Tag: business

Why should you use Rent-A-Geeks for your disaster recovery drills?

Why should you use Rent-A-Geeks for your disaster recovery drills?

 

The pushback I get on this one topic is phenomenal.  Their IT people who know their boss better than I, always question the need for a disaster recovery audit in the first place.

“I Get it!  To them, that is synonymous with taking your shoebox full of tax information to the IRS and asking them for an audit. Please let me suffer through an audit because I love pain!”

So who in their right mind would do it?

I can think of no better argument than Puerto Rico.  That island was wiped off the map.  They have no power grid left.  They have no data communications and let’s face it; It will take years for them to recover.

I had customers there, but I bet that those businesses may no longer be viable.

They are requesting of all things truck drivers, among their many lists of needs.  Why?

Their truck drivers were affected by the buss’s called Irma and then Maria.

I am speaking to the owners of businesses with this next sentence. “Folks, your IT guy that tells you that you don’t need an outside firm or audit, is setting you up for disaster.”

Objectivity is essential.  You need an honest assessment by someone who does not have a dog in that fight.

If a team of rent-a-geeks cannot restore your company at a warm site, the DR plan that you think you have is worthless. It may satisfy the ISO folks or the other government or banking or insurance companies, but the sad truth is, in an actual Disaster your people may not be around to add their collective knowledge to the process.

One client did not even look at one I prepared for them.  When I asked if he wanted to go over it he shook his head.  “No, I just need something for the auditor to show that we have one.”

My reports go to you the customer, nowhere else.  My recommendations are put forth in a clear, concise manner that you will not need your IT guy to explain to you.  Read and understand my blogs on the topic and then ask the critical questions.  If you hold your SA’s feet to the fire or your CIO’s feet to the fire, you will far better off than most of the firms I deal with.

One firms CIO that I worked with was not suited for desktop wizard much less the end all be all guru of all things technology.  Now if numbers are what interested the CEO, this was his guy.  He could pinch a nickel with the best of them. “Penny wise pound foolish,” should be on this man’s card.

It does not take an Irma or Maria to sink your business.  It only takes a Ted or Bob or a fire of some small part in the computer room to decimate your company.  Assume nothing!  Do you have the right employees doing the job?

Pray for our brothers and sisters in Puerto Rico, and if you have the ability, you might consider donating something to some of the excellent organizations who are working so hard to bring some relief to those affected.

Having lived through Alicia, I would not wish that on my worst enemy.

 

-Best

 

 

Advertisements
Ready, Fire …Aim

Ready, Fire …Aim

After the recent storms, one might have guessed that my phone has been busy.  Firstly let me say that Disaster Recovery by its very title is a bit of a misnomer.  While I have some abilities to recover lost data using some forensic skills developed over decades of twiddling bits, that is not really disaster recovery.

Disaster Recovery and business continuity are about planning for an event which may or may not happen.  The “plan” assumes that your business systems will be affected negatively and puts forth a tested strategy to recover from the said event.

With the recent devastation by hurricanes and earthquakes, one would think that those businesses not affected would be learning from those that were.  If you search my blogs on this site, you will see that I have laid out

Do not ask him or her, are we covered just in case, ask them specific questions laid out in this blog here.

Yes is not a satisfactory answer, demand the details and the proof.  I don’t care how much of a friend he or she is, demand the evidence.  The devil is in the details, and the last thing you want is a bunch of excuses.

I am learning from phone calls that too many have been assured that they are covered, and that is very possibly why today they are looking for ways to recover data from destroyed equipment.

Disaster recovery is not some dark magic spell cast under the voodoo magic of bits and bytes in the wiring closet or back part of the computer room.  The bottom line is to test it, whatever your people come up with, check it.  Keep checking it until you can recover your business with outside contractors and hardware with data and documents prepared by your staff.  There is to be no input from you or your staff during the test.  The hurricane, earthquake, fire, attack from zombies or employee error took you and them away from the scene. The plan provided must work!

This is why we who do this insist that companies use “best practice” standards in the industry when creating your individual networks and systems.

One such company has a senior IT staff littered with programmers.  These people think they know more than Microsoft.  Using kludges from Unix, Linux and other programming wizardry to subvert some of the basic tenants of networking, they have made their network so unique that it will depend on them to be there to recover.

If it is not broken, don’t fix it!

Writing programs that workaround things like DNS is just crazy stuff and now it is dependent on the network never changing, at all.

If your data is successfully mirrored offsite, an excellent team of engineers might get you going in weeks, not days if you have failed to follow best practices.  While your data might eventually be usable, you and your company will be on the sidelines as most businesses do not recover from such a catastrophe.

Folks I have been at this since 1982, I have learned a thing or two in those years.  Ask your team the questions or be prepared for unpleasant surprises should you ever face a business stopping event.

Got to go and explain once again what disaster recovery is and is not.

-Best

What If?

What If?

Every day someone finds something.  This day was no exception.  The more creative the attack the more interesting the day.  If you call that number they try to get you to give them $199.00 to unlock your computer.

You can send me some money if you like but, here is the fix for this…

CTL ALT DEL , task manager, kill the process, aka browser and then do not restore the page when you reload the browser.

I am not affiliated with CCleaner but I sell a heck of a lot of it for them.  Install it and let it clean your browser after every use.  $25 a year and damn well worth it!

