Ann Arbor Area Business Monthly
Small Business and the Internet
By Mike Gould
I got an unusual email today from someone notifying me that he was taking over a web site I had built several years ago, and asking would I please give him a call? In our phone conversation, I learned that the person who hired me to design the site, Rusty, had just died, but before he passed, he had the foresight to send all the registration and passwords to the person I was talking to. My correspondent just wanted to touch base and make sure I was still around if he needed help with the site.
I was bummed to learn of Rusty’s passing; he was a nice guy and a great client. But it got me thinking, If I check out early, will my wife be able to settle my digital affairs? Does she have access to all the passwords that make up my online persona? Well, no, she doesn’t, and I have to fix that.
How about you…
Ms. or Mr. Small Business Person? Do you have a plan in place for what would happen if your IT person vanished? You know, the guy who has the keys to the company website, the combination to the safe where the backup tapes are, and access to all that business stuff up there in that cloud there?
If you are that IT person, is there a plan in place for keeping the company running online if you shuffle off this mortal coil? If not, time to get one together. There has been a lot of press lately about how Hurricane Sandy disrupted the servers and hosting services located in New York and New Jersey. These mostly focused on disasters affecting the hardware; what about bad things happening to critical staff?
Businesses in the path of Sandy survived or not depending on how well prepared they were for the worst. It behooves us all to include this sort of planning for interruptions of manpower. It is a lot easier to keep things running if you have that crucial list of security data. Otherwise you will spend a lot of time faxing death certificates to get various ownership matters straightened out.
Step one is to evaluate where the IT secrets are in your company and who has access to them. Your website is a good place to start. Make sure that more than one person knows:
Who the host is – email address, phone numbers, and most important, contact person. What the FTP login information is – login ID and password. What the backup situation is – is there a duplicate copy of the site somewhere that can be used if your host goes belly up? If all this info is stored at your web person’s business, is there a plan in place at that business for continuity?
As a web designer, I generally have a policy of giving the coding for the complete site on a disk to my client. I call this my “In case I get run over by a truck” policy. That way, if there are problems down the road, the client always has something with the design, look, and feel of the site in hand to hand off to the next gal or guy working on the site. (I also comment my code – including little hints to the next coder as to how things work. People browsing the website won’t see these comments, but they are visible to anyone working with the underlying mojo.)
You also might want to double-check that you own your domain, yourbiz.com. There are some unethical web developers who, when registering your domain, will fill out the ownership data with their name instead of yours. If that person disappears, you will be facing many hassles down the road. You can check on your domain ownership by going to WHOIS at http://www.networksolutions.com/whois/ Enter your domain and make sure someone at your firm is listed as Administrative Contact. So what happens if that person dies? I think you are back to sending death certs, as there has to be a single point of contact for your registrar. I haven’t had to deal with this yet.
A lot of businesses back up their servers to tape, and store the tape either on-site or in a safe deposit box off-site. Make sure that more than one person knows the combinations to these places. This sort of backup may be on its way out as businesses migrate to the cloud, but given the vulnerabilities of the cloud demonstrated by Sandy, I personally think a belt-and-suspender approach to business-critical data is a good idea. You belt your data into a safe and suspend it from the cloud, or something…
A safe is a good thing to have in general; make sure it is fireproof and can withstand temperatures that will melt tape, if you are going that route. I remember when I left the UM College of Engineering to go to the UM School of Education, I spent the last two weeks of my stay preparing a manual for my successor, which included a list of the needed codes and passwords. I also remember the time I stashed $20K of RAM sticks in the safe prior to a major administration-wide computer upgrade. This was a surprisingly small box, as RAM was expensive in those days. But I digress…
Keep it Secure
Once you have a master list of access data, guard that like crazy. Maybe put it in the safe and make sure the access to the safe is restricted to two or three trusted individuals. Don’t put the passwords on post-its and paste them to the bottom of your keyboard. Just. Don’t.
This article is dedicated to the memory of Rusty Restuccia, who commissioned me to build a site commemorating those who established the first African-American-owned car dealerships in the US. The site is here: http://aacardealers.com/index.html .
Mike Gould misses Rusty, was a mouse wrangler for the U of M for 20 years, runs the MondoDyne Web Works/Macintosh Training/Digital Photography mega-mall, builds laser display devices, performs with the Illuminatus 2.2 Lightshow, and welcomes comments addressed to firstname.lastname@example.org.