Preparedness - probably not something often thought about by many, unless you are a boy scout. Of course, when you start thinking about it, you likely have a smoke detector at home, maybe one at the office. Maybe you also have a fire extinguisher hanging on the wall near the water cooler - has it been tested? Does anyone know how to use it? Does everyone? Do you have a designated employee with a certificate in first aid?
The recent events in Japan - a 9.0 magnitude earthquake, subsequent tsunami and ensuing nuclear emergency has brought to light the need for both personal preparedness and disaster planning for your business. Planning out the steps to maintaining business continuity when the unforeseen happens is not as simple as it may seem, but with a little research and some preparation ahead of time, having a plan may be worth it's weight in gold should the need arise
Not All Disasters Are Created Equal
What constitutes a disaster? Well, in this context the term disaster is going to encompass any event that can interrupt regular business operation. A fire, a broken water main, a viral outbreak, in fact one of the first steps in your planning is to identify all the possible scenarios so you can develop a plan that covers most if not all contingencies. Things to think about are local factors, such as geography (floods, fires, earthquakes, mudslides) and local hazards (chemical plants, power stations, refineries) and weather (heat waves, ice storms, tornadoes). You may also want to consider human activity, civil unrest, terrorism, and so on. Those are the big events, things causing local or regional issues that can interrupt your business. Now narrow things down to events within your business, a wayward car in your lobby, an electrical fire in the closet, bad shrimp at a company brunch. Once you have a good idea of all the things that can throw a wrench in the works, you can start to develop a plan to counter all those possibilities.
In much of the disaster planning documentation I have read - there is one thing I don't hear enough of and that's the human cost. Save the people first - people are more important than anything else, put their safety first. The first part of your plan should be about what the staff should do, egress plans should they need to exit the building, rally points for them to gather in to make it easier to get head counts and manifests and seating maps to assist first responders in locating those who may be missing. Delegate responsibilities, if the building has to get evacuated, who is to grab the critical papers from the safe? Where is the latest backup tape? Should any equipment be shutdown gracefully?
Keeping the Lamps Lit
How are you going to continue to serve your customers, possibly in a reduced capacity, when you have limited resources and perhaps no brick and mortar location? What is your tolerance for lost days - do you need to be up and running in 24 hours, 3 days, a week? Do you have any spare equipment (servers etc.) set aside at another location that can be brought online to take over. There are organizations like Sungard, who operate Availability Services, and can provide work space for your staff, as well as equipment. Not everyone likes or can afford this option though. For most of us, the key components are a TAM file server, workstations and/or a terminal server and working phone lines. You may also need a domain controller, printer, a SQL server etc. This is definitely an area where Virtualization can really shine - a single VMware or Xen Server can, in a pinch run all your essential services. The downside is having to budget for a server that sits around and does nothing and with any luck, never will. If you have multiple offices that are geographically dispersed, you can setup a DR data center at one of them and even have the spare servers put to some use. There is also the task of re-routing phone calls, if you cannot call forward, or otherwise route the calls to another location, your telco can likely help.
There is definitely much to think about and getting the plan drawn up will take some time and when it's all said and done you can pat yourself on the back and hope you never have to use it. You should, however, pull it out once a year and review it to see if anything in your business has changed significantly enough to warrant a revision of the plan. It would also be wise to ensure there are multiple copies in the hand of key individuals and at least one off-site.
Where to get more info:
I follow @Get_Prepared on twitter, the companion to http://www.getprepared.gc.ca/ (Canadian)
FEMA in the US http://www.fema.gov/
http://www.sungardas.com DRP services
Also your local TV and radio news
Now before you cast aside the idea of getting involved in any kind of social networking, take a minute to comprehend that what in one hand can be a time-waster and security nightmare you try so hard to keep your users away from, can on the other hand be a powerful business tool when handled properly. Consider this - Twitter has over 190 million users, Facebook over 400 million - can you really afford to ignore an audience of that size?
Facebook, Twitter and LinkedIn are powerful Internet tools that cost nothing to leverage and can put you in touch with a much larger client base that an ad in the local paper. These technologies can also interact with each other, your blog and your website and doing so really starts to bring things together.
The media industry really gets this and is very engaged in Social Networking, but you also see many other industries catching on. The automobile manufacturers are making good use, textiles, fashion, fast-food, you name it. If you take some time to look, you will also notice a fairly strong presence from the Insurance industry, and it’s growing. The simple fact is, there is a growing population of customers and potential customers who look to connect through these channels.
While integrating these services with your website is a “nice-to-have” - it’s not critical, each can be leveraged in a standalone manner. You can also cross-integrate things like Twitter and Facebook.
