Tag Archives: recovery

Just In Case

stockvault-journey190946

 

I’m that person. Next to you on the plane. Pulling out that safety booklet and reading it, from beginning to end. I’m that person. Listening attentively while the flight attendants go through their entire routine, from how to buckle and unbuckle your seatbelt, to the reminder to not inflate your lifejacket until you are outside the plane. Every time, I’m that person. I look around for the nearest exit and sometimes do a mental calculation of my best route there. I check in the booklet to see where my lifejacket is supposed to be and I sometimes feel about to make sure that the booklet is correct. As often as I have flown, I take the time to go through the process and remind myself of what I know and to see if there is something I have missed in the past or a new instruction that may have been added.

Sometimes I wonder if it’s a bit much. However, recently when a plane in New York City made an emergency landing, video taken by a passenger showed that many people on that plan had no idea how to operate the lifejackets and way too many of them had inflated their lifejackets while still inside the plane. This may have been related to panic during a stressful situation but, from looking around me during the pre-flight safety instruction session, it seems the bigger issue is that most passengers just don’t pay attention. There are more interesting or pressing matters that command our attention and, specifically for those who fly often, we are likely lulled into an arrogance of the familiar. We have done this many times before, we must know exactly what’s up at this point. It may be only on that rare occasion of an emergency that we realize that it is ha been so long since we paid attention to the instructions that we now have a very vague idea of what to do.

Many businesses will have a company policy, code of conduct and operations manual and include training. When a new employee starts with a company there is often some kind of onboarding process that includes either training sessions or handing over a policies and procedures manual or a combination of the two. In addition to sharing with the employee how the employee should go about doing their job, the training and manuals should also include what should be done when things go awry. These instructions should be clear, and employees must know not only what to do but also who to go to for guidance when things are not right. Employees must also know who to inform and the various levels of leadership that this information should go through. If there is no protocol, an employee will not know who to take a problem to and those who are told may not know what to do with the information. You don’t want to be that company in the news admitting that people noticed an issue early on but that the information did not make its way to the right people to manage it.

In addition to the initial training, companies should remind employees often. This can be performed in-person, in an online session or through other messaging, like posters around the company. It is dangerous and foolish to believe that employees will remember their week of training or the contents of a manual years into employment, especially during the first week at a company an employee is not yet familiar with the day to day workings of that company. When a crisis hits, you don’t want to be the person being told, “You should have known what to do. We told you during your initial training, ten years ago.” You especially don’t want to be the person asking a coworker why they can’t remember that old training – honestly, what do you remember from ten years ago?

Thinking about your business, take steps to:

  • Include in your training, what a person should do when something is wrong, who they should report to and options for anonymous reporting, in case the matter is sensitive, and an employee might fear retaliation for reporting.
  • Make sure that your training is clear and easy to understand and follow up with employees to make sure that they have understood and retained the training.
  • Have a non-retaliation policy at your company, for people who report wrongdoing and errors. This policy must be something your business takes seriously.
  • Have a disaster recovery policy that you revisit and update regularly. Make sure your employees are familiar with the policy so they know what they are responsible for doing.
  • Have important policy information displayed around the office, to remind employees what is expected of them.
  • Perform regular training updates of your employees so that you are not relying on ten-year-old memories.

It takes me only a couple of minutes to get through the safety brochure and some airlines put time and energy into creating engaging and fun pre-flight safety videos that are actually fun to watch. I hope I am never in a flight emergency situation, but I go forward knowing that if that should happen, I shall at least remember to not inflate my lifejacket while still on the plane.

Advertisements
Tagged , , , , ,

Taking Over…

a-woman-buries-her-face-in-her-hands

Last year, I visited Atlanta Airport seeking an incident report. The airport is a massive place and, after I found a very helpful airport employee, I wound up outside the emergency services offices. Fortunately, the staff was both friendly and helpful and, within minutes, the gentleman I was speaking with was asking his colleague to look up the incident in question in order to provide me with the information I needed for the next steps forward. It all seemed very easy until it wasn’t. His colleague looked at his screen and then stated that something seemed to be going on and his computer was not responding. After trying a few things without success, I was given a phone number to call and follow up. I was to get what I was looking for within the next couple of days.

