I once recommended that a client install proper air-conditioning and fire suppression in their server room. He replied “the equipment in that room is covered by insurance so it’s not worth throwing more money at.” He had no idea that what made that room valuable was not the equipment but what was on the equipment.
Until something goes wrong, many business owners don’t really understand what their business truly consists of; what is valuable and what is not. Software companies are purchased every day, not for their patents, code, or algorithms but for their engineers. Consulting companies are not acquired for their skillful consultants and business process information but for their client lists. Retail outlets get bought out not for their “brick and mortar” stores but for their domain names and brand name.
In the same way, when the IT guys who “never did anything” quits, dies suddenly or gets relieved of his duties, strange things begin to happen. Suddenly when you try to get to your company site, it goes to the Walmart shopping site (if you’re lucky), your main phone number gets a “fast busy signal,” email stops working and no one can find the server that everything is on anywhere in the office. You soon learn that only the ex-employee can access the settings to fix everything and that the companies how host your services have a contrast with your employee not with you or your company.
“I’m not technical so what can I do?”
There’s a saying in the IT world: “whomever controls the data is king!”
This saying has never been more evident than today. Don’t believe me? Let’s look at Facebook, Google searching, Credit Reporting Bureaus, and even Cloud Computing. Somehow the people that got a hold of all the useless information that you thought nobody would want are some of the most profitable companies in the world.
Don’t get intimidated by technology: at a high level, there’s not really anything new, only the way it’s done at a more detailed level. Most the the concepts from the old days and today are the same… If you think about it, we are still putting documents into folders, return addresses on email, keeping email in mailboxes, paying for ads along frequently visited high-ways, writing appointments in calendars.
So where do you begin? Ask yourself and your company’s leadership these questions:
Where is my information stored? For many people this is electronic (yes, if we’re honest, usually email, contacts, calendars). Here, the fist division is into two categories: on premises (a.k.a. “on prem”) and in cloud.
If it’s on prem, can you point to the server where your data is stored? Is the room secured? Do you have backup power and fire suppression that will not ruin the gear? Is the server encrypted so if someone were to remove the disks your data is on, they could not read it? If you backup to removable media, how is that secured and how long is it kept? Do you regularly verify the backup are usable?
If it’s in the cloud, do you know what data-center(s) it’s in — what state, what country? What are your rights and liabilities from having your data located where it is? Can the hosting company see inside (your information) or is it encrypted so only you can see your data? For example, if you use companies like Google, that are in the business of parsing your data so that they can sell it for marketing purposes, have you studied your contract with them and understand what your true costs are? Do you have an SLA (Service Level Agreement)? That’s important: if the provider has an outage how long and how many can there be before you get compensated for your loss due to the outage? Does the compensation cover your losses?
The other questions are the same regardless off whether it’s on perm or in the cloud: who has access? Do you as the owner by contract have access (to the room or hosting business) and if not can you by contract agreement contact someone where the data is to get access? How is it backed up: if it is, how long is the data kept and how easily can it be restored?
How do people get a hold of you and your business? Do you have a web page? Who can make changes? Who can change DNS records? Domain Name Server (DNS) records are like an electronic phone book for your websites. When you type “www.mydomain.com” a DNS server replies with an IP address (looks like 0000.1111.2222.333). If that is changed, people trying to access your web page can be diverted to another web server.
Does your company have a social media account? Who can make posts? Whoever can post can publicly speak on behalf of your company. Who can make changes to access the accounts?
Who runs your phone system? Is there a maintenance agreement? If it goes down and you can’t fix it internally is there someone who has to respond and get it working in an agreed upon time frame? (SLA explained above)
Do you have a Business Continuity Plan? A flu epidemic, natural disaster, a transit system strike and a major terrorist attack have all effected businesses where I have worked. What will you do when (not if) the next one happens?
PACE — Primary, Alternative, Contingency and Emergency.
Primary plan is your normal operations. Alternative goes into effect when the primary plan is interrupted. Contingency is your back plan for your backup plan. Finally, if the situation is dire, the Emergency plan goes into effect: by this time you may not be able to operate fully but at least critical functions can keep your organization from oblivion.
Essential Technology Consultants, LLC 