We hear it constantly from business owners throughout Canton, Akron, and Massillon: "My nephew handles our computers" or "My cousin is good with technology" or "One of our employees sets things up on the side."
According to recent data, 74% of small business owners self-manage their cybersecurity or rely on an untrained family member or friend. Only 15% have hired external IT staff or use a managed service provider.
That 74% represents businesses operating with significant technology and security risks, often without realizing it.
We have inherited dozens of networks from "the nephew" over the years. The problems we find are remarkably consistent. This article describes what we typically discover and what it means for your business.
What We Find When We Inherit a Network
When NHM Ohio takes over IT management from an informal arrangement, we conduct a thorough assessment. Here is what we almost always discover:
No Documentation
The person who set things up has all the knowledge in their head. There are no network diagrams, no password records, no lists of what software is installed where, and no documentation of how things are configured.
This creates immediate problems:
- If the nephew is unavailable during an emergency, no one knows how anything works
- Troubleshooting takes longer because we have to figure out the environment from scratch
- Changes risk breaking things because dependencies are unknown
- Recovering from disasters is nearly impossible without knowing what existed before
Professional IT management starts with documentation. You should be able to hand your network documentation to any competent IT provider and have them understand your environment within hours.
Outdated and Unpatched Systems
Software updates are boring. They interrupt work. The nephew meant to install them but got busy with school or their regular job.
We routinely find:
- Windows systems months or years behind on security patches
- Server operating systems past end-of-life with no security updates available at all
- Firmware on routers and firewalls never updated from factory defaults
- Business applications running outdated versions with known vulnerabilities
Every unpatched vulnerability is an open door for attackers. The massive WannaCry ransomware outbreak in 2017 exploited a vulnerability that Microsoft had patched months earlier. Businesses that kept up with updates were protected. Businesses that did not suffered devastating losses.
Consumer-Grade Equipment
The nephew bought what they knew, which is usually consumer technology from Best Buy or Amazon. We find:
- Consumer routers instead of business firewalls, lacking features like intrusion prevention, content filtering, and proper VPN support
- Consumer-grade wireless access points without enterprise security features
- USB hard drives as backup systems instead of proper backup solutions
- Residential internet connections without static IPs or business-class support agreements
Consumer equipment is designed for home use with light workloads and minimal security requirements. It is not built to protect business data or support business operations reliably.
No Real Backup Strategy
Backups exist, sort of. Usually an external hard drive sitting next to the server, running backup software that may or may not be working. We find:
- Backup drives that have not actually run a backup in months
- Backups stored in the same location as the original data, providing no protection against fire, flood, or theft
- No offline or offsite copies, meaning ransomware encrypts backups along with everything else
- Backups that have never been tested, so no one knows if restoration actually works
When we ask "have you tested restoring from these backups?" the answer is almost always no. Untested backups are not backups. They are hopes.
Missing Security Basics
Security requires consistent attention. It is not something you set up once and forget. We regularly find:
- No multi-factor authentication, even on email and banking
- Shared passwords among multiple employees
- Former employees with still-active accounts
- Administrator passwords that are weak or widely known
- No antivirus or endpoint protection, or protection that expired years ago
- Open remote desktop access directly to the internet
Any one of these gaps can lead to a serious security incident. Most informal IT arrangements have multiple gaps.
Shadow IT and Unauthorized Software
Without clear policies and oversight, employees install whatever they need (or want) to do their jobs. We find:
- Personal cloud storage services holding company data with no security controls
- Pirated software that exposes the business to legal liability and malware risk
- Free tools with sketchy privacy practices accessing sensitive information
- Browser extensions that track activity or inject ads
- Remote access tools that employees installed for convenience but create security holes
The nephew probably does not even know this software exists on the network they nominally manage.
No Vendor Management
Modern businesses rely on many vendors: cloud services, software subscriptions, internet providers, phone systems. Someone needs to manage these relationships. We find:
- Subscriptions paid to the nephew's personal credit card instead of the business
- Login credentials that only the nephew knows
- Services signed up under personal email addresses rather than business accounts
- No documentation of what services exist or what they cost
- Vendors with administrative access to systems that no one monitors
When the nephew moves away or gets a full-time job, the business has to untangle a mess of subscriptions and accounts before they can move forward.
The Hidden Costs of Amateur IT
Businesses choose informal IT arrangements because they seem cheaper. The monthly cost is certainly lower than professional IT management. But the true cost includes much more than the monthly fee.
Productivity Loss
When systems are slow, unreliable, or difficult to use, employees waste time. They wait for computers to boot, fight with applications that crash, and create workarounds for problems that should be fixed.
This productivity loss is invisible but real. If your employees are 10% less productive due to IT problems, that is 10% of your payroll spent on nothing.
