I would like to thank everyone who participated in yesterday’s webinar “5 Keys to Creating a Disaster Recovery Plan for SMBs” and express my thanks to Datto for making it possible to share this important information. We had over 600 small and medium businesses register for the webinar. Upon registration, participants received a “Risk IQ” test that I developed as a self-assessment tool. We began the webinar by reviewing each of the ten questions in the test with some surprise answers. Such exercises can help to raise awareness that we tend to under-estimate risks. At the conclusion of the webinar, participants were invited to use a free tool from Datto that helps to calculate the hourly cost of a business disruption. We also made available a checklist of steps to get started on the way to business continuity planning. And, of course, we are available, along with the managed service providers, to help businesses implement their continuity plans. The webinar was recorded, so participants can go back and re-watch it as often as they need to do so, and offer this resource to their employees and future hires. If you were unable to participate in the live webinar, please register here and you will be given a link to the recording and all of the free tools that were made available. And be sure to listen to the accompanying podcast for additional information.
Archive for the ‘IT Systems’ Category
Helpful Resource for Protecting Your Business
Thursday, February 4th, 2016Becoming a Trusted Advisor to Small and Mid-Sized Businesses
Wednesday, February 3rd, 2016Marketing the offering of a managed service provider (MSP) is challenging. No one wants to think about the unthinkable – a disaster that would harm the business into which an entrepreneur may have invested years of effort and considerable personal savings. And even if the decision maker at a small or medium sized business is willing to think about hazards that could harm the business, capturing his or her attention will not be easy, given all of the immediate, competing demands on limited time. The marketing effort requires patience and persistence just to begin the dialogue with the small or mid-sized business (SMB).
Let’s say that you have made it past the gatekeeper, and secured an appointment with an IT or businessperson authorized to take decisions to invest in business continuity measures. This is a valuable opportunity. To make the most of it, I recommend the following best practices to build a relationship that will result in your becoming a trusted advisor to small and mid-sized businesses:
Exercise care, as the MSP often suffers from what is known as “the curse of knowledge”. You may think that because you know something, everyone else does, too, but that may not be the case. You may not realize that information you share may be misunderstood, a near universal experience. The attorney, for example, frustrates the business owner for using more Latin words in his communications than English ones, leaving contract negotiation behind an inscrutable wall of foreign legal terms. The same can be said about the work done by technology experts. So it is best to communicate information, particularly information concerning computer information systems, in plain English, free of technical jargon.
You know the facts and figures, but the SMB probably does not. You surely have information about the incidence of various threats to SMB’s, such as economic losses arising from computer downtime, for example. It can be helpful to share these with SMB’s in the form of a helpful infographic. Provide a sufficient amount of information to inform, but not overwhelm, the business owner.
Case studies are compelling and can help to better understand the need for business continuity measures. I learned this when I updated the second edition of my book Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses. I included short one-paragraph case studies on small businesses impacted by various threats. I provided just enough information to teach a memorable lesson, but not so much as to overwhelm. When the business manager for a medical practice reads the case study of the real-world example of the doctor’s office that lost valuable patient medical records because of a power outage, he nods his head in agreement and is more receptive to the information being shared. In the years since the first edition of my book was published, I have collected small business case studies (with the written consent of the business owner to share or publish these studies) covering a range of SMB’s across all geographic regions, all industry types and all threats and hazards. You should do so, too. Case studies move facts and figures into common, everyday experiences.
Be careful not to communicate any information that could be construed as fear-mongering. I refrain from scaring people with extreme threats that are probably unlikely to happen anyway. I am careful to point out that I recognize that my experience of 9-11 was a statistical outlier; however, the elements of the hazards arising from 9-11 (power outages and temporary lack of access to my regular place of work, for example) are very common and thankfully I was prepared for them. Cable television news networks increase their viewership by broadcasting vivid images of severe disasters; this approach can be counterproductive for business continuity measures. People just become numb to these threat scenarios and don’t like to feel that they are being scared into making an investment. Always have a business-like, pragmatic tone in your communications with SMB’s. You are not looking for a temporary boost to viewership; you are looking to build a long-term relationship.
