The best way to prepare is to create a strategic contingency plan that will keep your business operating, even if only on a reduced basis, until the damage can be repaired or the business otherwise restored. Such a contingency plan need not be very complicated or involved.

The plan should answer certain key questions:

What are the most important elements to keeping this business operating?
For some businesses, like food or hardware stores, it is a matter of having inventory available as quickly as possible. For other businesses, like professional service firms, it is a matter of being able to get the professionals together to service clients. Whatever the most important elements are for your business, figure out what you would do if a natural disaster interrupted operations. Talk to your suppliers about what they would do, and with your key employees for their car phone numbers or addresses of close relatives.

• Where would we operate?

If your store or office were damaged, you need another place to set up operations. This might be in the owner’s house, or it could be in a warehouse the company owns. The important thing here is to consider the options, and prioritize them if you have more than one choice.

• How would we communicate with each other?

In a natural disaster, especially, electricity and even telephone communications can be knocked out. Make sure you know everyone’s home phone number and all employees’ current addresses. Involve several people in the company in drawing up the contingency plan so that they are alert to the importance of communicating information about new location and hours of operation during an emergency.

• Do we have backup copies of important records?

In order for the business to be able to carry on in an alternative location, it should have access to its records. Consider what would happen if the records were destroyed or damaged by fire or flood. In today’s age of computers, it is reasonably easy to have backup records of customer and supplier lists, provided someone is charged with regularly updating files. Old paper records should be regularly moved to an offsite location; this increases the odds they will be available in an emergency.

• Do we have all the insurance we require?

As just one example, you may want to be sure you have insurance covering you for loss of business time. This could provide critical cash to enable you to re-start operations.

The key issue in putting together such a strategic plan is anticipation. The key questions raised boil down to this:

What do you need to continue operations, and how would you ensure that what you need is readily available?

It seems the young man had lost his job and I believe the young lady was also out of work or working random jobs. They were adding up the money they had and trying to figure out what to do in the long term. According to her $700 a month in rent was the real killer. She was mentioning that it is possible their situation could go on for many months. She asked if he even wanted to stay in the bay area.

I have to admit it was breaking my heart to listen to them talk. I could see it in the guy’s face. He didn’t see any options. They were going in circles because they could see no real good options. She’s talking about the future and neither of them really knows what to do about today.

Heavy sighs all around. Talking about swimming upstream. Dejected looks.

Having lived in San Francisco for quite a while I know that there are always people in this type of situation. What makes this couple different to me is that they look like a middle of the road couple who do things by the books. The economy is catching up to everybody. Even though there are reports claiming it is getting better I see a lot of people who just don’t buy it.

I feel lucky today that my complaints are about having to do the administrative work of billing my customers for my time. I have customers. That puts me miles ahead. What are they going to do?

First off, they send me an urgent notice which is a PDF attachment. This means that I need to open an attachment with no way to verify the sender. Well that violates my concepts of first line of defense against malware. The notice was about my past due bill (7 days late) and advising of termination. I submitted a response on the Sprint website pointing out that the bill I received stated my account was set for auto-pay. That should have been the end of it as I went ahead and manually paid the bill since it was clear their accounting system is a bit wacky and was not going to process the auto-pay.

A couple of days later I get a call from Sprint. They said they were calling about my complaint, but that they needed to verify my identity before they could talk to me about it. They asked for my PIN. I advised that security requires that I never give this information to somebody who initiates contact. The caller suggested I could take his employee ID, but he had no way for me to verify the number until after the call. He then asked for my date of birth. I gave the same response. He then asked for my secret question. Huh?

Now most companies are very explicit that they say they will never contact you and ask you for this type of information. Sprint on the other hand asked for 3 different pieces of this information. When I would not provide it, the rep then played the game of trying to put words in my mouth by saying “So, you’re refusing to provide the information I am requesting?” I advised that he was violating all security rules by calling and asking the questions and that Sprint was making their customers very susceptible to identity theft by getting them used to answering these questions on the phone.

Imagine what happens when the Sprint customer who is used to this behavior by Sprint gets a similar call from a bad guy. The bad guy says he is from Sprint and that there is an issue on the account. He then asks for this private information. The customer who is used to,when dealing with Sprint, going against all common sense in regards to security ends up giving out his PIN, date of birth and answer to the secret question to an unknown caller.

Sprint should be ashamed that encourage such sloppy security. Rather than try to force me to give the information, they should have listened to my response and reconsidered the security hole they are creating for each of their customers.

The name of the game is keeping the bad guys from getting close enough to make your anti-virus systems kick in. How is this accomplished? The first way is user behavior. Following these rules will keep the bad guys at bay:

• Never click on links in emails stating they are from business you interact with such as a bank or mail provider.
  • They will usually want you to download an update or update your customer files
  • These links almost never are from the company they claim to be from
• Never download unsolicited software updates
  • Recently there was a concerted attempt to get people to download new server setting to comply with changes made by your mail provider. Right. This email spam was sent out to millions of mail accounts to get the users download malware. I had a customer ask if he should install the update. Needless to say my answer was no.
  • Web sites will pop up messages that your machine has been infected. Your machine has not been infected and if it has been, the solution is not going to come from soem random web site.
• Don’t open unexpected attachments.
  • Sending attachments is a common way to get the end user to install malware.
  • Service providers should not encourage the idea of opening attachments by sending them. Billing info etc should either be imbedded in the email or you should be advised to go to the providers web site for more information.

The second way is when the bad guys have gotten a little closer. This is reflected in the setup of your machine. Users should not be administrators when on the internet. The user should only go into administrative mode when there is a specific need. Nobody likes this and the hate that end users had for the Vista UAC relfects this. Unfortunately this is one of the stronest layers of defense and it is the one most often violated by the home user. If you are not an administrator then even if you accidiently download something you shouldn’t the odds are that the install of the malware will fail. When our customers allow us to set up their systems the way we would like it is extremely rare that there are any problems. Most issues arise when a spcific user is granted administrative rights and with those rights accidentlay installs malware. While the end user is occasionally bothered by not being able to download and install the newest version of Flash or something like that at least they don’t get bothered by the inconvenience of having to rebuild an entire machine.

It took me a while to realize that this was no the case. When I did I figured the torrents must not be happening so I took a look at uTorrent to see what was up. Much to my surprise the two torrents were moving along at a combined 450 Kb which is the maximum speed I get through Comcast. found myself in the position of having more speed than I expected to have.

A little research led me to half open TCP connections. It turns out that Windows 7 removes a restriction which was found in XP and Vista. Those systems limited the number of half open connections to 10. With this restriction removed it seems my torrents are not only going faster, but they are reaching the maximum speed quicker after being initiated.

For those of you still on Windows XP or Vista you can go here: http://half-open.com/home_en.htm to download a little patcher utility to increase your half open connections to the recommended value of between 50 and 100. Enjoy.

Now instead of just having a Windows 7 test bed, I have Windows 7 acting as my primary machine. The good news is that it is behaving well. I had installed Windows 7 Ultimate 64 with some doubt as to whether or not I would like the new interface. I had heard all the good stuff about it, but I really liked the way XP behaved. Sure it was boring and old news in every way, but it worked well and didn’t get in my way.

The most difficult thing for me to get used to is the task bar. Yes it does simplify the task of seeing what all of the windows are doing, but at the same time there is a lot more movement down there. Passing over the top of the different tasks pops open previews and lingering there has windows appearing and disappearing on the desktop. A lot of things moving around.

In the end Windows 7 seems to be what it was promised to be. I have found one little gem which I will discuss later. For now I am going to play a little more to see what else it can do.