there’s a team of people that know how to support that beyond a single point of failure.
Christina:
So we’ve talked about what it means to be held hostage and to know if you’re in that situation, what can someone do if they do find themselves in that situation?
Tom:
Call us. It sounds silly, but a good IT organization is going to be able to work through any of these situations, even though it’s unfortunate. And sometimes it means that a business owner has to let Bob the IT guy, whoever it is go or let a company go and it’s unfortunate. Sometimes it’s just a matter of having the courageous conversation like we described and saying, hey we’re building our business continuity plan and so we need to put this list of things together and we need you to get it done. And I’m not going to approve your vacation until you do it or whatever it may be. But it really is understanding that because IT is critical to an organization, that you’re failing as a leader if you’re not protecting the rest of your organization from the single point of failure.
Tom:
And from this hostage situation. You’re really letting people down because you’re putting their livelihoods at risk if something happens to that individual or even in a bad situation where not only have they hoarded the information, but they put a bad design in place that nobody’s looked at are verified and the whole system crashes, and then an organization is absolutely sunk.
Tom:
So having an organization command, do an assessment, make sure that the documentation is good. The environment is set up for best practices really does help because oftentimes whether it’s an internal IT shop or a small company, they have a hard time keeping up with all the best practices and that can create risk in environment. And so just having that third party validate whether or not the best practices are in place, whether things are being done right, the documentation is in place that the organization essentially is safe. It’s a little bit like taking your car in and having a checkup done to make sure that everything’s working like it’s supposed to. If you don’t do that every now and then, you’re just kind of making some kind of not-so-good choices.
Todd:
Also add that someone listening to this might come to the conclusion that we’re just trying to paint everybody but ourselves in a negative light, whether it’s an internal IT or some small IT company, but the truth is that we work with a ton of companies that have internal IT. And we have gone into companies in this situation and the act of bringing us on to manage different aspects of the infrastructure has kind of kicked the internal IT into gear and made them realize what actually they need to be doing and help to hold them accountable.
Todd:
And it’s very true that business is business and things are constantly moving and there are many IT companies that start out with great intentions and they serve their customers great, but they’re just not moving and innovating as fast as you are. And we’ve gotten into many organizations where that’s the case where they are happy with whoever they’re dealing with, but the problem is that they’re outgrowing them. Response times may be going down, they’re not getting the strategic knowledge that they need to move their organization forward and understand how to set security and technology up for success in the future.
Tom:
Yeah. You nailed it, Todd and I would add to that by saying sometimes it’s not a matter of the IT person not wanting to do these things. Sometimes it’s a sheer capacity thing and they literally don’t have time to get to it because they’re chasing and putting out fires. And so when we’re able to work in an environment like that, we’re kind of freeing the IT person up to do all the things that they wanted to do, that they never got a chance to do. And you’re exactly right. I would say I don’t know, 40% of all of our clients have some sort of an IT person within the organization. And what we can do is empower that person to accelerate and do a lot more, create more value in the company because we’re taking over a lot of the rudimentary, fundamental pieces or the commodity pieces or the strategic pieces, whatever the gap is that exists in that organization, we can fill it and then empower that individual to provide a lot more value.
Todd:
Yeah. A lot of smaller IT companies, they have a very limited set of skills from the sense of this is their product and it’s generally some type of all-encompassing break/fix type service or reactionary type service I should say. And that’s where JMark really shines is because we can fill in gaps in so many different areas, whether it’s compliance, whether it’s security, whether it’s the workstation, the server, the network infrastructure. There’s this whole gamut of gaps that we strategically can be placed in to help the organization be successful.
Tom:
Absolutely. Yeah. And in our proactive and health team, we’ve developed these processes that we do on our client networks and on an average network of 50, 75 computers, maybe a hundred computers, whatever it is we’ll literally run millions of scripts against that network every single month, just to make sure that it’s healthy and do the health checks and make sure everything is okay. And it would literally take years for people to do those things and we’re able to do it in a matter of seconds with technology. It’s pretty amazing.
Todd:
Yeah. I don’t want to dance right over that because that is extremely powerful. I mean, we’re talking that we have put thousands upon thousands of dollars in investment into creating these automated processes and automated tools that function in a way to help prevent things and help to alert us. And very, very few companies have the bandwidth or even the time to do that. And it goes back to that old saying, you’re not paying me for fixing your problem in 10 minutes, you’re paying me for 30 years of experience. And so it plays in that a little bit in the sense of we can run automation that will do mountains of work and provide us mountains of feedback, that it would take a single person a year or more just to hit every touch point. And while they’re doing all that, all these other things are happening that they can’t get to. So, that’s pretty powerful.
Speaker 3:
I also wanted to ask about we mentioned being held hostage simply by your IT, and I think one way this happens, I know I’ve heard you talk about this before Tom is companies grow and as you grow, you don’t have the time to slow down. And so you have a problem and you grab a piece of technology to solve that problem. And then you have another problem so you find the solution over here and suddenly your technology becomes unwieldy and that’s holding you back because you’ve got this pieced together solution that hasn’t been looked at to use Todd’s word holistically and make sure that it’s not holding you back.
Tom:
That’s exactly right. And that’s why we spend so much time and energy inside of our organization around that strategic planning and our CRMs inside of our organization. Their whole job is to take that step back and look at things holistically. So they’re gathering information from the support teams, they’re gathering information from the business owners, from the stakeholders in the environment. And then putting that together and developing that strategic plan to make sure that we don’t have cowboys. That we don’t have all these loose ends that are out there, that we’re bringing it in and making sure that everything’s focused and intentional.
Tom:
And it’s really, really common for us to walk in and find a random access point that somebody put it in an environment that the business owner didn’t know that was there and it was not secured properly. And you can get on the network from the parking lot by driving up and just joining and getting on the network and doing whatever you want to do. And so it really can become a major problem for an organization if they don’t have those strategic plans.
Todd:
So great conversation to sum it up: don’t be an IT cowboy, don’t be a IT ninja and don’t be an IT-
Tom:
Pirate.
Christina:
Pirate.
Todd:
Pirate. That’s it. I forget the pirates, [inaudible 00:25:07]. Great conversation and we’ll be posting some more information on our website that you can look at and download and please reach out to us if we can help to determine if you’re being held hostage. Take care.
Tom:
Thanks everybody.
Christina:
Yep.
