In the evening during the last few weeks of a rapidly fading 2020, I sought some mindless solace watching the Discovery Network programs “Holmes on Homes” and “Holmes Inspection.” (Some of you may recall my writing about these shows in the Spring 2011 edition.) For those of you who are unfamiliar with this unique reality-show creation, I provide the following synopsis.
Mike Holmes is a licensed building contractor based in Canada. Over the years, he worked on numerous projects that increased his ire at the shoddy workmanship of Ottawa-based buildings, contractors, and home inspectors. He developed a TV series where he would work with victimized homeowners, review their problems, propose solutions, and, in his trademark phrase, “Make Things Right.”
Simply put, Mike Holmes is an entrepreneur. He developed a unique selling proposition, found a way to identify pain points common to the people in that niche, and provided a means to solve those problems. Similarly, I view a large aspect of my work at Heliotropic Systems in the same way.
Over the past ten years, I have met small business owners with computer systems that they purchased and supported on their own, some who have been helped by Staples or Best Buy employees, or (in rare instances) other IT solutions providers. Invariably the number of computer problems these business owners experience reaches a point where they cannot function properly, or they realize they require more experienced assistance. As a result, I get a call for help.
And yet, there are some calls for help that never result in an ongoing relationship. Looking back, I can recall one specific instance where the business owner was not interested in obtaining the requisite support needed to make their life – and their business – better. Mike Holmes only shows the successes on his TV programs, not the failures (although that might make for an exciting show on its own). But sometimes it is important for me to point out where I have dropped the ball – because that’s when I learn about how to be better.
In this case, a provider of health care solutions for older adults asked me about an anti-malware solution. I informed him that my answer to his question depended on whether he was using the consumer version or the business edition. He didn’t know which version he used, so we arranged for me to visit his office to conduct a network survey so that I could answer properly.
When I arrived, he explained how he had set up his office and his computers. He explained that the software he and his staff used was cloud-based. He showed me one of the computers and listed the software. He was certain everything was okay because he and his team had experienced very few problems.
What I saw was vastly different. Here was the owner of a healthcare-related business, which meant he was supposed to follow HIPAA guidelines. I started by asking about the results of his HIPAA Risk Assessment (the first step required for compliance) and his internal documentation. I learned he didn’t do the assessment and didn’t have any documentation. His network did not have a firewall. His computers ran the Home edition of Windows 7 and Windows 10, not the Professional version on which settings needed to be established for HIPAA compliance. His security software was a consumer version, as was his anti-malware software. He did not backup the files stored on the computers that were not associated with his cloud-based product. The computer hard drives were not encrypted (nor could they be on the Home version of Windows). In other words, his situation was a hot mess.
When I presented my findings to him a few days later – and spoke of what it would take to become compliant – I realized when his jaw dropped that I had failed in a significant way. You see, in the initial meeting, when I saw all those “red alerts” around the office, I got distracted and immediately slipped into my “tech support red shirt” mode. I neglected to take the time to ask him what his current and expected IT budget was. As it turned out, he didn’t even have an IT budget. Like the omnipresent Liberty Mutual commercials (as I said, I was watching a lot of TV), “he only paid for what he needed.” So, he couldn’t begin to fathom the amount of money I was proposing to upgrade this office’s computer network — an effort I call “technology stabilization.” Nor could he envision an ongoing, monthly expense to maintain that heightened managed security posture. And he certainly wasn’t willing to step up his game to comply with all necessary HIPAA regulations.
I tried – over the next year – to convince him that paying a HIPAA violation fine to the Office of Civil Rights (OCR) would be far more expensive than doing the right thing. But he had safely stayed beneath the radar for so long that he felt comfortable “saving money” by not doing anything. Eventually, I stopped sending him further entreaties to help him out.
What lessons did I learn from this experience? I always ask a prospect what their IT budget is, and what they think it should be. I always make sure to set appropriate levels of expectation afterward. I always follow my checklists faithfully so as not to forget important steps. I always aim to learn if a business owner places a high value on having reliable processes and procedures to manage their network and computers. The last thing I need is to have a constant fight each time I introduce a new feature to protect a business. And I always aim to “Make Things Right,” just like Mike Holmes.