Protecting your business is paramount. Most businesses are familiar with legal and insurance needs for their brick and mortar assets, but sometimes the digital assets get ignored. Here are some important things to think about in the context of your web and social assets with respect to protecting your business.
1. Do You Have Insurance?
Your website sits on a server somewhere. If the server is yours, is it properly insured? If it’s not yours, are you insured for the cost of having to get the site up and running in the event of a catastrophic event? If you have a web design company or consultant, are they insured? Are you insured and protected if you are sued for something you said on a social media platform?
Building a website has an expense associated with it, but so does getting that site up and running after a catastrophe. If you run an ecommerce site, you have an escalated interest in being insured against loss because every moment your website is down translates to lost revenue.
A few years ago, a pilot crash landed a passenger jet in the Hudson River. It was a brilliant example of human capability. People were elated that the number of deaths was exactly zero. However, as I watched the footage, all I could focus on was one of the buildings in the background where my data center is housed. If that plane was off by the slightest of degrees it would have crashed into my data center. I don’t want to minimize what the people in the plane were going through, but my responsibility is business continuity. I was comforted to know that all of the equipment and data in that data center was insured.
The bottom line is that you should discuss these matters with a legal and insurance professional. Every business relies on smooth, trouble-free operation, but in reality problems happen. You’re never going to know what disaster is awaiting you around the corner so it’s prudent to be protected.
2. Do You Understand Your Access Points And Do You Have A Security Policy?
Your website and social media properties are only one username and password away from being hacked. Almost every hack happens at the credentials level. There are almost no instances of programmers hacking an operating system or app.
Every business should have a chart or document outlining what accounts they have, from social media accounts to FTP accounts. Knowing what your exposure points are will help you protect them and react in the event of a catastrophe. A security policy at its simplest involves a password policy. Strong passwords will go a long way towards protecting your business.
When a client or prospect calls me and tells me that their site or social accounts have been hacked, the culprit is almost always a weak password policy or shared account. Passwords should be considered confidential. They should be changed periodically and certainly when an employee is fired or leaves your organization. Aggressively document every person who has access to passwords related to your business and anyone with access should sign a confidentiality agreement.
A business I know has their site hacked every Halloween without fail. Every Halloween, they find their site has a zombie or vampire on the home page. Why? Because they use weak, simple passwords so they don’t forget them.
Now that’s scary.
3. Do You Have A Disaster Recovery Plan?
Many organizations believe they have “backups”, but what does that mean? The test of a backup policy isn’t whether the data is being backed up, but whether the data can be recovered.
Every business should have a written disaster recovery plan that details how data is backed up, where it is backed up, how long data is retained and what the process is for recovery.
In many cases, once data is gone, it’s gone forever. Businesses should extend their backup policies to all digital assets including servers, workstations, laptops, external drives and any other devices with business data on them. It’s meaningless to back up your server if all of your employees are saving their data on workstations that are not backed up.
Don’t fall into a false sense of security just because you’re backing up your data. Test the system periodically and recover random files to ensure the integrity of your data.
Some time ago, I consulted to a company on electronic presentations; while I was there I heard a story from the Director of IT. His predecessor was tasked with backing up the data that was the life blood of the company.
One day, there was a catastrophe and a system failed. Someone in the IT department went to fetch the data from the backup system. What he found was that the data was backed up to tape, but the tapes were not stored properly so they lost their integrity and became sticky and unusable.
After further research, the IT department found that the backup system was not backing up the correct data anyway so even if the tapes were intact, they would have had nothing on them.
The Director of IT that I was talking to was just a tech at the time of the disaster, but he had covertly created a script that generated a real time dump of all of the company’s data onto his workstation and then duplicated it onto an external hard drive. It was sloppy, but it saved the day. Because of that, he is now the new IT Director and manages a comprehensive, well documented, all-digital backup model that stores data locally with replication to the cloud.
Not all businesses are this lucky.
4. Do Your Employees Understand How They Should Be Using The Internet While On Business Time Or Devices?
Every business should have a clear written policy of the organization’s expectations about how employees should use business assets and behave themselves online.
If your disgruntled employee takes to Twitter to tweet about how he or she hates the boss, how will that be perceived by customers or potential customers? If any employee likes to frequent porn sites on business hardware, what will your customer think when the porn site URL pops up in the browser’s auto fill during a meeting?