I left and heard nothing for almost a month, which actually worked out for me because I was traveling a lot and would not have been able to do much with the information. When my call was finally returned, I learned that the reason it had taken so long was that the city of Atlanta had been taken down by a Ransomware attack. The day I was at the airport, was when the attack was happening! Imagine that, I was in the midst of a lot of drama and excitement and had no idea. The only story I have to tell is that I saw a blue screen of death and then it took three weeks for my call to be returned.

I will say this: if anyone is affected by a ransomware attack, my story is probably the best outcome to have. A couple of years ago I shared a story about my friend whose clients were victims of ransomware attacks where $300 to $600 was demanded of them. In that time, ransomware attacks have become more sophisticated and a lot more frequent. Cryptocurrencies have also contributed to the boom because it makes the attackers more difficult to track down. As I wrote in a piece on ransomware, the first known ransomware attack happened in 1989, where the attacker sent floppy disks to attendees at a conference. A program on that disk locked the computer on its 90th restart, demanding $189 of the user for a resolution. The Atlanta ransomware attackers demanded $52,000 (and it took over $2.5 million for the city to recover from the attack). The attackers may ask for what may seem as relatively small amounts when they attack but it adds up. In 2016, ransomware attackers made over $1 billion and that amount climbs every year. In addition to the upfront cost of the ransomware demand, often a victim has to spend a lot of time and money recovering from the attack. I mentioned before that Atlanta spent over $2.5 million and they are not alone. Ransomware damages are predicted to reach $11.5 billion this year.

As you can see from my friend’s experience and that of Atlanta, there is no victim too large or too small for an attack and so it is imperative for all of us to take steps to protect ourselves and do what we can to mitigate any damages should we be attacked.

  • The first easy step is backup, backup and then backup offline. Because I have had backups fail on me, I try to have two backups of information and itis important to make sure that your backup is separate from your computer. In this way, should your computer be attacked, your backup will be someplace else.
  • Then try to use two-factor authentication for your logins. Many applications and websites already insist on this but try to make it a habit for yourself, whether or not someone else is doing it.
  • Update your passwords regularly – yes, it’s a schlep but especially with very regular news about companies being hacked, companies that house your sensitive information and logins, it makes sense to keep changing these.
  • Be careful about opening up emails and clicking on attachments or links in those emails. I know we live in a world with way too many emails and way too little time, but think before you click. If you receive an email you are not expecting, check to make sure that it is a valid email. Just last week, I received an email from a fellow CPA and when I checked with her, it turned out that her email was hacked and was sending out malicious links. If the tone and language of the email are vague or don’t sound like the voice of the person you have dealt with in the past, double-check with the person. It doesn’t take long and can save a lot of pain.
  • Update your software. A lot of ransomware takes advantage of vulnerabilities in software and taking advantage of the fact that many people do not regularly update their software. Set your machine to update automatically, then you don’t even have to think about it.
  • If, unfortunately, you are a victim of a ransomware attack, think on it before you pay. You are dealing with criminals. Although it seems that more often ransomware attackers do restore machines after attacks (it’s better for business, apparently) it is not assured. Often people find that they have no option because they do not have a recovery plan. If you have the option of recovery, it is easier to make the decision on whether or not to take the chance of paying.

Ransomware is on the rise and so it seems that more of us are at risk than before. It is smart to take a few protective steps if only to keep you from taking weeks to return a call.