As one might use an explicative to emphasize a point, I often use a somewhat tawdry analogy for this purpose.  Surfing the web with inadequate anti-virus software is like “hooking up with a stranger” without using protection.   Not only is it idiotic, but dangerous!

Having been in Data Processing, or the IT business since before Steve Jobs or Bill Gates was a household name, I know a thing or two.  The scars on my back are from arrows taken in the trenches of digital mayhem. This bedlam was caused by such things as bosses wanting to be on the bleeding edge, to software not ready for prime time, been there done that.

Free antivirus software is not worth what you pay for it!  

The best security software is going to have a price or cost to it.  Why?  It takes many engineers, coders, and much research to create and maintain a massive program like anti-virus software.  Who is going to do that for free?  More importantly, why?

While someone might write an app for free, to get their name out there; anti-virus software takes a village.

Much like hiring someone to sell your home, you don’t hire someone who does it part time or as a hobby. If you want to get something done, give it to a busy person.  If you want to sell your home, hire someone who’s lively hood depends upon them being successful.  You want a secure computer, hire or purchase the product with the most to lose if it fails.

There is much more to the process of considering which product to purchase but, free is not a reason.  I would argue that free is a cause to eliminate that choice.

The reality is that the internet has become the wild west.  The bullet that finds you can come from almost anywhere. Every company that uses computers should have a security officer.  His or her job should be to focus their attention on threats out there and the best way to keep them from affecting that company.

I find it surprising that politicians are screaming about Russian hacking of our computers.  What the hell do you expect?  You just assume that someone with a certification gives a damn!?

What worked in 1982 does not work now.  Having a “PC Wizard, or your grandchildren” working for you is tantamount to a trapeze act, blindfolded and working without a net.  Insurance companies and credit card companies are now aware of this and demanding your strategies to be secure in the world of cyber threats.  They should audit you, and they should hire folks like me who know what to look for.

White Hat hacking allows us an inside look at what one might expect.  We learn many ways to infiltrate a company.  The same applies to the TSA in homeland security.  While I would probably choose a job to be that guy that test the security systems of the homeland, airports and such, it is much easier to check companies.

The first thing I must do is understand you.  More importantly, know that entity many of us in the biz call “users.”

Too many infiltrations are accomplished with something called click bait.   “Ten pictures that should never have been made public…” With half a picture of some scantily clad woman visible, how many will click?

Human nature dictates men will want to see what the camera saw. “Boom, you’re infected.”

Good antivirus software will stop any activity created by software manipulation but, the caveat or keyword there is “good.”  What if you bought the bargain basement software or just used the free stuff?

For the coders to write the fix, someone must fall prey to it, report it, and then they must institute a fix.  That is why Software of this type is never static.  Updates are consistent and often.  New threats are released hourly.  To run a company dedicated to this is no small task.

Maybe you own a plant which produces widgets.  Your widgets are better than others, and your competition wants the skinny.  You hired someone like me for your IT manager or CIO so they cannot get in through your firewalls.  Your safe, or so you think.  Industrial espionage is rife in the competitive world of gadgets and widgets.  If I want in bad enough, I will contract one of my guys to write a program that will hide on a computer until certain key phrases are typed, and then it will activate.

“Wait, you said my firewall is secure, Fort Knox secure!”

“Why yes I did, so I am going to place this little program on a thumb drive and…I am going to put some naughty pictures on it with some commercial looking writing on the outside of the device to make the person who picks it up from the parking lot where I dropped it, think that they have something juicy.”

Possibly just tossing a thumb drive out the window of my car near the parking lot with a few files on it, and the Trojan would be enough to get me into your network.  I will purchase some chrome colored or fancy looking thumb drive to be sure that it is spotted.  I will know when the landscape folks work, so I make sure and plant it after they have done their thing so that one of your employees will find it.

Maybe I send one of my spies out to places that your guys eat and leave the drive on the table by the ashtray or the salt and pepper shaker at the table they eat every week on a given day and time.

Possibly I get one of my people inside your company, hired by you.  They install some remotely controlled program like Team Viewer on their PC and Viola; you are hacked.

Because your IT guy is so sure that his firewall is good enough, or your engineers are so demanding that he left the USB ports open for use by them, with lax policies he leaves your company vulnerable too.

How do we stop the threats?

One way we do this is with training.  Every employee should sit through CE training on the essential use of the corporate computers.  This is information that they can bring home and share.  Education is by far the best tool one can have in their arsenal.

All of the policies are trumpeted for them to hear and before they leave they sign a document saying they will adhere to them.  With it harder and harder to fire people these days, that too is one more tool in your belt.  Good employees, you want to keep, those that prove lacking, they need to go.

I could easily make the argument that good computing practices are patriotic.  I could certainly apply this to purchasing respectable anti-virus software and creating policies and procedures that protect your business but, the bottom line is, in the end, it will save the company money.

I was making this argument to a CEO of a good sized company when he stopped me and said, but viruses help your bottom line too.

I argued that I would much rather use my time and talents to design safe environments for companies like his than put out fires.   It is considerably less expensive to install a good fire retardant system then to try and rebuild.  Yes, a metaphor for using robust best practice standards in computing vs. reacting to noise.

Noise is the result of a problem created by an event that was unplanned or caused by employee error.