The only caveat I would bring your attention to, is the same one that goes for your website and blog - be mindful of the content you post.
Sprechen Zie Blog?
Although your first reaction might be ‘Why would I want a blog on my website?’, a better question is likely ‘Why wouldn’t you?’. You have yourself a well-designed and functioning site, you have done your due diligence with respect to Search Engine Optimization and you are keeping tabs on your site with some statistical analysis, these are all good things, but a blog can be a very nice addition.
From a business perspective, a blog is an easy way to reach out to your clients and visitors and provide up-to-date information on things that may affect them. It provides your site with dynamic content that is useful and interesting, and also is a means to drive both new and repeat traffic to your door. You do not have to be James Joyce to write a blog, entries can be short and to the point and should be written like a newspaper - in very plain English. Content can highlight industry changes, your company’s activities in the community, or provide tips to homeowners like how cleaning your gutters prevent ice dams in winter.
Adding a blog to your site does not need to be a technical nightmare - if you have an in-house web server and the expertise, then deploying WordPress is not much of a chore. If that is too much of a technical undertaking, you can rely on a hosted solution - www.blogger.com and wordpress.com are both free and a decent web designer can integrate these solutions into your site quite easily.
I really cannot stress enough how big of a bang-for-the-buck a blog can be. The only caveats are - be careful what you put in print, have your entries proofread before you publish to avoid any embarrassment or damage to reputation; and for those hosting their own, stay on top of the blogging application updates and patches.
Another aspect of blogging I wanted to touch on, even if you don’t want any kind of blog on your site at all - you may be able to contribute to other blogs. In return for your content, perhaps you could throw a link back to your own site in your posts. Something like that could even be done here on AU or over at the ASCNet Community, the drawback to the latter being that it’s not accessible to the public, so the traffic bonus could be limited, but it does all depend on your intended audience.
The folks at Google have been nice enough to create a checklist to help you secure your system - it's mostly a collection of best practices known to those in information security, but maybe less obvious to the general user populace. Either way, it would be beneficial for any GMail user to work through the checklist and tighten up their defenses.
Now that we have your site up and we have taken some baby steps toward getting some visitors to your site, it’s time to manage and analyze the site. As luck would have it, there are plenty of tools for just these things and better yet, these tools are free.
There is an entire toolbox at your disposal at http://www.google.com/webmasters/
The first of these useful items are the webmaster tools which can do site diagnostics and basically give you an indication of how the site is working, which search terms are bringing people to your site and even show you if malware has been found on your site. Overall site performance (page load times) are also indexed and graphed.
The other tool is Google Analytics, which does require you to add a snippet of code to your pages, but the statistics gathered are very useful. Analytics gives you tremendous insight into your visitors, how they are getting to your site, how long they stay and what they view. With this data in hand you can hone your site, tailor it to suit your visitors needs and maximize it’s potential. You can also set “goals” - pages you want visited or actions you want performed (like filling out a request for quotation) and tune your site to funnel visitors toward those goals more effectively.
This is all very Google-centric and there now appears to be similar tools for Bing - but it is probably a better idea to tackle the Google side first due to it’s dominance in the search market. If you feel ambitious, look into doing something similar with Bing and Yahoo!
This is not a set and forget kind of thing, you should expect to check back frequently to monitor how your site is doing. You can also have Analytics send you scheduled emails to save you from visiting the site. It also not a bad idea to do the malware check regularly - it’s not always readily apparent to the site owner when your been compromised. All in all these free tools can help you or your webmaster really tune-up your site and give you far more information that just page hits.
Bringing in the Traffic
In part one of the series, I talked about getting a site and doing it right. Now what? Well if you have a site and you are content with the form and function, it is likely a good time to find ways to become noticed and drive traffic to your site. While I often suggest using other media to announce your web presence - print, radio, etc. - today I'm sticking just to using the web and the ever-present search engine. One of the main goals for your site is to have a good page ranking - this means being listed in the top results when a potential client does a search using keywords that relate to your business. This general process is known as Search Engine Optimization - SEO, which is equal parts science and art. There is also no lack of people claiming to be SEO experts and will gladly take your money and deliver questionable results - take due care.
First your site needs a little prep work, you need to take care of three things right off the bat - your Meta Tags, SiteMap and robots.txt. All these might be something your web developer will take care of (and they should); but it does not hurt to know what they are all about.
