When the Worst Happens: A 10-Point Natural Disaster Recovery Checklist
Jon Pisani, Sales Engineer Manager and Terry Kruger, Director of Sales
“Preparation through education is less costly than learning through tragedy” . . . an insightful quote by Max Mayfield, a man who knows a thing or two about natural disasters. Mr. Mayfield served as the director of the National Hurricane Center.
His point hits home for businesses affected by a natural disaster where the building – literally – can disappear. “What if …” is a phrase that can send chills down any business owner’s back. What if I can’t recover data? What if my business is suddenly shut down? What if we can’t access our computers? Where is my data backed up and how quickly can I access it? Do I have redundant backup? What do I need to do to get my business back up and running?
While some might think Chicago is off the grid for an earthquake, hurricane or monsoon, the fact is we live in a cold weather area where streets and buildings have the potential for flooding in winter. Fire, tornadoes and heavy snow are also possible hazards. The key is to be accountable for your technology infrastructure before an emergency strikes.
Here’s your 10-point natural disaster recovery checklist.
1. Inventory hardware, wireless devices and applications. This invaluable list will identify what you had before the crisis. Identify software applications, workstations, network infrastructure, mobile devices, data and hardware. It’s like having a list of your credit card numbers after losing your wallet or purse.
2. Choose an off-site location. If you were staring at ground zero, where would your team go?
3. Write a script for your mock relocation. Not too far off from staging a scene in a movie or play, document the steps needed to get hardware to the new location and people working. List the essential equipment you will need if you had absolutely no access to hardware at your original office. For example, a plumbing company might not need printers, but a law firm can’t operate without them.
4. Rebuild from a data perspective. Thinking about this now will save you heartache later: How am I protecting my company from data loss? When primary data storage goes down, the critical rebuild follows.
5. Embrace redundant backup. Fact: We can rebuild servers, we can’t rebuild data. Having a cloud-based backup solution should be one less reason to keep you up at night. Put backup policies in place so that key data and documents are not solely housed on local computer hard drives or on-premise servers.
6. Know your downtime tolerance. Put this at the top of your next leadership team meeting agenda. What happens if your business loses a few minutes? An hour? A day? A week? How fast do you need to be fully operating? What does “fully operating” look like relative to phone, applications, data and long-term sustainability? At 3Points, we construct solutions around your defined tolerance.
7. A Plan B for your phones. Remember, you’ll have to get phones and data circuits back up. Have a plan in place where cell phones can be forwarded. It can take a month or more working with the phone company to get communications running.
8. Schedule annual technology audits. No doubt, you’re busy running the business. So put an annual technology audit on the schedule. Think of it like an annual physical at the doctor’s office. An audit tells you how and where your data is backed up, retention times and details about your network. It’s the best way to prepare for a natural disaster because you see your IT footprint.
9. Identify a remote access work plan. Oftentimes, businesses have a piece of the plan rather than the entirety in response to a site disaster. Ask: What happens when I need to access data in case of an emergency? Disaster recovery is not just the site going away, but also the inability to access your worksite. A snowstorm is a great example. What systems are in place for people to access work remotely or does everybody just get a snow day? An ad agency, for instance could work remotely using mobile devices, but a manufacturer with millions of dollars of equipment standing still will want their ERP system in the cloud so back office workflow continues.
10. If you are prepared, you most likely will be just fine. Recently, a water pipe broke and flooded the basement of a client’s office. Within 24 hours, a 3Points project manager and technician implemented an 8-step process for how the company would transition to other offices. Their business will be fine. And so will yours as you learn and adopt best practices for a natural disaster recovery plan.
11 Essential Points for a Small Business IT Security Policy
Jon Pisani, Sales Engineer Manager
I remember the first time I watched Gregory Peck and Anthony Quinn in my all-time favorite war movie, “The Guns of Navarone.” A small band of gutsy misfits takes on practically the entire German army. Clearly, the odds were stacked against them.