A good security person is somewhat paranoid and is always asking, what if?  I do this in disaster recovery scenarios balancing those “what if’s” against statistics and a risks assessment.

With proper education, we can mitigate the employee errors.  Using proper procedures and policies, we can diminish the unplanned events, i.e. viruses or other malicious code.

When I run into companies that think free antivirus software is adequate, it makes me a little crazy.  If they are a public company, trust me, I will not purchase their stock.  Flirting with disaster out of sheer frugality or ignorance is idiotic.

If you keep your guys around because you like them, think again.  I may love some folks, but I would not hire them for certain positions if I could find someone better.  I don’t have to like you, for you to work for me.  If you are the best person for the job, you get the job.  P&L trumps feelings!  Feelings can be costly and can be a liability.  Logic in business is your ally.  Logic must always be forefront when making business decisions.

I have walked away from companies who have their kids working for them.  By hiring the children, you open yourself up to losses that could be untold.  One company had their children not doing the paperwork necessary to complete the task, thus losing money in that department.  Hiring me to do an analysis, it did not take long to find the problem.  I fired her children after trying to work with them.  I kid you not one of them actually cried in my office after telling him time after time he must do all of the job.  A grown man crying!  There is no crying in IT.  Either perform the work or get the hell out!  Either do all of the job or learn to ask, “Do you want fries with that?”   Is that too tough?  I felt for the kid but, feelings do not dictate policy.

Do your kids a favor and don’t hire them.  The real world does not work that way so why in the world handicap them, and make them believe that it does?

Over the years there are best practices that have been created by time trusted procedures and policies.

Some are things like:

  • Hardware Asset management.
  • Software Asset management
  • Security both physical and digital

I could write a book on the subject, but I will spare you the details.

Today, now more than ever we must harden our networks.  We must have sound policies and procedures in place, and they must be adhered to.  Documentation is essential, and it must be updated.

I don’t relish firing people but, sometimes their people are the problem, and the CEO is so far removed from the process they just don’t know it.  If training can fix it, I am all for it.  Attitude too plays a crucial role in the process, and I will not tolerate a crappy attitude.  Life is too short, and the subject matter is too important.

I love the HR folks because often they are the gatekeepers, saving the CEO from disaster.  Good HR folks are worth their weight in silver.  Gold, maybe not, so let’s stick with silver. Worthy people are not that hard to find as many would have you believe.  Upright people are around, but they may not have everything that you are looking for immediately.

Instant gratification is an expensive luxury and can be elusive at best.  Where employees are concerned, I want to start with a “good foundation.”

We place certifications above character, and that is part of our modern day conundrum.

I hired a grocery store manager and trained him for a job in IT.  He had little experience in the job I hired him for, so why did I hire him?

He had the right attitude and wanted to learn.

I had the time to train him.

The money used for training him was penny’s compared to hiring exactly what I was looking for.

He did not have the bad habits that come with so many “experts”  with the certifications, and their egos.

He ran a grocery store and let me tell you; he was not afraid of work!

Back in the day, we had interns or apprentices.  Folks, we need to look carefully at that once again.  I have hired many over the years that had the right attitude and the skill set to learn.  American people are out there struggling, and we won’t give them a chance.  Why?  Instant gratification.  We need someone who can step into the job right now, and we run with minimum employees because of what?  Because it is so expensive to have employees.

That is one of the things we need to push back on Congress and health care to fix, but the reality is, internships and apprentices I think are essential to finding and creating good employees.

Every job fair that I go to has thousands of workers looking for work.  If you can’t find them, you are not looking!  I spot good employees daily.  There are times I would love to go work for a recruiter just because I can spot talent!

Are they the exact racehorse ready for the Derby today?  Maybe not, but can they be trained?  There are virtual diamonds in the rough everywhere, looking for a chance! We are begging to bring in more H1B folks instead of taking care of our own.  That is not very damned patriotic if you ask me!

Our schools are a disaster in my opinion.  In speaking with college graduates today, I am frequently amazed at just how ignorant and totally out of touch with reality that they are.  Someone somewhere screwed them to the tune of tens of thousands of dollars for an education that is worthless.  When they think voting for a socialist is a good idea, they were screwed by their college and should demand their money back!

Today we have kids tens of thousands of dollars in debt, and they cannot find a job.  I know of several college grades making much less than $15 an hour.  Our educational system needs an overhaul.

As quickly as a company can get a process documented and packaged, they send it overseas via a VPN over the internet, sending jobs out of the country.

Trades are being overlooked for white collar jobs which are going the same way.  IT jobs are vanishing in the states.  Virtual IT shops are set up in some foreign country, hiring an English speaking American to act as a liaison between them and their Indian or other counterparts.  With an American point of contact, it is then up to the American to manage the folks in another country who speak little English, making little money, to be the IT shop for these American companies.  This same person puts an American face on their business while working with their client managing the “noise.”

“Do you see any security risk there?”

You have no clue where your intellectual property is going or who is seeing it.  Maybe you have a contract but so what.  Much like HIPAA was created to protect your health information, do you honestly feel as if your information is secure?  If you do, you are fooling yourself.  Read the documents you sign when you visit the doctor.  You sign things saying that your information is protected and then you sign a document which pretty much gives them a pass to do whatever they want to do with your information.  Smoke and mirrors.

