When business continuity depends on one person’s laptop

For many SMEs, business continuity planning is little more than a technical exercise. The focus revolves around servers, backups, cyber-attacks, cloud outages, and whether their IT provider can restore systems quickly. And there’s a good reason for that; they’re all valid concerns. But even when you have all those points in order, there’s one thing that brings every contingency crashing down: people. When critical business knowledge lives outside of the expected infrastructure - on a single person’s laptop, in their inbox, or in folders only they can access - that person becomes the weak point. Whether they’re unavailable, ill, their laptop malfunctions, or they leave the business, entire workflows can grind to a halt. And nobody knows what to do.

The problem of siloed systems

Think about your business’s core processes. How many of them rely on individuals rather than systems? The finance manager knows how to run payroll and where the master spreadsheet lives, but do you? What about client correspondence? Is that in an easily accessible CRM, or locked away in the personal folders of the customer service manager? Or the supply and maintenance contracts and contacts? Do you have any idea where your ops manager keeps those? Running these things on separate systems works just fine - until someone has their laptop stolen or leaves under a cloud of animosity. Then, you begin to notice problems.

Why SMEs come to rely on people

There are three main problems here, and the first is simply growth. SMEs grow at their own pace, often unexpectedly quickly. And that means making do. When a new process is needed, the quickest solution is often to let a capable person handle it. Because it’s fast and easy and cheap. There will be a mental note to document the process, but it’s often overlooked in time, so that capable person becomes the office oracle, and no one thinks about what will happen if they leave.

And then there’s trust. In smaller organisations, trust can easily replace structure, because it feels like each member is an integral part of the team, and it’s unimaginable that you might lose them. And that person quietly hoards their knowledge, taking pride in being indispensable. At the same time, leaders may assume that because the business is small, everyone knows how things work, failing to recognise the fragmentation.

Technology is the third issue. If you don’t have a central CRM at the beginning of a business - and few companies do - employees lean heavily on their laptops. They’re powerful, flexible, with an endless array of cloud tools, making it easy to store files locally or keep notes in personal apps. So, if you don’t have clear rules, people default to what is convenient. And that’s where problems take root.

The hidden operational and security risks

When a business is built upon multiple personal processes, a single unexpected absence can lead to downtime, unsent invoices, delayed orders and communication, and unfinished tasks. But that’s just the surface-level disruption. Beyond that, you have the issues of security and compliance.

Locally stored client data may not be encrypted or backed up properly. Passwords saved in browsers or spreadsheets create easy targets for attackers. When data lives outside managed systems, it falls outside formal security controls.

More often than not, there are also issues with company cohesion. Decision-making is inconsistent and often difficult because data isn’t obviously accessible. Data sharing is patchy. And staff experience burnout because they feel under-supported and over-pressured.

So, what’s the solution?

Practical steps to reduce dependency without over-engineering

Changing operational processes and tech always feels daunting, but there are small, deliberate changes that can make a significant difference.

First is understanding. You need to map processes and points of dependency to identify sticking points. If a key task is contingent on one person, steps need to be taken to ensure that your operations don’t grind to a halt if they are unexpectedly absent. This isn’t always an easy process, and you may require external help, but it is necessary, so that once you’ve identified your weak points, you can move on to centralisation.

Centralisation isn’t essential for every single task and process, but critical information should always be available through shared and managed platforms. That might mean introducing a CRM for customer data, core accounting software for financial records, and a knowledge base for ops. A lot of companies are now utilising tools like Google Dynamics 365, Monday, and Salesforce to create a role-based central access hub into which all of these processes can feed and be accessed from. But if you don’t want to do that, short, practical documentation is key, with checklists in case of emergencies.

Ongoing skill sharing is also key. No one should ever be indispensable in a business, because you never know what’s around the corner. Cross-training to ensure that there’s at least one backup for every important task builds continuity.

Business continuity is not just about recovering from disasters. It is about ensuring the business can operate predictably, even when a vital member of staff isn’t there. You can’t let the viability of your company hang on one person’s laptop. It’s down to you to put those systems in place.

William Thackray is the Operations Director of AGT Computer Services. He is always looking for the next big thing in technology and business. He’s the go-to guy for anything new and exciting in the world of IT.