That’s how IT security feels sometimes for small businesses. You’re working hard to meet deadlines and get payroll out and then – boom – your network is compromised. And you can’t help but think: “I don’t have time for this.”
Small businesses are vulnerable targets. Cybercriminals think nothing about email blasts that steal data in exchange for ransom (called ransomware) or infecting computers with viruses, shutting down a network.
At 3Points, we receive one to two calls a week about security-related issues from clients – smalls businesses with up to 100 computers. A ransomware attack is scary and pricey. Costs reach as high as $10,000 to fix the problem. If a workstation is infected, then an employee could be down half a day while the PC is rebuilt and files restored. If a server is infected, then the entire server comes down.
Your best defense is a rock solid IT security policy. Here are 11 essential points to include. More protection means less risk. In the spirit of my favorite movie and in honor of Veterans Day just around the corner, you’ll see a few military terms thrown in for good measure (thank you, Wikipedia).
1. Document your policy. First things first, craft a security policy that defines your standards so employees know what they should and should not be doing. The internet is like no man’s land (the land under dispute between countries). Put your security policy up on SharePoint for easy reference.
2. Define safe and unsafe email habits. One client experienced ransomware four times in a nine-month period. Why? Employees opened malicious emails, clicked on infected links, and downloaded suspicious files. Educate people about safe and unsafe email practices. Attachments from fake people, subject lines with personal information, and emails from “UPS” are popular baits.
3. Train the user to look past the obvious. User awareness is your best blast wall (barrier for protection from high explosive blast). In your policy, outline questions like: Am I expecting an attachment from this person? Is it reasonable that I would be asked to click this link? Sometimes cybercriminals steal identities of people you know. Got an email from the controller? Ask: Would I be receiving something like this from her? Send a new email (do not respond directly) or call, identifying the email’s validity. An extra five minutes is better than a half day down to fix a problem.
4. Stop forwarding emails. Forwarding emails spreads viruses. 3Points once ran a test for a client to see how secure they actually were. We sent out a fake email to reset their password. Half the company clicked through. Others forwarded the email.
5. Reporting procedure. What happens if an employee does identify a threat or gets an alert email? Define their response in your policy. Turn your team into pickets (advance troops that alert early warning of the enemy). Tips: Notify a manager, the IT partner, or run an anti-virus scan. If using an on-premises exchange server or GoDaddy, we can install a filter that analyzes emails and attachments.
6. Educate your team. Think of it like boot camp – have your HR department give instructions through a company-wide meeting, workshop or webinar. A prevention plan is easier to do than a crisis plan.
7. Password policies. Consider password management software. Of course, outline password best practices, like not repeatedly using the same one (I have a friend who boasts about using 1234. Not good).
8. Limit public information. We’ve become a sharing community. Typical security questions like the name of your first pet are pretty easy to find. After all, Roscoe’s picture is right there on your Facebook timeline.
9. Not just for email anymore. I watch this show Mr. Robot. One episode featured a supposed “call” from a person’s banker relaying a security breach and asking for verification of account information. With mobile devices taking over our attention, include best practices for distinguishing malicious calls from real ones. With BYOD (bring your own device) so prevalent, set policies to prevent transmission of company data via personal devices.
10. Consider workstation limitations. 3Points offers a Security Enhancement Package that puts digital limitations on workstations. It helps prevent an end-user who may inadvertently infect themselves through attachments and file sharing. Think of it like a military tank with your computer inside.
11. Backup is your best defense. A good backup strategy is the single most important part of your security policy. Safe backup equals safe data. With ransomware and malware, it’s a nasty game of catch-up. Malicious attackers are creating new styles of attack, new code, new iterations of viruses. It’s impossible to keep up, but it’s not impossible to bulletproof your protection. This is your shield wall in all its glory (the highest and thickest wall protecting the main assault approach).
We live in a digital world. A security policy outlining prevention methods and backup solutions puts the odds in your favor. It gives you – you guessed it – a decisive victory (an overwhelming victory for one side) over computer attacks.
