Picture this: Your company computer system crashes.

The CEO of a small company passes away, taking all of the passwords and login details to key business processes with him.

Your company computer system crashes, and without a backup you lose all of your important files and information.
Is your blood pressure going up just imagining these potential scenarios? The thing is, these types of things happen every day. I receive countless calls from clients struggling to recover passwords or access digital information that could have been easily safeguarded.
These scenarios are the result of two things: business owners forgetting passwords and key employees quitting their jobs and inadvertently taking their passwords with them. Both scenarios cause more disruption to the business than you may think.

Business Owners Forgetting Passwords

• Operational Disruptions: If a business owner forgets a critical password, this can halt key functions of the business, from accessing financial accounts to entering the company’s main operational systems. Even a brief delay can result in a loss of revenue and, in the worst case, could make clients or customers look elsewhere.
• Data Integrity: Forgetting passwords can sometimes lead to attempts at forced or unauthorized entry by well-meaning team members, which could compromise the system’s security settings and leave it vulnerable to attacks.
• Cost of Recovery: Recovering or resetting passwords isn’t just about clicking “forgot password.” In some cases, it can involve a lengthy verification process, especially for critical business systems or financial accounts. This takes time and may require external assistance, leading to additional costs.
• Security Risks: Using easily memorable passwords to mitigate forgetfulness can expose the system to attacks as these are easier for attackers to guess. Similarly, writing down passwords or storing them in insecure places can also increase risks.
• Compliance Risks: Forgetfulness could lead to failure to adhere to password rotation policies required by regulatory bodies, thereby attracting fines or penalties.

Key Employees Quitting and Taking Passwords with Them

• Intellectual Property Risk: A key employee with access to intellectual property and customer data can be a significant threat if they leave on bad terms and have passwords to these sensitive resources.
• Unauthorized Access: Even after an employee has left, they may still have access to company systems if passwords aren’t changed immediately. This could lead to unauthorized data access or manipulation, which is a critical security risk.
• Loss of Expertise: Sometimes, key employees manage complex systems, and if they leave without transferring this knowledge and corresponding passwords, it can become difficult for the business to manage or even access these systems.
• Operational Disruptions: In the worst-case scenario, a disgruntled employee might change passwords before leaving, locking out other team members and severely disrupting business operations.
• Reputational Risk: If it becomes known that an employee left your company and could still access sensitive data, this could significantly harm your reputation and the trust that clients have in your security measures.

These scenarios illustrate the importance of having a “simple” disaster recovery plan in place. Here are three ways you can change the narrative and protect your digital assets:

The 3-2-1 Approach

Have three backups, in two different locations, with one copy stored offsite. While this may seem like overkill for small companies, it offers a reliable foundation. Maintain a copy on your local machine, use cloud backups (services like Backblaze can be a game-changer), and periodically back up critical data to an external drive.

Proper Password Management

Another essential element of any simple disaster recovery plan is secure password management. Tools like Bitwarden make it easy to store passwords securely, share them with trusted team members, and generate strong, unique passwords for each account. Don’t rely on memory or sticky notes; it’s worth investing (Bitwarden has a free version) in password management tools to keep your information safe.

Exit Protocol

Have a strict exit protocol that includes revoking all access to company systems and resetting passwords that the departing employee had access to.

If you’re a business owner who is the keeper of certain important business information, as uncomfortable as it may be, you should also have a plan in place for if something unexpected happens to you. For example, I have in my will, I have a letter that’s designed to go to my CTO if I were to pass away unexpectedly. The letter includes the master password details, the location of important information, and outlines of critical business processes.

Plan for the Unexpected

The goal is simple: plan for the unexpected. What if you were hit by a bus tomorrow? Would your company keep running smoothly, or would chaos ensue? Having a plan, whether it’s a simple spreadsheet, a secure password manager, or a detailed procedure for account management, can make all the difference.

It’s not just about passwords and data; it’s about ensuring the continuity of your business, protecting your intellectual property, and preserving your memories. I like to say that disaster recovery shouldn’t be an afterthought; it’s a fundamental aspect of responsible business ownership. Don’t wait until it’s too late – take action now, and safeguard business continuity.

If you have questions about creating a simple disaster recovery plan for your business, the 14 Oranges team can help. Although we don’t provide disaster recovery plan creation services, we would be happy to connect you with one of our partners that do. Give us a call today.

Sylvain Marcotte is CEO and President of 14 Oranges.