Doctors and hospitals are hacked and the information is stolen all too often.  Why?  How?  Piss poor planning on someone’s part. Using some cheap method to get things done perhaps?

Your contract with your Virtual IT company is as worthless as the paper it was printed on.  Yes, that deal might make you feel better but, know if you are a developer, someone in some other country has your work and if they can use it, they will.

I want to touch on Software Asset Management as it is germane to this subject.  All of the subjects are salient, but that one, in particular, is in the case of security.

There are tools which you can use to inventory every program on every PC.  Why?  Why would you want to do this?

Licensing of software is an issue, but more importantly, you should want to know what is on those PCs.  The first time I did this for a company I was struck with the reality of the sheer number of programs designed for remote control of a PC, that was active.

In this world we live in, corporations can ill afford to have the wild west inside their computer networks.  Besides the games and other foolishness that was identified, the risk to the infrastructure was phenomenal. The company is liable for every program on their PC’s, no matter who put it there.  If they are audited for their licenses, and someone like myself does an audit and finds them, they must then produce that license.  Can you?  Can you put your hands on all of your licenses?

Ignorance is no excuse!

Having been part of the evolution of the business process, dating back to the secretary and the typewriter to current day, I have seen the learning curve first hand.  Fighting the first virus on a network before there was anti-virus software; asking “what if” became second nature.

Back when Gregg shorthand was used, a business letter cost an average of $100.00 back then.  Now we type out e-mails with the ease of few keystrokes and dictation is a thing of history.  Technology has improved the business process, but the bad guys have found a way to make it interesting.

The very tools we use to make our lives easier are under constant threat by evil forces that look for ways to extort money or steal your property either through the exploitation of your network, or your employees themselves.

We use the cloud as if it were a hard drive in some vault in our closet.  We send information to the cloud without a clue where the cloud is and who has access to it.  Why we don’t encrypt that data before it leaves our computers is beyond me.  If I were a villain, I would be looking for ways to infiltrate the “cloud.”

“What if?”

The opinions expressed are my own as well as the intellectual value of the information put forth for your consumption.

© All Rights Reserved 2017

 

When is the right time to think about Disaster Recovery?

When is the right time to think about Disaster Recovery?

 

Spring rains bring on more than just flowers or in my case, weeds.  The phone started ringing early the other morning.  My coffee was still brewing when the continuous ring of the phone demanded me instead of the regular answering service.

It would seem that lightning hit a pole close to one of my clients.

Lightning is far from respectful of your deadlines or the amount of work that your staff has lined up to accomplish.  From simple power outages to fire, lightning all by itself is a disaster in the making.  Some simple steps ahead of time can keep your company from being a victim to what this client was.

One girl had her headset in when the lightning struck and was shocked. Happily, she is ok, but their systems were not so fortunate.  Had the grounding been worse; she may have been the path to ground.

Once the power was restored the server, router, and switch, did not recover.

The one machine on a UPS died as the power went out.

What went wrong?

Surge protectors have a finite lifetime.  People buy these power strips with surge protectors and forget about them.  Surge protectors are nothing more than a power strip with something in them known as a “Metal Oxide Varistor or MOV.”

Any power surge above an acceptable voltage is clamped or shorted to ground by this device.  The problem is the MOV only last so long before it no longer functions.  Every time there is any spike in the line from compressors shutting off to other electronic “noise” these components are adversely affected.

What is better?”

A UPS of enough wattage to allow the computer to be safely powered down in the event of a power failure.  Along with the backup power ability, these devices have more sophisticated line conditioning circuitry protecting your equipment from stray voltage spikes.

One note to remember, these too only last so long before they must at least be maintained, or replaced.  Any CIO worth his salt is familiar with Hardware asset management and has this is mind for his budget.  CEO’s hate surprises like unexpected expenses.  It is much easier to argue a budgeted expense than going hat in hand begging forgiveness for your ineptitude.

Suffer a catastrophe like this client, hope your boss does not hire someone like me to do a root cause analysis.

At the very least batteries must be changed out but keep in mind that an MOV is also part of that piece of hardware.  I would budget the replacement of a UPS, rather than just the batteries if it were me.

Unless you have electrical engineers on staff, who are qualified to re-certify that equipment, it is too cheap not just to replace it.

 

Along with outdated hardware or not enough of it, I have seen too many times the ground plug defeated to save a dollar from an electrician.   Those ground plugs are there for your protection, not because someone wanted to make it difficult for you.  The problem with temporary is all too often it becomes permanent.

Lightning struck outside one of my client’s offices hitting a pine tree.  Finding the electrical ground for the building, which was poorly grounded, everything in the building suffered a power surge knocking out much of their equipment.

Many times, building management will only do what is necessary by code and leave the gamble up to you the tenant.

Depending upon your location, achieving a good ground could be difficult.  The type of soil must is taken into account among other things. Again, depending upon your location, you might want to invest in grounding your building with lightning protection equipment including lightning rods or now they call them “air terminals.”  The idea is to have some amount of confidence that if lightning hits, it will strike your planned target and be dissipated safely into the earth.

Since all computer equipment and now phones are wired through the network, this last customer lost computers and phones along with the network infrastructure.

Failure to plan is planning to fail.

