When offices closed in March 2020, many Turkish SMEs discovered something uncomfortable: a significant share of their business processes depended on paper, face-to-face signatures, or a single employee’s desktop computer. A textile intermediary in Istanbul describing how it had to place supplier orders by fax is not an outlier — it is a sector reality. The pandemic did not create new problems; it made existing fragilities visible. The real question now is whether the four lessons drawn from this crisis remain reflexes born of emergency, or whether they become the foundation of a durable competitive model.
The first lesson is security, and the word deserves a broader reading than its usual scope. Physical safety protocols — masks, distancing, ventilation — are no longer a cost item in retail, hospitality and manufacturing; they are the minimum condition for sustaining customer trust. Beyond the physical layer, the sudden shift to remote work pushed corporate devices outside the protected network perimeter, opening meaningful cybersecurity gaps. In the first half of 2020, Turkey saw a measurable rise in ransomware and phishing incidents, with SMEs attempting remote connectivity without proper VPN infrastructure being particularly exposed. Security is no longer a technical matter for the IT department; it sits near the top of the management agenda as a business continuity issue. Any organisation that has not reviewed its internal data access policies or provided basic cyber hygiene training to its staff has not yet absorbed this lesson.
The second lesson is contactless experience. Turkey’s contactless payment infrastructure was already reasonably mature — domestic bank applications and Masterpass had been accelerating adoption for several years. But contactless experience extends well beyond the payment terminal. Presenting a restaurant menu via QR code, managing appointment bookings through WhatsApp Business, fulfilling an e-commerce order with doorstep delivery — these are all links in the same contactless chain. The critical point is this: businesses that did not take these steps did not lose customers immediately; they lost customer preference. Consumers who placed an order through a digital channel once rarely chose to revert to a physical channel for the same service. That preference shift marks a threshold that is difficult to reverse, and businesses that treat it as a temporary pandemic behaviour are likely to be surprised when normalisation arrives.
The third lesson is automation. The companies that recovered fastest during the pandemic were those that had already automated their routine processes. A manufacturer with real-time inventory visibility in its ERP system could model alternative supply scenarios within hours when the supply chain fractured. A distribution company with e-Invoice and e-Delivery Note infrastructure in place kept its billing workflow running even as its staff worked from home. By contrast, companies whose accounting processes still relied on Excel and manual data entry struggled to produce even weekly closing reports. Automation here is not a luxury — it is a component of operational resilience. Field observation across Turkish SMEs suggests that even among companies with ERP systems in place, many activate only the accounting and invoicing modules, leaving stock management, production planning and procurement modules largely unused. The pandemic made the cost of that gap concrete.
The fourth lesson is customer focus, and it is the most frequently misunderstood of the four. Customer focus is not about treating customers well in a general sense. It means measuring which channel customers use, how often, and with what problem — and then designing processes around that data. During the pandemic, customer contact channels multiplied suddenly: WhatsApp, email, website forms, social media messages. Businesses that could not manage these channels from a single interface gave inconsistent answers to the same customer, missed requests, and eroded trust. Interest in customer relationship management software rose noticeably in the second quarter of 2020, but purchasing software alone is not sufficient. The real challenge is building the operational discipline to collect customer data, analyse it, and translate it into process decisions. Without that discipline, a CRM system remains little more than an address book.
These four lessons share a common requirement: all of them depend on a data infrastructure. Identifying security vulnerabilities requires access logs. Personalising contactless experiences requires customer behaviour data. Applying automation to the right points requires process data. Measuring customer focus requires transaction and feedback data. In the Turkish SME context, building this infrastructure from scratch carries a real burden in both budget and human resources. When the cost of foreign-currency-denominated cloud software licences is added to the equation under sustained currency pressure, a recommendation to ‘do everything at once’ is simply not credible. Prioritisation is necessary: process data first, then customer data, then automation. Security sits outside that sequence — it is parallel and urgent, not something to be deferred.
The companies that will set the 2021 normalisation agenda are those that have taken concrete steps across these four dimensions. But claiming ‘we did digital transformation’ is easy; the real question is whether you can measure how much each process actually improved. Did inventory accuracy increase? Did customer complaint resolution time shorten? How many working days were lost during the transition to remote work? If you cannot answer those questions with numbers, you have not yet looked carefully enough at the four lessons the crisis offered. It was not a test. It held up a mirror. Changing what that mirror shows requires looking at it honestly first.
This article was originally written in Turkish by Gökhan MERCANOĞLU on July 27, 2020 and has been automatically translated into English and other languages using machine translation.