Provide helpful information to your clients that exceeds the requirements of closing a sale. By sharing helpful information with SMB’s, even when such information will not advance the close of the sale, you become a trusted advisor to SMB’s, and not just a “sales person”. I learned a variation of this lesson after my book was published and I reached out to journalists covering the small business sector. I often pitched story ideas on timely topics relevant to SMB’s, topics they have not considered and which topics were completely unrelated to small business risk management – the subject of my book! I would refer them to expert sources to inform their reporting. After they fainted and woke up (they are used to p.r. firms pitching them self-serving material), they worked with my information. I would estimate that about 19 of 20 story ideas I packaged and pitched had nothing to do with small business risk management or advancing sales of my book or my business. They began to come to me for information and that led to long-term relationships. If you learn of new emergency evacuation information in your community, why not pass it along? It supports business resilience, even though it is not directly related to closing a sale.
I will be sharing these and other approaches to small business risk resilience in an interactive webinar offered by Datto’s and scheduled for February 4, 2015 at 2:00 p.m. EST. To register for the webinar, please click here. Upon registration, you will receive a “Risk IQ Test” to see if your framework properly estimates the risks to which small businesses are exposed! We will begin our webinar by sharing our findings and conclude our webinar with resources for follow-up support and a blueprint that small businesses can use to begin simple measures to protect their businesses. I hope you will join us!
Getting Started with Business Continuity
Sunday, January 31st, 2016The toughest challenge in any new process is taking the first step. Once you have started the work, you can build momentum to carry forward. Let’s consider how to get started with business continuity planning. First and foremost, you must consider human safety. Begin by considering plans to ensure the safety of your employees and their families in the event of a disruption to your normal operations. Do you have basic safety measures at your place of work? Can you put together an evacuation plan that you will implement on a moment’s notice if called to leave your workplace?
This process is important for many reasons, including the opportunity to secure buy-in from your employees to contribute to what they may perceive as an increase in their responsibilities. Share with them the thinking and methodology behind the planning process and how applying this approach in their homes can enhance the safety of their households and extended families. Engage all of the stakeholders in your company in the planning process, such as your suppliers, your neighbors, your service providers and others in your community. The ability of your company to stay up and running in a disaster is dependent, in part, of the ability of others to perform their responsibilities even in challenging and unexpected circumstances.
Next, start to assess the key assets of your business. This is not as easy as it first appears and the results of this process may trigger some surprising insights that can position your business for even greater success. Here is an example from my own experience: a neighboring business won a $25 million contract to do app development for a financial data provider. When their building burned to the ground, they were able to safely evacuate all of their people and insurance covered the cost of replacing their computers and furniture.
But the key asset of this business was not its physical property; it was the intellectual property – the hundreds of thousands of lines of software code that its developers and programmers had written for the financial client. They had failed to back up their code offsite and so lost everything.
This is an important insight because in a service and knowledge economy, our most important assets are often intangible, such as intellectual property or even reputation for stellar customer service. So begin by identifying those assets and how you might protect them.
Then it is time to perform due diligence on your own company and closely examine your own processes and procedures. You need to develop operational manuals to document what you do to systematize your processes. Even the most experienced pilots develop checklists as, in stressful conditions, it is too easy to overlook a critical procedure. As you consider your work processes, you will inevitably discover ways to improve upon them. More importantly, putting formal procedures and systems in place will help to scale and grow the business – and reduce the level of demands made upon the business owner with the stress that accompanies those demands.
I will be sharing these and other approaches to small business risk resilience in an interactive webinar offered by Datto’s and scheduled for February 4, 2015 at 2:00 p.m. EST. To register for the webinar, please click here. Upon registration, you will receive a “Risk IQ Test” to see if your framework properly estimates the risks to which small businesses are exposed! We will begin our webinar by sharing our findings and conclude our webinar with resources for follow-up support and a blueprint that small businesses can use to begin simple measures to protect their businesses. I hope you will join us!
Making the Case for Investment in Business
Friday, January 22nd, 2016In the last post in this series, I presented a new framework for risk to help small business owners better assess the likelihood of experiencing the “everyday disasters” and appreciate the need for implementing business continuity measures. However, we all have lists of things we need to do, but fail to follow through as other matters assume priority. So the next step in our process to enable small business disaster resilience is to make the business case for the financial returns to business continuity programs.