The cost of the hardware and time to repair was minimal, compared to the amount of time the company was out of business.

Insurance will only get you so far.  As these spring storms fire up, there is a real element of danger to your building, business and, like the one young lady found out, to her person.  Had proper grounding been utilized I doubt the girl would have felt the shock in her ears.

While a tested, reliable disaster recovery plan will allow you to sleep at night, preventing the disaster in the first place is what you should shoot for.  That starts with planning.

From your building security to network security, right down to protecting your infrastructure from mother nature, accounting for every contingency is paramount.

Truth told, there are seldom good surprises in business.  Mitigating the surprises with proper planning can prevent poor performance.  Asking “what if” is key to any plan.  Weighing cost vs. probability allows anyone with some business acumen to make sound decisions without breaking the bank. Understanding the risks, are the starting point.

 

-Best

 

I want a good deal! #Rapidprint #Widmer

I want a good deal! #Rapidprint #Widmer

I want a good deal! #Rapidprint #Widmer

TimeDok Logo
WWW.TimeDok.Com

How many time have you yourself searched and searched online to find the best deal?

We are all guilty of looking for the best deal and if we can save a few dollars, we are all for it. How could you not be?

The truth of the matter is, the best deal is not always the best deal.

I submit to you “Radio Shack.”

Why has Radio Shack become the latest victim to go by the wayside?

What is its competition?

As far as small components are involved they have little competition, most probably a small percentage of folks order direct from China however there are very few specialty electronic stores who specialize in small electronic components.

radio_shack_store

Fry’s electronics being one of the largest.

Small hand held or other consumer grade electronics would also be Fry’s, Best Buy, and to some extent Wall-mart to name a few.

Cell Phones have way too much competition including the carriers themselves.

Radio Shack indeed has survived past its time with all of the competition and one has to wonder how much of it actually comes from China direct.

On-line sources such as Amazon and eBay are probably responsible for more than just a few dollars going away from the retail giants here in the states and I would imagine that we will soon see legislation introduced by someone in the pocket of the large retail chains to levy heavy taxes on imports from China by way of eBay and other online partners.

ebay_logo
eBay Logo

While the “Walmart Effect” took out the mom and pop shops all across America other big box stores will put the nail in the coffin of the smaller stores who try and sell consumer electronics.

WalMart
WalMart Electronics Department

As a business Owner; I sell and service a device that is made lock stock and barrel here in the USA.  Because these two companies that I represent have not farmed their stuff out overseas the prices are higher than what you would expect.  The interesting thing though is that these devices last for over 10 years and even with abuse can usually be resurrected and sent back into to the office for another 10 years.

productline1ad
Full Rapidprint line of file mark machines.
t3led-127x153
Widmer T-LED 3 Time Stamp File Mark machine
Widmer Check Signing Machine  300 checks in about a minute.
Widmer Check Signing Machine 300 checks in about a minute.

One interesting aspect of this is there are Internet companies that sell a plethora of equipment including my two lines and they depend upon volume to make ends meet.  Doing so, they sell with little markup and make it tough on the little guys to compete as we don’t do volume. Basically what WalMart does.

While my prices are competitive, I am not the cheapest.  I provide something that most internet companies do not however, I provide service.  That is service after the sale!

http://www.timedok.com/gallery.html

Many companies find me after they have had an unpleasant experience with one of my competitors and I earn their business as well.  While I may not have made the original sale I get their subsequent business because I stepped up and actually lost money doing a warrantee repair for their customer!

bad_wiring-405x294
Electrical tape has no place in these machines.

My point to all of this is simply don’t look for the cheapest, look for the best.

I build relationships with all of my clients and work hard to keep them. I must however turn a profit to stay in business.

There are times I feel like one of the last American business hold outs as I have managed to stay in business while many of my competitors are going or have gone by the wayside.

The technology involved is over 30 years old.  Very few know how to repair these things as there are so many variables that must be taken into account when they are disassembled and re-assembled after the cleaning process that one missed step will cause the machine to not perform accurately.

There are no shortcuts.  They might use a Band-Aid of sorts, but it is a shortcut and will not last.

There is an air-conditioning advertisement on the radio here in North Texas.  They de-bunk the outrageous prices the other guys offer and then tell you to call the other guy first, check out their prices and then call them.  Honesty above reproach.

I don’t know if that commercial is gaining traction, but it caught my attention as that is the way I do business.

Do business with the mom and pop companies, if you want them to stick around.  Small towns all across America have vacant store fronts because of retail giants and I would submit, online direct from China.

© 2015 Timedok All Rights Reserved

www.TimeDok.com

Dok at TimeDok.com

Disasters Big and Small

Disasters Big and Small

As a Disaster Recovery Specialist, I walk into many companies that are one step away from disaster.  Some of them have been living on a wing and a prayer for a long time and are absolutely oblivious to the precipice on which they are perched.

One of the largest challenges one faces in this line of work are people.  By that I mean more specifically egos.  People are threatened by someone that “knows more than they do.” 

Image

Let me tell you a secret.  This is a Jack Palance type secret, (from City Slickers) “This is the one thing” that will save your keister as well as change your attitude.