3Points Now Serves Those with 50 to 100 PCs
Since 2001, 3Points has sat front row to many vision-inspired companies with 10 to 50 PCs. Countless success stories speak to how technology has helped our small business clients thrive. Now 3Points is broadening its reach to those with 50 to 100 PCs. Here’s why...
Cloud computing has changed the way people work and live. As a Managed Service Provider, we’ve seen the evolution. The cloud has simplified technology, freeing small businesses to operate like larger competitors, extending the office environment to a mobile workforce, and creating a platform for meaningful collaboration.
The cloud’s influence on those with 50 to 100 computers – business champions oftentimes poised for big growth leaps – has been significant too. This group is not just training for a marathon – they’re running 26.2! But there is some specialized “coaching” needed to run that race faster and smoother. Enter 3Points.
As an example, take a look at this growing, vibrant church organization using slightly more than 100 PCs. Offloading high-level tech initiatives has allowed their internal IT resource to focus on day-to-day work: deploying PCs, setting up new users and emails, addressing user questions and issues (this alone keeps an IT pro from eating lunch on time!), and basic network responsibilities.
The big news: The church has not had to add IT staff, saving substantial overhead. Organizations with 50 to 100 computers need higher-level solutions. Many of these are set-it-and-forget-it, allowing internal IT staff to focus on daily responsibilities and the technology areas they are most passionate about.
Fact: It’s impossible for one person to know everything in this industry. Having a team of IT experts allows growing companies to focus on their core business and day-to-day technology needs.
For our small business clients who grow into the 50 to 100 PC range, this supplemental plan is ready and waiting for them too as they most likely transition into a full-time technology officer.
Shark Tank – Chicago-Style
Steve Banke, CEO 3Points
I’ve attended two Shark Tank-like pitch events here in Chicago hosted by the Small Business Advocacy Council. Electric. That’s the word that comes to mind to describe the event’s charged atmosphere. It starts when the networking begins. Picture a group of people hanging out in a hip venue surrounded by an intense anticipation that something really big is about to begin. Big – as in, you get to see firsthand thousands of dollars and people’s dreams parlayed into deals.
As many of you know, 3Points champions the work of the SBAC. I personally have visited Springfield and Washington, D.C., advocating for small business in Illinois and connecting many people with SBAC resources.
How it works
One of those resources is SBAC’s pitch sessions. The quarterly events are led by the group’s Startup and Technology Community. Since the Great Recession of 2008, funding continues to elude many small businesses, stifling the single largest growth opportunity in our economy. SBAC went looking for a solution.
After meeting with angel investors and other funders, the group discovered that everybody was trying to find each other. Taking a creative approach to solving a complex problem, the pitch sessions came about in 2013, connecting the dots between capital and entrepreneurship.
The interesting part: There’s not just one winner who walks away with a big funding prize. I’ve seen people in the audience end up funding other presenters right before my eyes. You’ve got the right people in the room – innovative entrepreneurs hungry to launch their ideas and those with the means to make it happen. Like The Voice, the popular talent show matching coaches with hopeful stars, the audience (they’ve had as many as 400 attend) plays a significant role. They use a Twitter handle to vote, along with a panel of judges made up of VC company standouts and former founders of successful IPOs. Each of the three presenting companies gets five minutes to pitch and 10 minutes for Q&A.
Prior to a pitch session, SBAC invites entrepreneurs from places like 1871, The Garage at Northwestern University and other startup incubators around Chicago. A pitch committee chooses a final three.
Then, the prep work begins. Candidates work with a speech coach and others to get them ready. What began as simply putting people up on stage has evolved into a streamlined grooming of presenters, a full-blown planning committee, pedigree judges and celebrity keynoters that have included Mark Lawrence, co-founder and CEO of SpotHero, and Senator Napolean Harris.
Show me the money
SBAC lines up sponsors so the winner not only gets funding, but also enviable perks like office supplies, access to legal advice and even 10 hours of free IT support from, you guessed it, 3Points. Companies typically ask for early-stage, pre-venture funding between $250,000 and $2 million.