Many people mistakenly believe that an investment in business continuity programs only pays off in the {unlikely} event that disaster strikes. Nothing could be further from the truth. A well-structured continuity plan will improve the profitability of the business even if disaster never strikes. Sharing this insight with the owners small and mid-sized businesses will help to motivate a greater sense of urgency to protect their businesses and raise the priority of investment in continuity planning in an appropriate way.
Let’s consider three specific ways in which continuity planning improves the profitability of the business. The first driver of profitability is the reduction in the cost of risk. A well-structured plan offers the opportunity to reduce the cost of insuring the business, with lowered premiums commensurate with improved risk management practices. Speaking from the experience of my own business, I was able to lower my commercial insurance premiums by more than ten per cent by sharing my continuity plan with my insurance carrier and even soliciting feedback and input from my insurer for suggestions as to how I might improve upon that plan, based on their institutional knowledge. The reduced insurance expense alone covered my up-front expense in data protection and other measures to ensure resilience.
The second manner in which continuity planning yields a positive return on investment arises from expanded market and procurement opportunities. I connection with their business continuity planning, large enterprises are re-evaluating the resilience of their supply chains. Their due diligence on prospective vendors explicitly considers the risks associated with their ability to meet their deliverables in the event of unexpected disruptions. Small and mid-sized businesses that have continuity measures in place are more competitive to win contracts and grow their revenues.
This is also true of public procurement. While government contracting officers do not always explicitly ask about continuity planning when they issue RFP’s, the form for response nearly always includes a section to address quality measures. This is the forum where I like to write about the measures in place to allow for consistent, reproducible results in uncertain conditions. This allows me to convey that awarding a competitive contract to my company is less risky than awarding it to a competitor owing, in part, to our thoughtful continuity planning.
The third, and most powerful manner in which continuity planning drives profitability is the creation of more robust systems that emerge from a continuity plan. Taking measures to protect your business requires that you begin with performing due diligence on your company. Can you identify your key assets? Are you able to document your business processes? Often as entrepreneurs start their businesses, they have informal, ad hoc and improvised ways of doing things. Effective continuity planning requires that you put systems in place for consistent results even in challenging conditions. Those systems will become a platform that will enable you to scale and grow your business. And as you undertake an examination of your company to determine how best to protect it, you will inevitably discover opportunities to do things differently – and more profitably.
I will be sharing these and other approaches to small business risk resilience in an interactive webinar offered by Datto’s and scheduled for February 4, 2015 at 2:00 p.m. EST. To register for the webinar, please click here. Upon registration, you will receive a “Risk IQ Test” to see if your framework properly estimates the risks to which small businesses are exposed! We will begin our webinar by sharing our findings and conclude our webinar with resources for follow-up support and a blueprint that small businesses can use to begin simple measures to protect their businesses. I hope you will join us!
Getting Small Businesses to Think About the Unthinkable
Wednesday, January 20th, 2016Trusted advisors to small businesses, such as managed service providers (“MSP’s”), know the importance of enabling robust business continuity plans. As tech-savvy professionals, we are familiar with the depressing numbers:
- Over 75 per cent of small businesses experience some level of data loss
- 80 per cent of data interruptions can close a business for at least a day
Yet surveys of small business conducted by local chapters of the American Red Cross consistently find that two-thirds or more of small businesses fail to implement even basic continuity measures.
Why is it so hard to convince small businesses to protect their businesses, starting with basic data protection?
The answer, in my experience, is that most small business owners have a distorted assessment of risk. They believe that disasters will not strike them. In most cases they are right: extreme events, such as earthquakes, hurricanes and the like, are, by definition, high-severity/low-probability events. It hardly makes sense for a small business owner to divert his or her limited time and financial resources to address a low-probability threat when there are immediate needs, such as making payroll, that must be met.
The manner in which disasters are reported contributes to this distorted risk perception and false sense of security. The television news will broadcast vivid images of extreme weather, but since a computer virus decimating a hard drive is not visually interesting, it will not receive the same attention although, for the small business, it represents the greater threat.
