The 5 Most Common IT Mistakes SMBs Should Avoid in 2023

Each year the challenges facing small and medium businesses (SMBs) evolve. As market conditions change, cultural shifts occur and even pandemics come and go, the stresses and pressures SMBs battle inevitably change, too. While the information technology (IT) problems SMBs must overcome often persist, new developments occasionally necessitate adjusting an organization’s technology strategy and approach, lest a business lose efficiencies, become vulnerable to new risks and prove less competitive. 

Here are the five most common IT mistakes SMBs should avoid in 2023. While these technology errors and oversights track consistently with problems from past years—Louisville Geek previously addressed both The Top 10 Technology Mistakes Small Businesses Make and 5 Technology Mistakes Small Businesses Make and How You Can Avoid Them—there are subtle differences that warrant attention and action, especially if one of these common IT mistakes is occurring within your SMB or threatening to become a potential issue. 

1. Failing to Properly Prepare for Disasters

A perennially recurring problem for many, especially smaller operations that typically do not possess larger enterprises’ resources, is failing to effectively prepare for disasters. No organization should operate without a proper business continuity and disaster recovery (BCDR) plan. In fact, disaster planning is possibly the single most underrated component within SMBs. For small firms, preparing and maintaining a disaster plan is particularly critical, as they often lack the capacities and resources to recover should a flood, fire, lightning strike or similar catastrophe occur. Subsequently, surviving an extended unplanned outage can prove more difficult for SMBs. 

To improve preparedness, all SMBs should maintain a written disaster plan. As noted within The Top 5 Disaster Recovery Planning Mistakes, waiting until a disaster occurs is too late. The best defense against disasters and the accompanying unplanned outages and operations interruptions is advanced planning. 

Commonly accepted best practices prescribe addressing multiple steps when preparing an effective disaster plan, including: 

  • Specifying disaster planning and recovery contacts 
  • Performing a business analysis to confirm critical infrastructure 
  • Interviewing key stakeholders to identify production-dependent systems and workflows 
  • Determining the organization’s business recovery thresholds and requirements 
  • Designing recovery strategies 
  • Selecting and implementing recovery technologies 
  • Testing the disaster plan 
  • Scheduling regular reviews of disaster preparedness plans 

 Once a proper disaster plan is implemented, and even when SMBs already have BCDR processes in place, plans must be regularly reviewed and tested to ensure they remain relevant. Without such regular reviews an SMB may discover, at the worst possible time, that specific elements of its disaster plan missed key components or became outdated due to new apps, services or sites having been deployed but not included within disaster recovery processes. 

 The need to prioritize disaster planning cannot be overstated. Failure to properly prepare for disasters poses an existential threat to all organizations and SMBs in particular. 

2. Neglecting Cybersecurity

Ransomware, social engineering attacks, ever-prevalent malware and hackers’ adoption of artificial intelligence (AI) and machine learning (ML) innovations to assist their malevolent efforts all conspire to victimize SMBs. Despite a wealth of consistent best practice recommendations commonly confirmed and encouraged by numerous government agencies, law enforcement organizations and industry observers, SMBs often still fail to adopt the fundamentals necessary to provide a respectable defense against malicious actors’ continual and often programmatic attempts to penetrate and corrupt their organizations’ systems, networks and data. 

In addition to providing recommendations as to how SMBs can structure roles and responsibilities to establish an effective cybersecurity culture, the US Cybersecurity & Infrastructure Security Agency (CISA) maintains tips small businesses can adopt to strengthen their cybersecurity defenses. 

Cybersecurity precautions SMBs should undertake commonly include the following: 

  • Enforce multifactor authentication (MFA) adoption 
  • Require complex passwords for all users 
  • Filter inbound email to remove spam, phishing and malicious messages 
  • Install and maintain an advanced threat protection antimalware solution 
  • Adopt the principle of least privilege (POLP) for user rights and permissions 
  • Regularly patch and update systems, equipment and applications 
  • Prioritize security awareness training (SAT) for all users 
  • Implement systems and network monitoring tools 
  • Replace end-of-life software and equipment 
  • Prepare cyber incident response plans in advance 
  • Create and maintain proper BCDR plans 
  • Monitor backups for proper operation 

SMBs should ensure they implement all these cybersecurity protections. This is especially true considering deploying a majority of these defenses results in an SMB remaining vulnerable to infection and subsequent data corruption and operations disruptions. 

 Think of it this way. Installing steel bars over a business’ windows proves ineffective if a side door is left open. Malicious actors don’t sleep. They adopt compelling and innovative technologies to robotically attack organizations, including SMBs, the segment proving most vulnerable to ransomware attacks. Taking the proper cybersecurity protections helps prevent unnecessary disruptions and lessens the odds of business interruptions occurring. 

