What to do before the lights go out

On February 17, 2017 Southern California was drenched by an epic (according to SoCal standards) storm. As any long-time resident will tell you, even a little bit of rain results in major disruptions in our otherwise sunny and mild climate. Friday’s torrential rain and high winds wreaked apocalyptic levels of chaos, including wide-spread power and internet outages. Because we also live in the land of earthquakes, wildfires and drought, Californians suffer from chronically high levels of disaster-preparedness fatigue, so when the lights went out on that Friday, a lot people were left sitting in the dark, both literally and metaphorically, as to what to do about their technology (or sudden lack thereof).

Yes, I am beating the “be prepared” drum again:

When meeting new clients (oftentimes in the exact situation depicted above), it’s not uncommon for them to have very little “hard” documentation on the technology in use at their organization. By “hard” I mean paper and digital files that outline the very basics of their technology foundation. “But Chris,” you protest, “Now that I have C2 on speed-dial, what more do I need?” As honored and pleased as we are to have your back in a disaster, and as much as it pains me to consider it, we may not always be there when you need us, which is where that technology documentation comes into play.

Every company should have the following recorded in a physical manual that is kept somewhere safe and secure, as well as a digital copy stored off premise in cloud-based storage:

1. Contact information for your TECHNOLOGY SUPPORT PROVIDER, including names, phone numbers, email addresses and mailing addresses. Staff photos may help company personnel or proxies identify authorized support providers.
2. Contact information for your INTERNET SERVICE PROVIDER, including account number, technical support phone number, type of service (a brief, layman-esque description), a picture of the physical equipment installation, and a description of the install location (basement MPOE, kitchen cabinet, Suite #, etc).
3. Contact information for your EMAIL provider if you don’t host it yourself. Provider name, support number and account number (if relevant) as well as a list of all administrator accounts (not the same as office admin), ie. people who are authorized to make changes to the account such as password changes, billing information, etc.
4. Contact information for your WEBSITE HOST and DOMAIN REGISTRAR, including login information, accounts with admin rights, and the name of the company providing the services.
5. Contact information for your BACKUP PROVIDER, including vendor name, account number/name, login information, and a list of which devices were being backed up.
6. A HARDWARE INVENTORY of all technology devices, including servers, workstations, laptops, printers and critical network equipment. Make sure you include serial numbers, make and model, and who the equipment is assigned to if relevant.
7. A SOFTWARE INVENTORY of all purchased software, including proof of purchase, activation keys, account email addresses (and passwords) and on which machines the software was installed.
8. Contact information for your PREMISE SECURITY PROVIDER, including company name, account number, account rep, and if there is a physical security infrastructure on premise, descriptions of systems, login information and a list of provider and company personnel authorized to access and/or change the listed systems.
9. Contact information for your PROPERTY MANAGER. Include contact names, numbers and email addresses, as well as after-hours contact info.
10. A brief description of how to access office space after hours (if possible), including who outside of the company may be able to provide “approved” access to office and associated spaces, such as data closets, server rooms and building MPOEs (Minimum Point of Entry).
11. A company directory of, at minimum, critical office personnel and their emergency contact information, including cell numbers, home addresses and possibly next of kin contact info as well.

While the above list is by no means complete, even the above contains highly sensitive and confidential information. When storing it physically, the data should be in a locked file cabinet with limited access, and when stored remotely, it should be encrypted and accessible by a very limited set of personnel and designated providers. If you need assistance building this very important collection of information, C2 is ready to gather and compile this information into a document we call the Technology Assets Binder (TAB), which will assist you in keeping “tabs” on all your technology.

Image courtesy of winnond at FreeDigitalPhotos.net