That is why enabling small business resilience begins with reframing our perception of risk. Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses presents a framework for risk analysis along a continuum of threats. At one extreme, we have the high-frequency/low-severity risks. These are the “everyday disasters”, such as human error, computer crashes and the like. At the other extreme, we have the high-severity/low-frequency disasters, such as earthquakes, hurricanes and other major hazards.
Conventional wisdom suggests that we should prepare for the extreme event, the worst-case scenario, and that subsumes preparedness for all lesser threats. That view generally holds true, but it should never form the basis of continuity planning for small businesses. Focusing on the catastrophic risks tends to induce complacency, as most business owners recognize that, by definition, they won’t likely experience an earthquake that measures 9.0 on the Richter scale. It also induces fear and paralysis, as small businesses cannot reasonably take all measures to protect themselves against terrorism and other threats.
A better approach is to begin by preparing for the high-frequency risks, the “everyday disasters”. This approach offers an immediate benefit against a more imminent risk at a more reasonable cost. And it gradually builds resilience against the more serious threats. The data backup the small business needs to recover a file mistakenly deleted by human error (the most common form of disaster) will be critical to the recovery from a more serious hazard.
So let’s begin to enable small business resilience by changing our risk framework. This approach will allow us to better serve small businesses. In the next blog posting in this series, I will discuss how to take this new risk framework and translate it into a more compelling business case for continuity planning.
I will be sharing these and other approaches to small business risk resilience in an interactive webinar offered by Datto’s and scheduled for February 4, 2015 at 2:00 p.m. EST. To register for the webinar, please click here. Upon registration, you will receive a “Risk IQ Test” to see if your framework properly estimates the risks to which small businesses are exposed! We will begin our webinar by sharing our findings and conclude our webinar with resources for follow-up support and a blueprint that small businesses can use to begin simple measures to protect their businesses. I hope you will join us!
Better Project Management to Minimize Risk
Monday, January 4th, 2016In Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses, I wrote of the insights gleaned from examining the patterns of human error that impact your business. If your management style is to wait until the last minute to complete work and create needless stress, human errors will increase. Changing your management practices to allow for adequate preparation and response times will reduce the frequency of human errors – and improve your overall mental health! Today I learned the corollary to that piece of advice when I had difficulty accessing an online form for the Community College of Rhode Island (CCRI). CCRI’s website and applications were accessible only to those using terminals on campus. I am working with a non-profit organization that sought to apply to participate in CCRI’s Annual Day of Service in which students volunteer to perform a day of work for local charities. The deadline for application is January 6. Had I waited until tomorrow or the day after, my stress levels would have been rising with each hour that I was unable to complete the online application. Fortunately service was restored by the close of business and we submitted our materials two days in advance. But the next time, I will pencil the dates in my calendar for one week in advance of the actual deadlines.
Most UK Small Businesses Are Without Continuity Plans
Tuesday, September 15th, 2015The failure of small businesses to plan for disruptions appears to be a universal phenomenon. The sixth annual Data Health Check Report surveyed more than 400 businesses in the UK and found that just 27 per cent of small businesses have business continuity plans in place, compared with 68 per cent of mid-sized businesses and 75 per cent of large companies. This finding has remained roughly constant over time, which is curious, as cloud computing and other innovations have reduced the costs of data backup and basic continuity measures. The report also found that 73 per cent of the small businesses that have a business continuity plan in place have not tested it within the past year and nearly half of them have no plans to do so in the near future. Of those small businesses that had not tested their plans, only 28 per cent expressed confidence that they could successfully initiate a recovery operation in the event of a disaster. The study also found that the leading cause of data loss is human error (24 per cent), with hardware failure a close second (21 per cent).
Protect Your Mobile Devices With a UPS
Thursday, July 2nd, 2015For many, the summer months bring increased risk of power outages or power surges as peak air conditioning use strains aging utility grids. Protect your sensitive computer equipment and data with an uninterruptible power supply (UPS). The UPS is an appliance that contains a battery that will continue to power your computer when it senses a loss of electricity from the primary source. If you are using the computer when the UPS chirps to announce power loss, you have time to save any files you are working on and have an orderly shutdown of the computer. In addition to protecting against data loss, a UPS can prevent a power surge from damaging your computer. Always use a UPS when you are relying on a back-up generator for power as the flow of current from the generator may not be entirely smooth.