 

Tagged , , , , , ,

Even When You Don’t Want To…

9ea73231-a8e0-4d06-9589-da7f1dc5e372

Linda Kadzombe

Linda was not my friend. I was in high school, sitting in the car, in the school parking lot, with my father, waiting for my little sister to show up. She ran up, with a friend and they stood by the car, smiling and sporting matching nose rings. My father looked up and the two girls, and their matching noses, and exclaimed – “I suppose nose rings are part of the school uniform now.” That is my first significant memory of Linda, who was my sister’s friend. Along with a great group of friends, Linda and I rang in 2000 in Victoria Falls. We talked about the fact that we were both moving the United States and we promised to keep in touch with each other. This vague promise turned into a relationship that the word “friend” does not do justice. With our families far away, we checked in with each other almost every day and often the conversation started this way: “Just checking in. I’m alive.” Once, I called Linda when I stuck in a dress I had ordered online and that I was trying on. She was living in Boston and I was in New York City and yet, she was the first number I thought of dialing. We were travel buddies and talked about becoming the sweet old lady travelers that we often came across during our trips. We shared a love of European chocolate and I was a person she taught, and gave permission, to stab her with an EpiPen should the need arise.

On March 6th, I received a call that had never even drifted into my imagination. While flying back home from an epic vacation with her cousins, Linda passed away. The news was devastating; it still is. At the same time, there was a lot to do. Whether or not you have planned for death, when death happens, there is a lot that needs to be done, not only to put your loved one to rest but also to sort out your loved one’s affairs. Friends and family came together for Linda and, as we navigated various issues, we were frustrated, energized, and touched, often all at the same moment. It made me think about the importance of planning, not only for the workplace, but also for one’s personal life.

The first step is the dreaded will. No one wants to ever think about their mortality but, even when you think you have nothing, you always have enough to put in a will. At the very least, you have your wishes. Even when you think to yourself – oh, I am single, and/or I don’t have children – you still should have a will. Remember that a will is a legal document and you should be sure to comply with the law, or your will may not be accepted as binding. For instance, the rules about whether or not a handwritten will is recognized varies by state. You should also see if your financial accounts can be set up to be transferrable or payable upon death, as this will save survivors the headaches of dealing with probate court. In addition to letting people know what you want done with your stuff, you should also think about how and where you wish to be laid to rest, if that is something that is important to you.

We live in an age of paperless billing and most business being transacted through online accounts. This means that, for many of us, all our accounts have a login and information about accounts and their existence may only exist in our email accounts. To questions about what accounts and liabilities Linda might have, we could only shrug and guess. Dashlane estimates that the average user has 90 online accounts! Consider making a list of your accounts that you will keep safeguarded in a safe, or with a lawyer, if you keep your will with a lawyer. There are various ways in which to work to both safeguard your personal information and also ensure that your accounts are known and closed correctly, after passing.

If you don’t already have it, get life insurance. The policy doesn’t have to be a big one; just enough to cover the costs that may come up due to death. These include:

  • Payment of final expenses;
  • Taking care of your loved ones, if you have loved ones that depend on you;
  • Payment of debts, so that your next of kin are not on the hook for them;
  • Payment of estate taxes

It may seem horribly morbid to talk about death and it is certainly no fun to deal with the affairs of a loved one. In the midst of grief, you don’t want to deal with some of the headaches that can pop up around the administration of everything – dealing with hospitals, funteral homes, airlines or whatever. Fortunately, Linda had an amazing network of people who loved her (and some incredibly kind strangers who saved the day more than once). All worked hard to get her home and laid to rest near her family. We also were able to spend a lot of quality time with friends and family that we had long promised to spend time with you. You know how that happens – next week, next month or next summer turns into ten years. However, through it all, we had a lot of figuring out how to do something or where to find things because we had never even thought about navigating this terrain.

Take some time to think about what you have and what you want done about it. Talk to your loved ones and tell them to make plans, if they have not already. Remember that it is never too early to plan and, unfortunately, often too late.