Meta Tags are pieces of HTML code - hidden to the casual observer - that hint to the search engines what your site is all about. These hints help your site get properly indexed, so when someone does a search for “antique watch insurance southern Ohio” your site gets listed, preferably on the first page of results. The two key meta tags for this are called description and keywords - the first is a brief description of your site or that particular page, the latter is a collection of keywords that relate to the content, essentially these are the search words that should bring a potential client to your doorstep. Here is what they look like in the page source code: http://www.w3schools.com/tags/tag_meta.asp
A sitemap is an xml file - sitemap.xml, that resides at the document root on the webserver - it is a file that search engines can use to understand the layout and content of your site - it is a guide or map that crawlers refer to. Since many websites have dynamic content, a good sitemap helps to reveal that content and the sites true hierarchy which would otherwise be hidden from the crawler and therefore not indexed. Sitemaps do not have to be handcrafted, there are free generators available to simplify the task - http://www.xml-sitemaps.com/
Finally, robots.txt; now that you want to entice the various web crawlers, spiders and bots to come for a visit, you may also want them to play nice and index that which you want indexed and possibly ignore other content. The robots.txt file gives them basic instruction on what part of the site is okay to crawl and what is off limits. Keep in mind - not all crawlers are respectable and they can ignore robots.txt - dealing with them is a whole other story though. Again this file goes into your web document root directory. Using robots.txt is not a security measure and does not ensure the privacy of content and should not be used with that goal in mind. More info - http://www.robotstxt.org/robotstxt.html
With those items taken care of, now it’s time to submit your site to some major search engines. This is basically the process of alerting the various search engines to your site’s existence by submitting the URL to their various services:
Do not expect instant results, but your site will be crawled and indexed, and good formatting and content along with proper meta tags, sitemaps and a robots.txt should help your page ranking. That about wraps things up, I hope you can put some of this to good use on your site.
The Working Web
I'm going to do a series on leveraging web technologies to compliment your marketing strategies, promote your products and services, and communicate with your clients.
It all starts with your website - which for some is merely a billboard or worse yet, a business card - those days are far behind us now. Today your website is a huge part of your branding effort and is the center of your marketing universe. Many people claim to be web designers, but many of them have precious little understanding of branding, worse yet, some may not have a good understanding of web foundations like HTML, CSS, server-side scripting, browser support and security. I cannot stress enough the importance of getting good people to design or update your site. A template-based site slapped together on some WYSIWYG editor will get you on the 'Net quickly, but cheap is obvious, even to the layman and that is not the first impression you want to be giving your visitors.
There is no question, that in this industry a website is a necessity - and any business website needs both aesthetics and function. If you do not have a site, it's time to analyze the business need for one and if you have a site, review it and determine if it is doing everything you want it to be doing.
As for the mechanics and technology - you can host the site internally if you have the infrastructure to support it, or you can choose to use the multitude of external hosting options out there. I would recommend using a quality hosting company, but that could be a local ISP or a large outfit like 1&1.
A couple recommendations - if you don't know where to start:
Carve Design - a studio specializing in brand development
Kelly King Design - Kelly specializes in launching working brands
In Part 2 - I will be talking about some free tools every website should consider deploying.
Most businesses still rely on the venerable tape drive and tape media for backup and archiving, but what is your strategy for those tapes when not in the drive? Bare minimum is to rotate tapes offsite to prevent a building fire or other disaster from wiping out all your data. Some people will take them to their personal residence, but there are also storage services that will pickup and drop-off tapes according to a set schedule and even securely store multiple copies - perhaps monthly and yearly archives, for a fee.
Some popular rotation techniques:
Also remember to test your backup by doing a full restore periodically - the tapes are not going to do you any good in an emergency if the data is not there as expected.
Reminds me of a joke -
Q: Why don't cannibals eat clowns?
A: They taste funny.
Of course, this entry is not about cannibals, clowns or peculiar appetites - it's about what to do when you find a suspicious file on a machine, especially if that machine has been acting strangely and you think something untoward might be afoot. Locally installed antivirus not giving you any hints? Well, if you have isolated a suspicious file or two here is what to do - visit http://www.virustotal.com and upload your funky files - let their service scan those files with 40 some-odd AV engines. This will give you two things:
1) usually an answer as to what that file may be
2) the creeps, because you will soon realize just how poor AV detection rates are!
While VirusTotal is not going to clean anything up for you, it will let you know whether or not you need to pull your wonky host off the network and start cleaning, or as is the considered best practice these days - re-imaging.
For the second time, I have run into a snag upgrading PHP, and Apache 2.x due to an Apache Portable Runtime dependency. It's a bit of an annoying snag, that on FreeBSD at least (if you are one who uses ports) requires some fancy footwork.
According to /usr/ports/UPDATING you need to:
pkg_delete -f apache-2.\*
portupgrade -f -o devel/apr1 devel/apr
reinstall apache port
I know this is fairly technical for the AU blog - but just in case anyone is running Apache for their web server, it's good to know.