Protecting your business is paramount. Most businesses are familiar with legal and insurance needs for their brick and mortar assets, but sometimes the digital assets get ignored. Here are some important things to think about in the context of your web and social assets with respect to protecting your business.
1. Do You Have Insurance?
Your website sits on a server somewhere. If the server is yours, is it properly insured? If it’s not yours, are you insured for the cost of having to get the site up and running in the event of a catastrophic event? If you have a web design company or consultant, are they insured? Are you insured and protected if you are sued for something you said on a social media platform?
Building a website has an expense associated with it, but so does getting that site up and running after a catastrophe. If you run an ecommerce site, you have an escalated interest in being insured against loss because every moment your website is down translates to lost revenue.
A few years ago, a pilot crash landed a passenger jet in the Hudson River. It was a brilliant example of human capability. People were elated that the number of deaths was exactly zero. However, as I watched the footage, all I could focus on was one of the buildings in the background where my data center is housed. If that plane was off by the slightest of degrees it would have crashed into my data center. I don’t want to minimize what the people in the plane were going through, but my responsibility is business continuity. I was comforted to know that all of the equipment and data in that data center was insured.
The bottom line is that you should discuss these matters with a legal and insurance professional. Every business relies on smooth, trouble-free operation, but in reality problems happen. You’re never going to know what disaster is awaiting you around the corner so it’s prudent to be protected.
2. Do You Understand Your Access Points And Do You Have A Security Policy?
Your website and social media properties are only one username and password away from being hacked. Almost every hack happens at the credentials level. There are almost no instances of programmers hacking an operating system or app.
Every business should have a chart or document outlining what accounts they have, from social media accounts to FTP accounts. Knowing what your exposure points are will help you protect them and react in the event of a catastrophe. A security policy at its simplest involves a password policy. Strong passwords will go a long way towards protecting your business.
When a client or prospect calls me and tells me that their site or social accounts have been hacked, the culprit is almost always a weak password policy or shared account. Passwords should be considered confidential. They should be changed periodically and certainly when an employee is fired or leaves your organization. Aggressively document every person who has access to passwords related to your business and anyone with access should sign a confidentiality agreement.
A business I know has their site hacked every Halloween without fail. Every Halloween, they find their site has a zombie or vampire on the home page. Why? Because they use weak, simple passwords so they don’t forget them.
Now that’s scary.
3. Do You Have A Disaster Recovery Plan?
Many organizations believe they have “backups”, but what does that mean? The test of a backup policy isn’t whether the data is being backed up, but whether the data can be recovered.
Every business should have a written disaster recovery plan that details how data is backed up, where it is backed up, how long data is retained and what the process is for recovery.
In many cases, once data is gone, it’s gone forever. Businesses should extend their backup policies to all digital assets including servers, workstations, laptops, external drives and any other devices with business data on them. It’s meaningless to back up your server if all of your employees are saving their data on workstations that are not backed up.
Don’t fall into a false sense of security just because you’re backing up your data. Test the system periodically and recover random files to ensure the integrity of your data.
Some time ago, I consulted to a company on electronic presentations; while I was there I heard a story from the Director of IT. His predecessor was tasked with backing up the data that was the life blood of the company.
One day, there was a catastrophe and a system failed. Someone in the IT department went to fetch the data from the backup system. What he found was that the data was backed up to tape, but the tapes were not stored properly so they lost their integrity and became sticky and unusable.
After further research, the IT department found that the backup system was not backing up the correct data anyway so even if the tapes were intact, they would have had nothing on them.
The Director of IT that I was talking to was just a tech at the time of the disaster, but he had covertly created a script that generated a real time dump of all of the company’s data onto his workstation and then duplicated it onto an external hard drive. It was sloppy, but it saved the day. Because of that, he is now the new IT Director and manages a comprehensive, well documented, all-digital backup model that stores data locally with replication to the cloud.
Not all businesses are this lucky.
4. Do Your Employees Understand How They Should Be Using The Internet While On Business Time Or Devices?
Every business should have a clear written policy of the organization’s expectations about how employees should use business assets and behave themselves online.
If your disgruntled employee takes to Twitter to tweet about how he or she hates the boss, how will that be perceived by customers or potential customers? If any employee likes to frequent porn sites on business hardware, what will your customer think when the porn site URL pops up in the browser’s auto fill during a meeting?
No business owner or manager should assume that employees will use good judgment while on company time. The immediacy of being able to post to the cloud sometimes renders good judgment obsolete.
By extension, your policy should also extend to your employees’ devices. Your employee may claim that the horrible things they said about your customer were posted from their personal account, but that doesn’t hurt your business any less.
This is a tricky area and a topic for discussion with your attorney.
5. Are You Compliant With Regulations And Capable Of Providing What You Promise?
If you have an organization that provides oversight to your industry, it’s crucial that all of your web and social communications conform. Businesses that have requirements like these don’t always have a compliance officer. It’s important to make sure everyone with access to web and social assets are clear on the rules.
I consult to a number of clients that require all of their content to be approved by FINRA (a government organization that regulates certain financial industries) prior to being posted. This is an added layer of time and expense that should be factored in. The benefit of “immediacy” that the Internet offers is lost, but compliance can ensure that your business will remain free of legal action.
On the flip side, if you have no outside oversight organizations, you still have an obligation to ensure that everything your business publishes is honest and deliverable.
For example, if you promise a service or product for email signups, make sure that you deliver. If you have promotions or offers that have expiration dates, make sure to remove them from your website or social updates at the appropriate time. Breaking your promises to your customers sets a bad precedent.
Do you have any insight on how to protect your web and social efforts? Share then with me in the comments or on Twitter at @RalphMRivera.