3. Relying upon aging equipment to power operations

Another frequent mistake particularly common to small businesses is the continued use of network gear, desktops, laptops, servers and applications long after the intended life cycles and support windows have come and gone. The practice ranks high among the most dangerous habits an SMB can employ. 


Manufacturers typically stop issuing security updates for older hardware. Developers usually cease resolving even known vulnerabilities for obsolete software. The same problems apply to operating systems. Further, both new hardware and contemporary software—often installed necessarily for new users or to replace failed devices—regularly introduce incompatibilities when legacy equipment and systems remain present on a network. Subsequently, SMBs are left vulnerable to known threats malicious actors savor, operations interruptions become more likely and recovery expenses prove much greater than when just replacing outdated material. 

Businesses that annually replace a quarter of their hardware smooth their IT spend and never have to maintain equipment more than four years old. Even if such four-year patterns are too aggressive, taking care to ensure no equipment and software powers operations beyond a manufacturer’s official support cycle goes a long way helping reduce unplanned outages and minimize incompatibilities. 

4. Overlooking User Training

Many SMBs are forward thinking, prepare appropriate disaster plans, implement effective cybersecurity protections and regularly replace equipment and programs to remain current with commonly accepted best technology practices. But many of those same companies overlook the importance of properly training users to get the most from the technologies—including customer relationship management (CRM) apps, business intelligence solutions, HR platforms, project management programs, financial management applications, common office suite tools, collaboration software, cloud services and no- and low-code platforms—they employ. 

If users don’t understand how to properly use a software application, or if staff members are unaware of a solution’s features and capabilities, the SMB will find it difficult to obtain all the benefits from the technology in which it has invested. SMBs that invest in both training new users in the use of its software programs and providing continual education for existing users receive significant subsequent rewards. 

According to long-running American Society for Training and Development statistics, firms that provide comprehensive software training generate 24-percent higher profit margins. Indeed, meanwhile, confirms training programs improve user skills and knowledge, prepare staff for upward mobility and greater responsibility and boost both productivity and performance. 

Fortunately, multiple training options are available. While remembering users sometimes prefer and benefit from different types of training, several methods are common, including computer-based training that permits individual employees to proceed at their own pace and instructional videos that many employees favor versus traditional training techniques, such as in-person instructor-led sessions. 

5. Underestimating the need for effective tech support

Many organizations appreciate the need to provide users with competent and timely technical support—most everyone understands the importance of quickly assisting staff members when they are unable to access email, log on to a commonly used application or troubleshoot a computer that won’t boot. But not all businesses service their users’ technical needs in the most effective manner.  

Users should be encouraged to call the business’ help desk or outsourced support team with questions. The relationship should be cooperative and constructive, not combative or antagonistic. Staff should not feel pressured to withhold questions or fear calling for technical assistance due to concerns of being seen as problematic. Nor should cost concerns discourage users requiring technical help from calling for support. 

Internal IT teams should welcome opportunities to assist users. When SMBs outsource technical support they can use flat-fee agreements and managed services contracts to help ensure providers serve as true partners, rather than hired hands seeking to nickel-and-dime the client. 

Access to knowledgeable technical support helps users fulfill professional responsibilities, make the most of the business’ technical solutions and minimize production delays or disruptions due to knowledge gaps or failed equipment or systems. High-quality help desk and tech support are also frequently reported as significant factors affecting employee engagement. 

Just why is that important?  

Harvard Business Review, quoting Gallup analysis, reports organizations with higher levels of employee engagement are up to 22 percent more productive. 

Numerous other advantages result, too, when providing robust technical support: 

  • Accelerated problem resolution 
  • Reduced downtime 
  • Improved employee experiences 
  • Better staff morale 
  • Increased adoption of new products and services 
  • Reduced support costs 

Should training prove insufficient, upgrades cause confusion or questions arise regarding how best to use software or employ a business technology to fulfill professional responsibilities, problems can arise. Efficiencies, morale and productivity all often suffer. Without corresponding technical support assistance, employees often must troubleshoot and research issues themselves. Sometimes users discover clunky workarounds. Sometimes employees identify less effective methods to get by or worse, give up. 

Extending competent and capable help desk and IT support to users assists SMBs in maximizing technology investments and maintaining efficiencies. Providing effective support also decreases the likelihood staff Googles questions or turns to an AI chatbot and potentially proceeds incorrectly. 

Don’t leave employee knowledge, skills and experiences to chance. Be deliberate in fulfilling users’ technical support needs. 

Is your business struggling with a technology challenge?

If your SMB is having trouble battling a common technology challenge or experiencing another IT problem altogether, let Louisville Geek help. Call us at 502-897-7577 or email [email protected]Our team of engaged professionals—which again voted Louisville Geek a Best Places To Work—can assist developing solutions or even provide a second opinion. Whether you work with us or another provider, avoiding common technology traps and making the most of your IT initiatives encourages long-term success.