 I worked for a man who owned this business that was very successful.  I was a young guy fresh out of school and this guy saw something in me that I remember to this day. As time passed he took me under his wing and helped me knock some of the rough edges off of my “perception” of the world as it was.  He took me out one day to JC Penny and had some sales clerk measure me for a suite and then he picked out a couple of them.  We went to the shirts and he purchased a few of them right down to the shoes.  While these were not super expensive, they were not cheap and his generosity never escaped me. The only thing that he did not replace were my shorts!  Some might have taken offence to this but I am no creature of fad or style and while I would not qualify for a candidate on “what not to wear,” I did know that style was not my strong suite.  “Knowing your limitations” is good advice, but not the secret.

Later he had me take over the service manager position in one of his branches which came with a company car and credit card.  This was before the tax laws changed.  He told me to use the car as I wished and if I took it on vacation to at least “pay for some of the gas myself.”  He took me over to the office which was a good drive from the Dallas office.  He regaled me with stories of advertisement and marketing.  He told me the story of the sign with the waterfall on it by downtown Dallas.  Back then it was a Pearl Beer sign.   This man was pretty close to deaf.  He was from Georgia and his accent was still very thick.  It turns out that he was a tank commander in WWII.  He told me that the secret to survival is to “surround yourself with smart people.”  That not only applies to war, but business and oh yes, life in general.  If you want to be successful, surround yourself with people smarter than yourself and learn to humble yourself.  It is only by this step of humbling yourself will you realize the advantage of being around these people.  I have never forgotten this and to this day I still practice this.

I offer this advice to all IT people in that “you are not the end all be all.”  You cannot know it all even though you think that you do.  We become focused on what interest us and then the rest of technology passes us by.  Learn to control your ego for it is your enemy.  No doubt you have heard the phrase “you are your own worst enemy.” Think of the truth of this statement and then marry it, own it and then change it.  When someone starts talking to you about something which you think you know about and you feel that “anxiousness” start to well up inside, recognize this for what it is, you’re undoing.  Squelch the feeling, take a deep breath and listen to what this person has to say.  It may be worthy of hearing or it may be total crap. Before long this will be habit and you will have trained your ego to stand down.

One of the first steps in the DR process is an AUDIT.  In order to prepare for a disaster one has to know what one has.  This is done by an audit of the technology, how it is configured and of course managed. We look at policies and procedures and just really get into your business in a big way.  The more you work with us the more you will get out of it.  Conversely the more truculent or evasive that your staff is, the more it will cost.  This is a “by the hour” service and time is money.

Audits are never fun but necessary, in that no one is perfect.  Audits uncover the “dirt” so to speak and no one wants to acknowledge that they have dirt.  Nobody wants to look bad so they are either un-helpful or become very defensive and blame the guy before them and so forth.  No one in their right mind would welcome an IRS audit because of this.  You know that you are playing by the rules but the rules are thousands of pages long.  What if?  Individuals should budget for an accountant for this reason.  Companies should have more than one accountant “even if it is a small company” in that they can check one another. (another story for another blog)

While IT audits wont land you in front of a judge, it could have an effect on the bottom line in that deficiencies could be uncovered which could end up in with un-budgeted expenditures.  Having an up to date DR and BC plan will not only prevent this but, will keep your IT department on their toes and up to date.  A fresh set of eyes looking at how things are done contrasted against your business processes and needs, often bear fruit in that there may be a better way to do things. Personally I subscribe to “best practice” methodologies and policies.

Some companies don’t take IT seriously and look at it only as a necessary evil.  An attitude which must be changed as IT is much more than a necessary Evil.  IT is a resource which ties the entire company together.  This department is the glue that binds most departments together as well as the interface between the customer and the company.  In looking at the want ads occasionally one might notice ads for IT people with the following “PC Wizard” needed.  Really?  Does this person come from over the rainbow?  The simple facts are that some HR people are totally bereft of any ability to interview for this position and the company as a whole does not take the department very seriously.  I would liken this to the “audio visual club” at school.  Know this all you who mock them, the nerds will inherit the earth. I digress..

If you really look at the way that your technical infrastructure touches every person in your company and your customers; your attitude on this matter might change.

During the process of a disaster recovery plan, this becomes very clear in that one of the pieces of this plan is a Business Impact analysis.  It is during this process that the lights turn on in the CEO’s, or CFO’s head.  I have heard the question posed to the CIO or CFO on many occasions “why hasn’t anyone told me this?” The simple facts are that the CEO’s job is to run the company, not the IT department.  He or she depends upon the CIO to look out for the company on all things IT and a DR plan is simply one small part of it.

Simple programs like asset management and S.A.M. “software asset management” are not only not in play, but not even thought of.  How can one budget for new stuff if one has no clue what one will need down the road?  A complete Asset management program should be SOP in any company.  This program accounts for hardware from the cradle to grave.

The same is true regarding software.  Often time’s, companies pay way too much for software as it is installed by policy on computers with users who will never use it.  Users may bring in their own software and install it, leaving a liability for the company to contend with should there be a software audit and it is done by the SBA.

While there are no good surprises in business there are certainly no good surprises after an event has been suffered by a company.  A fire in the data center could take the entire company out of the marketplace for good.

Image

Fire caused by poor cable management practices.