In total, there have been about 20 events with 60 to 80 companies pitching. Not all the money comes from judges. One presenter got $350,000 from an audience member. An executive from a burger restaurant that won in 2015 spoke at SBAC’s work center this past spring. His company snared $1.7 million in funding after the pitch event.
Beyond the pitch session
The SBAC pitch sessions make an even more compelling story when you connect them with the group’s advocacy efforts. In January last year, SBAC rallied to pass the Illinois Intrastate Equity Crowdfunding Bill (HB 3429). Having regulations that support Illinois’ start-up community creates even greater opportunity.
According to Mike Cavanaugh, SBAC co-founder and co-CEO, the testimonials from pitch session participants prove the worth of these events. Here’s a note from past winner Regroup Therapy: “Winning the SBAC pitch competition was a critical moment in closing our series seed round of investing. SBAC understands what it takes to build a business from nothing and we value their support and mission.”
I’ve seen some pretty impressive deal-making go on at these events where business cards are traded and organizations are funded just by having the right people in the room. People working together to move real businesses upstream – now that’s Shark Tank, Chicago-style.
Steve Banke is founder and CEO of 3Points, LLC. Stay tuned for future articles on small business topics in both the 3Points newsletter and blog posts. If you want to know more about the SBAC, email Steve or call him at (708) 491-0300.
Mike Cavanaugh, co-founder and co-CEO of the SBAC, contributed information to this blog post. He can be reached at email@example.com.
SharePoint: A Deeper Dive
Jon Pisani, Sales Engineer Manager
Jack doesn’t know how to use the new coffee machine in the company lunchroom. No one is around. Jack needs caffeine. Do you want Jack to fall asleep at his desk or do you want him to finish his report for the board meeting?
SharePoint to the rescue.
An exaggerated example at best (or worst!). Nonetheless, the point is that if Jack needs to know how to use the new coffee machine – a very important task many people in the company will want to know – he can just look it up on the company’s internal wiki (a fancy name for an organization’s internal website that can be edited by its users) where he will find the process document with easy-to-follow instructions in (wait for it) SharePoint Online.
Many 3Points clients are on Microsoft 365 plans that include SharePoint licensing. What you may not know is how it will help to improve office communication, and act as a “company university” for immediate access to knowledge and information.
Here are three points that take you deeper into SharePoint.
1. Share with External People.
A lot of people don’t know this, but you can absolutely share files through SharePoint with people outside the company. Let’s say I want to send a video educating a client about backup options. Since the huge 20 MB file is already on SharePoint, my client can easily download it herself. She gets the information she need quickly, and I look like a hero.
2. Increase Productivity.
Have you ever been on hold for 20 rounds of “Papa Don’t Preach” by Madonna? (I never liked that song when it came out in 1986.) No one likes to wait for an answer. So give your people what they need when they need it. SharePoint is a company’s go-to place for training materials and company processes. If you have a new hire, you point them to the “Training” SharePoint page and say “this is your world for the next two or three days.” Let the end-user educate themselves at their own pace, freeing up time for other people.
At 3Points, our benefits packages and plans for health, dental and vision are on SharePoint. If anybody has a question, they go to the site and examine the plan. We put up meeting notes from every department, sales presentations, audit best practices – any static documents.
3. The Gotchas
SharePoint is not a replacement for a real file server, but rather a place to hold things that are not going to be changed frequently. Other examples include: expense forms, contracts or Statements of Work, vendor contact lists, vacation request forms, and emergency procedures.
SharePoint is perfect as a collaborative team site for an organization and is easily organized by department. In small businesses, people oftentimes wear a lot of hats. When people share best practices, they go from silo to farm. Training material, set-up instructions, tutorial videos, Podcasts and other helpful information has a home on SharePoint leaving Jack absolutely no excuse for sleeping on the job because he couldn’t get the darn coffee machine to brew.
Jon Pisani is the sales engineering manager at 3Points where he manages maintenance agreements and contracts with vendors, leads audits for new business sales, and manages the 3Points Tech Team. Email Jon at firstname.lastname@example.org.