Tagged , , , , , , ,

If Lost… Then What?

img_1715.jpg

At the end of May, I was on my way to an event, when a flash of pink on the sidewalk caught my attention. I stopped and realized that I was looking at a small square of leather. I bent down, picked it up and turned it over in my hands. It was a wallet with a MetroCard, some credit and debit cards and a driver’s license in it. I pulled out the license, looked it over, and walked over to the restaurant that was a few feet away from where I had just found the wallet. I must have made a few people nervous, staring at them and then down at the license, to see if anyone there resembled the photo. No luck. I then pulled out my phone and tried a few quick searches, online, to see if I could figure out how to contact this woman. Her name was more common than I imagined; several options came up and none appeared to be her. Yes, her license had an address on it but, the license had been issued several years earlier and people in New York City can move around quite a bit, in search of amenities such as a view, an elevator or affordable rent. As I was running late, I decided to go to my event and put my search off until later. On my way, I spotted a parked police car. I got excited, thinking that I may be able to hand over the wallet, but the excitement faded when I got close to the car and found that there was no one sitting in it.

When I got home and had more time to do so, I hunted down the woman whose wallet I had found and delivered it to her. Even if she had cancelled her cards, I am sure she was happy to get her stuff back – who knows maybe her MetroCard still had 29 days of use left on it. That experience reminded me of a time, years ago, when someone stole my handbag at the airport. I was livid that someone had invaded my space and even stood yelling, in the terminal, for the thief to just take my cash and give me back my stuff. Suffice to say, that did not happen. I did, fortunately, have a kind gentleman give me money to get the train back home. However, a few weeks later, my phone rang and it was the airport, calling to tell me that my bag had been found. They had been able to contact me because I happened to have a dry-cleaning slip in my wallet, and my phone number was on it. I was lucky that I had that slip in my bag but these two events really got me thinking about recovery plans, not just in business, in other aspects of our lives.

With a wallet, for instance, you can keep a business card in the wallet, or put a small card in your wallet with an email address and/or phone number so that, should you be unlucky enough to lose the wallet and a kind stranger picks it up, they can contact you and figure out how to get it back to you. It is an easy thing to do and could be hugely useful. It doesn’t even have to be your usual email address, if you have fears about your inbox being inundated by unwanted email, you can create an email address that you keep for moments such as this.

We never think that we will either lose our stuff or have it stolen from us but it can happen to any of us. It can be personal or it can be a business loss, such as a system crash, or theft and, in all cases, having a recovery plan will go a long way to make recovery less stressful and less expensive. If, at this very moment, you lost everything on your computer, what would you do? Does the thought give you heart palpitations because you would lose very important data, with no way of getting it back? Would you have to shell out a lot of money and spend valuable time working to try to recover everything? Would you wonder whether or not your business could survive such a loss? If this thought is a scary one to you, you should be thinking about sitting down with trusted professionals, to create and put a comprehensive protection and recovery plan in place. You should review various scenarios, even if you think it wouldn’t happen to you. Things to consider when doing this:

  • Are you backing up your data on a regular basis? Automating this process is a great way to make sure that it happens – you don’t want it to all depend on your remembering to do it.
  • Where are you keeping your backups? Do you keep a backup offsite and unconnected to your current system? You don’t want your backup corrupted, should your system go down.
  • Are you checking the integrity of your backups? It isn’t helpful to think you have been creating backups and find out, when you need the backup, that the process was not occurring.
  • Now that you have backups, do you have a recovery plan? Do you know what you are going to do should things go awry? Does your staff know? Do you have the plan in writing and in a space where it can be easily accessed? Have you trained your staff in this recovery process?

There are people who are well-trained in helping you create a backup and recovery plan and that can start with your CPA. You want someone who has experience and knowledge regarding best practices that are practical, useful and effective.

We are humans who work with technology that we have built and we must, therefore acknowledge that we are not infallible and we must therefore create, review and update our contingency plans. And that plan can never just be relying on the kindness of strangers.

Tagged , , , , , ,
Advertisements