Opportunity Cost
The nephew has a life. They have school, or a job, or other commitments. When something breaks at 2 PM on a Tuesday, it might wait until the weekend when the nephew has time.
Professional IT services provide consistent response times. Problems get addressed when they happen, not when it is convenient for someone doing IT as a favor.
Security Incident Risk
The gaps we described earlier are not theoretical concerns. They are the exact vulnerabilities attackers exploit. The question is not if an amateur-managed network will be compromised, but when.
Average cost of a small business data breach: $120,000. Average cost of ransomware recovery: potentially much higher including ransom payments, downtime, and lost business.
Recovery Difficulty
When something goes seriously wrong, like ransomware or hardware failure, recovery requires knowledge the nephew may not have. Business continuity depends on proper backups, documentation, and technical skills that informal arrangements rarely provide.
We have helped businesses recover from disasters where the nephew tried to help but made things worse. Amateur recovery attempts can destroy data that professionals could have salvaged.
Liability and Compliance
Depending on your industry, you may have legal obligations around data protection. Healthcare businesses face HIPAA requirements. Anyone taking credit cards must comply with PCI standards. Various state laws impose data protection requirements.
The nephew probably is not thinking about compliance. When regulators or auditors ask questions, "my nephew handles that" is not an acceptable answer.
What Professional IT Management Actually Provides
Understanding the difference between amateur and professional IT helps explain why the cost difference exists.
Proactive Monitoring
Professional IT does not wait for things to break. We monitor systems continuously, identifying problems before they cause outages. A drive starting to fail gets replaced during scheduled maintenance, not after it crashes and takes your data with it.
Systematic Maintenance
Updates, patches, and maintenance happen on schedule. Every system, every time. Nothing falls through the cracks because someone got busy.
Security Focus
Security is not an afterthought. It is built into how we manage systems from the start. Multi-factor authentication, endpoint protection, proper backups, access controls, and monitoring are standard, not optional extras.
Documentation and Knowledge Transfer
Everything is documented. If we get hit by a bus, another qualified professional can take over your environment without starting from scratch.
Vendor Coordination
We manage your technology vendors on your behalf. You have one point of contact for technology problems, regardless of which vendor's equipment is involved.
Compliance Support
For regulated industries, we help implement controls that satisfy compliance requirements and provide documentation for audits.
Predictable Costs
Professional IT services have predictable monthly costs. You budget for IT the same way you budget for rent or insurance. Surprise expenses from equipment failures or security incidents become rare rather than routine.
Making the Transition
If your business currently relies on informal IT arrangements, transitioning to professional management is straightforward:
Assessment
We start by documenting your current environment: what equipment exists, how it is configured, what services you use, and what gaps need immediate attention.
Stabilization
Before making improvements, we stabilize the environment. We update critical systems, implement basic security measures, and ensure backups actually work.
Improvement
With stability established, we systematically improve your technology to meet business needs: replacing inadequate equipment, implementing proper security, and modernizing outdated systems.
Ongoing Management
Once your environment is right-sized and properly secured, we manage it continuously. Monitoring, maintenance, security, and support become our responsibility rather than your worry.
The Conversation With Your Nephew
This article might feel like an attack on your nephew, and we want to be clear: it is not. Most nephews, cousins, and helpful friends do the best they can with the knowledge they have. They often genuinely want to help.
The problem is not their intentions. The problem is that managing business IT requires skills, tools, time, and focus that informal arrangements cannot provide.
When you transition to professional IT management, you are not firing the nephew. You are letting them off the hook for a responsibility they probably did not want in the first place. Most are relieved to stop getting calls about printer problems.
If your nephew has real IT talent and interest, they might even want to learn from professional IT management of your environment. That could be valuable experience for their career.
Get an Assessment of Your Current Environment
NHM Ohio helps businesses throughout Canton, Akron, Massillon, Alliance, and Northeast Ohio transition from informal IT arrangements to professional management.
We start with an honest assessment of your current environment. We will tell you what we find, prioritize what needs attention, and explain what professional management would look like for your business.
There is no obligation and no pressure. If your current arrangement is working better than this article suggests, we will tell you that too.
But if you suspect your technology has gaps, if you are not sure your backups actually work, if you worry about security but do not know what to do about it, that assessment could be the most valuable thing you do for your business this year.
Contact NHM Ohio today to schedule an assessment. Let us show you what professional IT management looks like and what it could mean for your business.
The nephew did their best. Now it is time for something better.
NHM Ohio provides managed IT services, cybersecurity solutions, and technology support for businesses in Canton, Akron, Massillon, Alliance, North Canton, and throughout Stark, Summit, Tuscarawas, and Carroll counties. Visit nhmohio.com or call to schedule your technology assessment.