Practical Tech: January 2025

Annual tech checkup for your business

Author

Olga Kudrina
January 01, 2025

 Published by Tenth Gear Consulting

Actionable: taking inventory and assessing the risk

Start of the year is a good time to evaluate your tech disaster planning, analyze potential exposure and review contingency plan.

While you can’t foresee all risk, it pays to be defensive. Identify areas where

  • your business depends on the platforms and systems you do not control

  • the critical data is stored outside of your reach

  • your business decisions and operations are driven by restricted technical capabilities

Here are few examples:

Marketing

If social media marketing is part of your lead generation strategy, what would happen to the funnel if the channel disappears?

7 million businesses grappled with this exact question while TikTok ban was discussed.

Hacking and account bans are devastating but well known threats. Losing years of hard work due to political decision is a new and unexpected angle.

If you haven’t already, setting up systems to own your content, be able to present it on your website and own your followers contact list is a prudent task.

Website

Ongoing WordPress leadership discourse threatens the stability of the platform which in turn increases the risk of disruption to business operations.

Consider the impact of broken plugins and installs, lack of critical security updates and patches and reduced speed of feature development - and how it can affect your business continuity.

Having a fully fleshed out “just in case” migration plan is prudent.

Data

Last month Bench, an accounting startup that provided SaaS for small/midsize businesses shut down without any warning. While customers can still download their data, they have until March to do so - but the situation could have been made much worse if download was not readily available during the critical end of year time.

Who has your data? Relying on SaaS may make it feel that backups are the relic from the past, but companies can and do go under or experience catastrophic failures, hacking and data loss.

Do you have a local copy? How old is it? Not all data is valuable - but the exercise to list and categorize your data is.

Vendor lock-in

Having multiple vendors to support your business processes is convenient and cost effective, but perform annual evaluation on how easy would it be for you to leave them and what the cost of transition may be.

Why planning to leave? The reason may be external - unsustainable cost increases, vendor focus shift to enterprise customers, decision to take product or service in a different direction resulting in a loss of an important feature.

The reason may also be internal - as your company grows and changes, previously sufficient solution is now a blocker.

This exercise helps to identify incoming change point after which the balance of convenience and cost tips.

Looking for inspiration for your annual check?

Grab this document to start.

Pulse check: do you have AI usage policy?

Regardless how you feel about AI, it is becoming unavoidable thanks to bundling inside business software.

For example, Google had announced the plans to include Gemini AI in all Google Business and Enterprise plans, noting that “for now” a very small customers will not be affected. The plan comes with mandatory $2 increase.

And of course Microsoft has CoPilot.

While the promise is increased productivity, ensure that risks are evaluated and policy and training is in place.

Here are few suggestions to start:

  • Define acceptable AI usage policy in your company - outline specific actions for which AI can be used.

  • Create a list of standardized AI generation tools and a process to request additions or replacements

  • Be clear on the consequences for not following the policy.

  • Design ongoing training for your staff on using AI and how to do so responsibly and securely. Consider rapid changes in the field

Need help to craft initial policy? Grab a sample here.

Emerging Risk: malicious URLs with a dash of AI

The promising business lead may be a trap.

In the past one way to determine if the company is legit was to check their website and social media presence. Suspicious companies were easy to spot - but that’s no longer the case. Age of AI unlocks not just fake auto generated people but companies - with the polished website full of content and daily posts on LinkedIn.

When such company reaches out to you to discuss an attractive business deal and schedules a video call, it doesn’t raise an alarm. Neither is the invite link that requires you to download a video call client for software you never heard of.

Except now a newly installed malicious application can steal private information, putting your entire business at risk.

This threat scenario has been already spotted in the wild by the Cado Security Labs. While the angle is new, the prevention is the same:

  • Don’t download software you don’t know - even if for talking to a potential client about one in a million deal of a lifetime. Use well known video clients like Zoom, Teams, Webex instead.

  • Never trust links even if they arrive form a known contact - that too is easy to spoof.

     

Expect more social engineering scams to arrive. In the age of AI, nothing is what it seems.

Quick tip: optimizing consulting spend

Before hiring outside domain experts, ask your crew to define the problems.

The people in the trenches doing the work have a better understanding of your business’s bottlenecks - and are uniquely equipped to suggest improvements to processes and functions.

Once the problems are defined, reach out to experts. This way consultants will spend time solving problems instead of discovering what is already known.

Thank you for being a subscriber!

Have a question? Reach out anytime - all emails are answered.