Friday, 7 March 2008

The No.1 online Risk to your business - perhaps?

One of the most common problems that we experience with small and medium sized businesses is a self inflicted one - the problem associated with having lost every password that is required to run their business.

Lets get this straight, we are now in the internet age, the internet is now the prime marketing tool for business, and many of us still don't actually record the information that gets us into our key internet places.

Here is an all to common example of the problem....

Prospective Client: "Hi Pete, please could you sort out our web site. It was built by Fred Flintstone as a favour 3 years ago, but he's now away working on Mars, can you do some optimisation on the site to get some visitor traffic built up, and make it look a bit more modern at the same time? Also all my emails have broken so while you're at it could you come round and sort them out."

Me: "Great, love to, can you send me an email with all of the following please?
1. The FTP address, user name and password which will allow me to get into the site and make some changes.
2. (or) Log in information for your domain name registrant so we can renew it, point it to some new hosting space etc.
3. Log in information for your broken emails, so we can get them fixed up and working again." ( I always talk in numbers and bullet points now)

Prospective Client: "Oh I can't remember what those are, the person that set it up is quite difficult to find these days, hasn't returned our calls for 12 months. Can you find a way around this?"

Me: (Sounds of hair coming out), etc. etc.

Now if this has happened to you recently please don't take this personally, it happens to SO MANY people, hence the reason for this post. This is like going to your cashpoint to withdraw money but without your card or your PIN number.

So the answer is easy - please really do record everything in a safe place!

Now what about the security risk - what if someone finds it? Well....

1. They have to be looking
2. They have to care enough to want to
3. Do keep your information in a safe place, this should be as easy to keep safe as your house keys, for example.
4. Consider using some sort of basic personal encryption (No not like enigma!) to make it difficult for others to understand what its about.
5. If its a computer file then keep a second copy elsewhere, as you will become increasingly dependent on it.
6. The banks do recommend that you just entrust your PIN numbers to memory. This is of course very good advice, particularly if you just have one or two PIN numbers, but in the internet age you now need log in information for every web site you're likely to visit, every bank , credit card, utility bill, online forum, email account, web site, and so on. It is simply no longer practical to entrust all these to memory - you'd have to be Albert Einstein to do it successfully. And most of us are not are we!

So what is the cost of losing all this?
  • Well the inconvenience for one.
  • Lost business enquiries another.
  • However there is a down to earth financial cost too, as if your new web developer can't get into your old site to upgrade it (assuming it is worth upgrading anyway), then you have little choice but to pay for a complete new one. This may be a blessing in disguise with many old web sites no longer fit for purpose, but its usually a bitter pill to swallow when you get a bill for a few thousand pounds, just because you forgot to record your details in a safe place.
This is probably about enough on this topic, but just by way of a small finishing salvo, I propose that lost password information is potentially the No. 1 self imposed business risk by small business today. Well maybe anyway!