Human error accounts for a large percentage of the events which caused companies to fail.  Doing a root cause analysis on failed companies who suffered a disaster you find that they did not value such a thing as “it will never happen to me.”  You don’t have to suffer a Sandy or Katrina type event to bring your business to its knees.  A simple mistake from some employee, working for a company without a business continuity or disaster recovery plan can ruin your day, if not your career.

It is at this time many companies wish that they had spent the money on such a plan.  Too Late… If you fail to plan you plan to fail.

You can purchase insurance which will assist with the closing of the company but, that is not the way to go out of business, with a whimper, because you failed to plan.

Updated documentation of your infrastructure otherwise known as a “living document,” should also be SOP.  IT folk absolutely do not like documentation, more specifically creating it.  There are many schools of thought on this reason, but I suspect that laziness along with a “need” to have proprietary information so they are not expendable weighs somewhere in their decision.  If the latter is your reason for not doing what is right for the company you need to re-examine your life. 

If you are taking the paycheck you owe your employer the best that you can offer.  If you managers feel like you have people in your department who are not expendable you need to address this post haste!  One rule of preventing a disaster is avoiding single points of failure; and that means people as well.

Part of disaster recovery is averting disasters to begin with!  Through solid best practices in policies and procedures, a large percentage of disasters can be negated.

One last topic on the subject that comes up from time to time.  “Do I have a legal obligation to have a DR/BC plan?

The answer is not as clear cut as one would like.  The interesting thing however from a legal perspective is that there is legal precedence whereby companies were held liable for failing to provide a more error tolerant system.  They in fact were found to be negligent and case law purports to award large sums of cash to the plaintiff.  These cases not only hold the owners of the company negligent but any and all officers of the company are liable.  Think carefully about that promotion and VP title.

While companies are apathetic towards spending the money on such a plan, doing so is not only moral, it is strategic and most likely a legal obligation.  As Billions of dollars are spent annually on technology to maintain a competitive edge “standards of care” and due diligence are required of all corporations both public and private.  Not having such a plan violates the fiduciary standard of care.

-Best to you!

staylor@guard-protect.com

www.guard-protect.com

 

Effectively communicating and succeeding as a Manager, using Speech and Non-Verbal Techniques

ImageWhen you see the word “speech” it may conjure up that heart stopping moment when we are ask to get up in front of the class, a group of peers, or perhaps in front of hundreds of people and give a talk.  Even if you are the SME (subject matter expert,) that does not make it easier to get up in front of a bunch of folks and talk.  (With lots of practice it gets easier.)

Today; that is not the topic of this particular blog.  Today I would like to address how we communicate as employers or managers to our subordinates.

I could not help but notice how some managers, “ask” their subordinates to accomplish some task.  Really? .. ASK?

If I were “asked” if I wanted to sweep the floor, or some other mundane task, my immediate response (possibly just in my head) would be “hell no!”  If I have a choice, the choice is “let someone else do it.”

If on the other hand, I am instructed to sweep the floor (not asked,) I will grab the broom and go about sweeping the floor.

My point is, not only in verbal communication do we “Weaken our speech” with seemingly innocuous phrases like “if you don’t mind, if it is ok with you, how would you feel about, when you have time to…” and the list goes on.  We in fact loose authority and run the risk of sabotaging our project, when we weaken our speech.

So when you speak as a manager, use that authority that you have been granted with that title.    Do not ask how someone would feel about this or that.  Tell them what and when you want this or that done, and do not give them the option of telling you how to run your department or business.  When they earn the title of boss, then they can tell their subordinates how they want things done, right now, it is your turn.  This of course comes with the understanding that you have done your due diligence. That you know what is going on with each part of whatever it is that you are working on; and know what each and every employee is doing.

We also do this in e-mail or other interoffice memos. The main difference with e-mail and memos is that once in writing, it is there forever, for anyone who may be copied in on it, or it gets forwarded to.

We are in fact judged by how we speak, or write.  Whether it is the politically correct thing to do or not, “we do it!”  We all do it!  Remember that old axiom “better to keep your mouth shut and people think you a fool lest you open your mouth and remove all doubt?”  Sometimes we are forced to open our mouths, so educate yourself before you reach that point.

While e-mail has become the norm as far as communication with peers and alike, many of us did not take English class too seriously, and it shows!  No time like the present to learn how to craft simple e-mails.  Once you “pen it” and hit that magic send button, you have no idea the life that it will take on, where it will go, and who all will read it.

I once authored a memo that went to a corporation of over 30,000 folks.  There was a typo in the memo (you instead of your) and while my supervisors were no literary geniuses, and took a screw-them if they can’t take a joke attitude, I was mortified. Treat e-mails and memo’s as if they are “IED’s or road side bombs with a hair trigger.”  Do not get in a hurry when writing an e-mail that may be seen by your boss, or potential boss. Spell check, read it out loud, and if you have a trusted friend, ask them to proof it.  One trick that I find that works is to print it, and read it from the paper.  I realize that on “earth week” that is probably not the most politically correct thing to say, but it is true!  I am not one for political correctness anyway; I think we have taken it way too far.  That is another topic for another blog.

When I first entered into the corporate world, which seems like yesterday; the executive dictated a letter to his secretary.  She wrote it down on a steno pad, in something called “greg shorthand” and then went about the task of typing it up.  She would then put the letter (draft) into his in box where he would read it, mark it up, make changes and then she would once again type it up.  This process could go on all day.  There was a study done once that concluded the average business letter cost about $100, back in the 70’s.

