He's great with computers. He fixed your printer that one time. And he's not charging you anything. So what's the problem?
Let me be clear right up front: this isn't about your nephew. He's probably a smart kid who genuinely wants to help. This is about a pattern we see constantly after 30+ years in this business, and it costs small business owners far more than they ever realize.
It goes something like this: you own a business, you're watching every dollar, and IT feels like an area where you can save some money. Your nephew (or cousin, or the guy who built your website, or your employee's husband who's "really good with computers") steps in to help. They set up your server, configure your email, maybe install some software. Problem solved, money saved.
Except the bill hasn't arrived yet. It just gets paid later, and usually all at once, when something goes wrong.
We've walked into enough of these situations to write a book. Instead, we'll give you the highlights — the real hidden costs of amateur IT management that never show up until it's too late.
Your email goes down on a Tuesday morning. You call your nephew. He's at work, so he says he'll look at it tonight. By Thursday afternoon he's figured out the problem and things are back up. Crisis averted, right?
Let's count what that "free" fix actually cost. Say you have five employees who use email as their primary way of communicating with clients. At an average loaded cost of $25/hour each, two and a half days of reduced productivity is around $2,500. Factor in the clients who couldn't reach you, the quote that didn't go out, the invoice that didn't get sent, and you're looking at real money.
A professional IT provider with a service level agreement typically responds to critical issues within hours, not days. For a business that lives in its inbox, that difference isn't small. It's the difference between a minor interruption and a serious operational problem.
We've seen businesses lose clients over this. Not because the technology failed — technology fails everywhere. Because the recovery took so long that the client lost confidence. Your reputation doesn't care that your IT person was doing you a favor on the side.
This is the one that keeps us up at night. Not because it's rare — because it's so common.
When someone sets up your systems without formal IT training, they typically get the basics working. Email sends and receives. Files save to the server. The internet works. What they usually don't get right are the things you can't see: security configurations, update policies, firewall rules, user access controls, backup verification.
They don't know to segment your network so your security cameras aren't on the same network as your financial data. They don't know that the default admin password on your router is published online and attackers actively scan for it. They don't know to enable multi-factor authentication, or that your Microsoft 365 account sharing settings might be letting any authenticated user see every file you own. (If you want to understand what that actually looks like, our Cybersecurity Essentials Guide lays it out in plain English.)
They're not doing anything wrong. They just don't know what they don't know. And neither do you, because everything looks fine from the outside.
Until it doesn't. Until someone gets into your system, encrypts your files, and demands a ransom. Until a client's payment data gets stolen and you're on the hook. Until your business email gets compromised and your customers start getting phishing emails that appear to come from you.
The average cost of a data breach for a small business is well over $100,000 when you factor in remediation, legal fees, notification costs, and lost business. That's a lot of free IT advice.
Here's a question we ask every new client: "Do you know all the passwords to your own systems?" The answer, more often than you'd think, is some version of "my nephew handles that."
That's a problem that compounds over time. Every account that gets set up, every software license that gets bought, every device that gets configured — all of that should be documented somewhere that the business controls. Instead, it lives in your nephew's head, on his personal laptop, or in his email account.
What happens when he moves to another city? Gets busy with his own life? Has a falling out with the family? You can end up locked out of your own domain name, your own server, your own cloud accounts. We've seen it happen.
One client came to us after their "IT guy" (a friend who did this as a side gig) stopped responding to calls. They had no idea what passwords had been set, what software was licensed in whose name, or where the backup drive was plugged in. It took us two weeks of careful forensic work to reconstruct what they had. That was two weeks of billable time for something that should have been a one-hour onboarding conversation.
Good IT documentation isn't glamorous, but it's the difference between a smooth transition and a nightmare. Professional IT providers document everything and make sure you own access to your own infrastructure. That's not a luxury — it's basic professional practice. If you want a deeper look at why this matters, our post on what happens when your IT guy takes a vacation covers the single-point-of-failure problem in detail.
Here's a scenario that plays out more often than any IT professional is comfortable admitting.
Someone sets up a backup for your business. It runs every night. The little icon says it's working. Everyone feels good. Then two years later, your server dies. You go to restore from your backups, and you discover that the backup software ran into an error on day three and has been silently failing ever since. There's nothing there.
Configuring a backup is step one. Verifying that the backup actually contains what you think it contains is step two. Testing that you can actually restore from it is step three. Most amateur IT setups get to step one and stop, because steps two and three require knowing that you need to do them.
We've seen businesses lose years of data because of this. Customer records, financial history, project files — gone. And the truly brutal part is that the backup was technically "running" the whole time. It just wasn't working.
A professional IT provider builds backup verification and restore testing into their regular routine. It's not exciting. It's not a feature they advertise. But it's the thing that saves your business when everything else goes wrong. Our post on the signs you've outgrown your IT guy covers what a real backup plan looks like, if you want specifics on what to ask for.
Every time a quick fix gets applied instead of a real solution, you accumulate what engineers call technical debt. It's the IT equivalent of patching a roof instead of replacing it — fine in the short term, increasingly expensive and risky over time.
We see this in the form of servers running outdated operating systems because an upgrade felt too complicated. Software that was "working fine" but hasn't been updated in three years and is now riddled with known vulnerabilities. Networks that were set up for five users and never redesigned when the business grew to twenty-five. A tangle of old and new hardware with no coherent plan tying it together.
None of these things are immediately visible. Your business runs. Mostly. Until it doesn't, or until you try to grow in a direction that the cobbled-together infrastructure can't support.
The fix at that point is always more expensive than the fix would have been two years earlier. And it always comes at the worst possible time — right when you're trying to land a big client, onboard a new team, or scale up a new service. That's when you find out the foundation wasn't built to last.
Professional IT work involves making intentional decisions about your infrastructure with the future in mind. It's not about having the fanciest gear — it's about building something that doesn't collapse when you push on it. If you want to understand what that costs, our post on how much a small business should spend on IT gives you real numbers and a framework for thinking about it.
Here's the thing we always tell people when they ask about this: the right answer depends on where your business actually is.
If you're a solo consultant with a laptop and a Microsoft 365 account, you probably don't need a managed IT provider. Your nephew really might be fine. The stakes are lower, the systems are simpler, and a professional IT relationship would cost more than it's worth.
But if you have employees, if you have a server, if you take payments or handle customer data, if your business stops when your IT stops — then amateur IT management is a liability, not a savings. The question isn't whether the help is free. The question is whether it's capable of keeping a real business running safely.
If you're somewhere in the middle, a good first step is an honest IT assessment. Not a sales pitch, not a fear-mongering exercise — just a clear-eyed look at what you have, what the risks actually are, and what it would cost to address them. Sometimes the answer is "you're in pretty good shape, here's what to shore up." Sometimes it's bigger than that.
Either way, you're better off knowing than not knowing. Most of the painful situations we've described above were preventable. The business owners involved just didn't know there was a problem until it became a crisis.
If you want a framework for evaluating your own IT situation before calling anyone, check out the IT Buyer's Guide we put together — it walks you through what questions to ask and what to look for. It's free, no strings attached.