No business owner or manager should assume that employees will use good judgment while on company time. The immediacy of being able to post to the cloud sometimes renders good judgment obsolete.
By extension, your policy should also extend to your employees’ devices. Your employee may claim that the horrible things they said about your customer were posted from their personal account, but that doesn’t hurt your business any less.
This is a tricky area and a topic for discussion with your attorney.
5. Are You Compliant With Regulations And Capable Of Providing What You Promise?
If you have an organization that provides oversight to your industry, it’s crucial that all of your web and social communications conform. Businesses that have requirements like these don’t always have a compliance officer. It’s important to make sure everyone with access to web and social assets are clear on the rules.
I consult to a number of clients that require all of their content to be approved by FINRA (a government organization that regulates certain financial industries) prior to being posted. This is an added layer of time and expense that should be factored in. The benefit of “immediacy” that the Internet offers is lost, but compliance can ensure that your business will remain free of legal action.
On the flip side, if you have no outside oversight organizations, you still have an obligation to ensure that everything your business publishes is honest and deliverable.
For example, if you promise a service or product for email signups, make sure that you deliver. If you have promotions or offers that have expiration dates, make sure to remove them from your website or social updates at the appropriate time. Breaking your promises to your customers sets a bad precedent.
Do you have any insight on how to protect your web and social efforts? Share then with me in the comments or on Twitter at @RalphMRivera.
Wow Ralph, great post. I was reading an article earlier this year and shared it with my readers just last week about how to set things up so that your gmail and social media accounts can be accessed after you’re gone. I know we don’t always think about things like this but it got me to thinking that I don’t have a lot of what you’ve shared here in place.
Sure, I don’t have the traditional online business like an e-commerce site or an offline business with a website but I do have my blog and other affiliate marketing sites. I also know that none of my family would be interested in taking over should something happen to me because they wouldn’t have a clue what I do.
I don’t have any plan in place should something happen to me or the servers my sites sit other then backing them up.
Dang, just more things to think about but thank you for that. I think!
~Adrienne
Hi Adrienne,
Talk to people in the know. I don’t worry about insurance because i have a great insurance guy to tell me the things i need to know. I don’t worry about IT, because I have a great IT person directing me. use your relationships and friends as resources.
We live in a DIY world where people convince themselves that they can do everything alone, but it’s simply not true. i am so grateful for the insight and advice of my friends, colleagues and family. i never take it for granted.
Cheers,
Ralph
Hi Ralph
Right now I have a blog and I run my husbands small business website.
Prior to working from home I was part of a bigger small business with staff. I really get the importance of the things you have highlighted here.
Even now I back up on both an external hard drive and also have a cloud based service.
Great article and advice Ralph.
Sue
Thanks Sue,
I’m working on a piece about dangers to be avoided post Hurricane Sandy. It’s kind of an extension of this article.
Hi Ralph,
First I want to say that during this storm it seems that the whole team on this blog couldn’t wait to write a post as it is my forth post reading on this blog in 2 days 🙂 Glad you’re all back on, though!
Wow, interesting! So you focused on that building on January 2009 when that plan landed on the Hudson river? That makes sense, tough 🙂 I would have probably too if it were me.
Very good point about back up. Back up is one thing, but can you recover the data is as important. I bet most people don’t think about that. I am covered in this area.
A blogger friend of mine just recently wrote about a paid tool that can protect all your passwords, and I know I’m getting that. Very good reminder here about passwords. I’m always so scared when I’m reminded, but it need to be said, and thanks for that!
Thanks for this excellent post 🙂
Passwords are a big deal! We use a password manager and sometimes it’s a pain because I have to log into THAT but in the end its better than having your accounts hacked.
I know freelancers (and other business people) who *ONLY* have a laptop and walk around with it all the time with no backup. I couldn’t think of a more dangerous scenario. When I write a draft for this blog, even if it’s terrible; i still back it up. back everything up.
What’s worse, many business give themselves a false sense of security by believing that they will hold their IT department accountable for bad data recovery policies. What they find out is that firing the entire IT staff still won’t bring their data back.
As far as passwords are concerned,I have been using a cloud based solution for that, too. On the plus side, having the data in the cloud give me access to my passwords on the go. On the con side, during an internet outage, I can’t get to my passwords.
It’s always a matter of weighing the pros and cons.
Cheers,
Ralph