Today we have no secretary to “fix it” and make it pretty.  People from the board-room to the mail room have the same e-mail, which connects not only to everyone in the corporation, but to the outside world. We no longer write many formal letters, as e-mail, text (sms) and instant message is on our desktop.  Are you beginning to get a sense of how important that English class was that you slept through?

How many times have you read something that someone has written and found a typo, or a grammatical error?   I frequently find them in books that have reputable publicist.  What is the first thing that you do or think?  Yep, we judge them.  We either think that they are not very smart, or very clever, or we may even question where they went to school, or if they did.

“The pen is mightier than the sword” is not simply something for writers to gloat about (which they should not do, as most writers could probably not even lift a sword,) it is in fact a powerful tool.  Unfortunately, like Damocles sword it is double edged, and is indeed hanging by a thread. Be very careful and deliberate what you write; keeping the audience and secondary audiences in mind.

I heard an impressive lady the other day who said, she speaks her opinions like they are facts!  They are indeed “her facts!”  She claims that she is perceived as a bitch, and I can see that.  Is that wrong?  Should she care how she is perceived?  I for one was very impressed by her talk, and I am not easily impressed.  In management we are entrusted by our superiors to get the job done, and your employees become “your tools.” While I don’t use the phrase “tool” in the pejorative manner that we hear it used today, employees are in fact implements of and end to a means.  The manager uses the expertise of his or her employees, to reach an objective or several objectives.  If they start asking their subordinates to do this or that, their timelines may suffer as well as the project(s) as a whole.  When you give up that authority to your employees, (when you have time) you are no longer an effective manager.  Your employees usually don’t have the whole picture or the sense of commitment or urgency to the project or end goal which you do!  Clear task with authoritative language broken down into milestones and expectations set by you are mandatory, if you are to succeed as a manager.

If you think about it, you are actually leading and mentoring by example.  Employees (not just yours) watch you.  They observe more than you think, and that includes the two hour lunch, or the fact that you passed gas on your way to the bathroom.  You are held to a higher standard. It is probably not fair but it is the way of the hourly vs the salaried employee.  They are long gone by the time the managers day usually ends; but they are not there for that.

So instead of “how do you feel about coming to work on time” vs. “the office opens at 8, and I want you here.  If you can’t do that, I will find someone who can.”  Will the latter earn you the title of bitch or bastard? Who cares?  When they work for you, they play by your rules, not theirs.  If you worry about how your employees perceive you, than your are in the wrong line of work.

To be fair, if they have issues getting to work on time, you probably need to find someone else to do the job anyway.  Conversely, if you have good employees, as I have been blessed with on so many occasions, I will go out of my way to take care of them in compensation, training, bonuses etc. While there is no need to deliberately alienate your employees, they are not your friends; and you are not theirs.  At the office there is an expected decorum that must be adhered to; not only by them, but by you as well.  The phrase “it is lonely at the top is not just a phrase, but can be a way of life, at least from 8 to 5.

One last piece of advice that I will share that is a little off topic, “Never under any circumstance hire anyone that you cannot fire!” I want you to go back and read that again.  Read that until it sticks!  Make certain that you have no sacred cows working for you.  By that I simply mean, everyone; “including you” is replaceable.  If you own a company and you have certain employees that you cannot live without, change it fast!  No one should be held hostage by having to keep someone around because they are the boss’s kid, or they are the only one who knows this or that program or system; or they are “your friend!” The largest screw-up that I see constantly is that there is no documentation, anywhere on the systems, processes, key players, vendors etc.

If you want to see how survivable your business is, run a disaster recovery drill with non-key players or bring in temporary employees from a staffing firm that have the skill set, just not the experience with your company.  Then using your “living document,” re-create your business in a hot site.  If that does not go well for you, and you want to fix it, call me!  http://www.guard-protect.com

Hope this helps!

-Best to you and those that you care about!

“Offer only good to new subscribers”

“Offer only good to new subscribers”

Image

Customer loyalty used to be important to companies who offered subscriptions to whatever it was that they sold. This could be a magazine or cable TV.

How many times have you seen a cable TV ad offering the same service that you have for less money , “for new subscribers only?”

I had been with my cable TV provider for 16 years when I realized that by switching I could get faster internet, less expansive phones service with free long distance and oh yes, every premium channel offered for half the cost of what I was currently paying. This included offers that expired in 12 and 18 months but even after the promos expired, I would still be saving $100 or more.

There are other services like satellite radio. If you call up and use the magic word “cancel” you will you will transferred to “retention specialist” who has the flexibility to make you a better deal. Why don’t they offer you a better deal to begin with?

There are other subscription services that I pay for where special deals are offered to new customers, including books. Truthfully I would like the book offered but I am already a supporter / subscriber so, too bad. I would guess that if I were to call and cancel and then sign up again, I could get the book but that is rather disingenuous, not to mention a lot of trouble.

My power company on the other hand contacted me about the time my contract with them was to expire and offered me a better deal to re-sign up with them. Had I done nothing, it would have stayed with them by default so, if you want a good power company and cheaper electricity contact me via comment.

While I realize that “offer only good to new subscribers” has become the default way of doing business, I for one think that it “stinks on ice.”

-Best to you and those that you care about !