The UPS appliance I have in my home office provides up to two hours of additional powered operating time. It has eight outlets: four for battery back-up and four that offer surge protection only. So, of course, I have my computer connected to the battery back-up outlets and use the surge protection outlets for my printer, scanner and other devices to protect them without consuming battery capacity. My UPS appliance also comes with a $150,000 equipment protection policy, so if my equipment is damaged from the power supply, my losses are covered. In order to ensure that the coverage remains in force, it is critical to have the equipment connected to the proper outlets on the appliance (i.e., the computer must be connected to the battery back-up outlet).
So in the event of power loss, I have two additional hours of work time from the UPS battery before I power down my computer and pick up my work on the laptop and tablet, which I keep fully charged at all times. And now, with increased use of mobile devices, it is important to protect the tablets and laptops as well, so I charge them through my UPS appliance to protect against damage from the power supply. In my community, we often have micro-outages between one and three o’clock in the morning – you learn of them when the clock on the over flashes “12:00 a.m.” the next morning. With the UPS appliance, I am not leaving anything to chance.
Securing Your Mobile Devices
Saturday, May 16th, 2015As we prepare for the summer vacation season, we will be making greater use of our mobile devices to stay in touch with the office. However, even when we are in a relaxed environment, we must be as vigilant with IT security as we would be if we were at our desktop computers at our regular place of work. Mobile devices – smart phones, tablets and laptops – contain valuable data that can be compromised if we are not careful. The following are five suggestions to secure the data contained on your mobile telephone or tablet:
- Enable remote data wipe. This feature allows you to erase all of the data on your device should it be lost or stolen. The remote data wipe restores the device to its original state by performing a “factory reset” and removing all of the information you have stored on it. The Apple iCloud service offers this protection to iPhone and iPad users. There is a comparable Android solution within Google apps.
- Update the software on your device. We are conditioned to install the security software updates on our desktop computers, but often we postpone doing so for our mobile devices. Take a few minutes to verify that the software on your mobile device is up-to-date. Hackers will often exploit known threats to gain access to mobile devices. The software updates correct the vulnerabilities caused by known threats, so it is important to stay up-to-date.
- Exercise caution when using “Free Public Wi-Fi or Hotspots”. These services are very convenient when you are checking messages at the local coffee shop, but they are not secure. A hacker could hang out all day in a free public wi-fi area in the hope of capturing confidential information from customers checking their bank accounts online, for example. The safer alternative is to use a 4G cellular hotspot. Hotspots are built into the current models of mobile telephones.
- Turn off your Wi-Fi and Bluetooth when you are not using these services. This will not only help to thwart the hackers, it will extend your battery life.
- Protect your mobile device with a password. A password for logging into your mobile device will make it more difficult for someone to gain unauthorized access to your confidential information. I change my password each month as an added precaution.
Once you have updated the passcode protection and software on your own devices, be sure to share these suggestions with your employees to help keep your business safe.
National Clean Out Your Computer Day
Monday, February 9th, 2015Since the year 2000, the second Monday in February is designated National Clean Out Your Computer Day. There is a day for everything and this one was originally sponsored by the Institute for Business Technology. We waste time in our work spaces searching for files or over-writing files that are no longer current. We also waste time due to the environmental effect of being surrounded by clutter, both physical and digital. So today is an opportunity for us to clean up our computer workspaces.
Check with your legal counsel to confirm the time period that you are required to retain certain types of files (such as human resources records) and when you may purge obsolete files. Make sure you follow proper procedures to purge computer files as there are ways of recovering information if it is not properly deleted.
And then review to make sure that everyone is following the correct procedures for naming and storing computer files, thereby saving you time and frustration in your work. Take a few moments to organize your desktop and synch all of the newly updated files with your mobile devices. You will feel more productive when you have finished these tasks. And your business will be more resilient – because when a disruption occurs, you really don’t want to be searching through out of date files to find what you urgently need.