Learning from the BP Oil Spill Disaster
Late on the evening of April 20, 2010, an explosion ripped the Deepwater Horizon oil drilling rig, owned by British Petroleum (BP), located about 50 miles southeast of Louisiana’s Gulf of Mexico coastline.
11 lives were lost. Our thoughts and prayers go out to those families as they cope with their loss. We’re deeply concerned about the current and future impact this disaster will have on our environment.
Oil made landfall on May 6, 2010 near New Harbor Island, Louisiana. It’s estimated that 210,000 gallons of oil are leaking into the Gulf of Mexico from the broken well head each day.
The companies involved, BP, Transocean Ltd. and Halliburton, Co have had to testify before Congress. They publically blamed each other causing President Obama to issue a statement about the fingerpointing. To their credit, BP has publically claimed that they “own” the problem and will take responsibility for the clean up. They maintain a dedicated site about their Gulf of Mexico response.
Learning About Incident Response Plans
What if this were your company? Do you claim that your business is “socially responsible?” How will you back that up when the time comes? There are many lessons to be learned from the BP Oil Spill Disaster presently and probably well into the future. The first thing you should ask yourself is what is the critical incident response plan for your company? Don’t be fooled into thinking that you’re too small of an organization to think about such things. For example:
- If you sell jewelry aimed at children, what if one of your components were tainted with lead? What if it presented a choking hazard?
- If you accept credit cards online, what if you or your merchant provider experiences a security breach, data loss, or hack?
- If you sell niche food goods or other consumable commodities, what if your product was contaminated through no fault of your own?
- If one of your custom web applications is hacked and your client experiences a data loss, what will you do?
- What about a natural disaster? A man-made disaster? An act of terrorism in your city?
We could list “what if’s” ad nauseum. The point we’re trying to make is this- what is your planned response to a critical incident? An incident response plan should be a part of your business continuity plan and should initiate your disaster recovery plan.
Plan Now To Avoid Disaster
Now is the time to take a good look at your business and the products/services you provide. Think about worse case scenarios and jot down potential incidents that could occur. We’re sharing a worksheet on Scribd with you to start your brainstorming. The first tab contains some definitions. The second tab contains a sample scenario to get you started.
Think about who will be on your response team. Team members typically have response plan duties similar to their everyday duties and responsibilities. Your response team will guide your company through the crisis so it is of utmost importance that you choose people wisely.
Once you and your team have listed potential scenarios, it is time to start crafting your response plan. There are several great resources online for you to take advantage of. These include:
- Homeland Security’s National Response Framework
- CDC’s Emergency Preparedness and Response Site
- FEMA’s National Incident Management System
- Ready.Gov Publications
- HHS Guidelines for Business
- OSHA’s Hazardous waste operations and emergency response regulations
- 2007 Edition of Standard on Disaster /Emergency Management and Business Continuity Programs
As you examine these resources and adapt them to your needs, you will want to be sure that both your business continuity plans and communication plans are current. Make sure you know what resources you’ll need if you have to activate your plan. And, who has the authority to activate your plan?
Bottom line – don’t wait until a disaster happens to deal with it!
Post Mortem on Securing WordPress
A couple of days ago we were hit with one of the shared hosting mass infections going around. It took us nearly 8 hours to fully recover. It was very frustrating, but it was a learning experience. Here are some of the points we now take to heart.
It’s Your Site – Own It!
Don’t depend entirely on your hosting company to secure your particular installation – even if it was done through their control panel. Once we were made aware of the issue and notified GoDaddy, they responded quickly and cleaned our installation. We’ve always appreciated their response and Wednesday’s was no exception.
There isn’t one web application that is 100% secure. The WordPress community responds quickly to fix discovered issues. However if you are going to deploy any web application over the internet, then you need to be responsible for ensuring that it is properly patched and all precautions are taken to lock it down.
Read, Research and React
If you need help, don’t be afraid to ask! There are several competent WordPress consultants available. We spent a day or so reading, diving into code, testing plugins, etc. before we felt comfortable locking down our installation. Here’s a brief synopsis of what we did:
- We changed all of our passwords: blog authors and administrators, FTP passwords, and MySQL passwords. We used a password generator to make them strong.
- We changed our WordPress secret keys.
- Had an outside firm scan our site for malware. We used Site Security Monitor. We were pleased with their quick turn around and glad to know that the GoDaddy Team removed all the malware!
- Took database backups from two different sources. First, we used the WordPress Database Backup plugin and downloaded our backup. Next, we went in through our control panel and performed a backup using phpMyAdmin.
- Conducted a security scan of our WordPress installation. For this stage, we chose the WP Security Scan plugin from Semper Fi web design. We were pretty much “in the green” except for a couple of items that were corrected by following guidelines suggested in the WordPress Codex.
- We installed WordPress exploit scanner, Antivirus for WordPress, and WordPress File Monitor. Each of these great plugins will help us be a bit more proactive.
Ongoing
In closing, we learned a great deal these past couple of days. We still believe in open source software and will continue to use and recommend WordPress. We will, however, be a bit more diligent about locking every web application down as much as possible. We monitor Secunia’s Advisories on WordPress so we can be as proactive as possible.
If you were affected by these recent attacks, we’d like to know how quickly you were able to recover. Please drop us a line (we’ll keep your information confidential) and let us know. If you need assistance, please don’t hesitate to reach out. If we can’t help you we will work with you to find someone who can.
5 Small Business Blogs We Like
We wanted to share with you the 5 Small Business Blogs that we like. Every day, between all of us, we skim through hundreds of articles. The five blogs we’re listing always have value-added content! The links we’re listing go directly to the feed, so have your reader ready!
- The Small Business United Blog - by Intuit
- Small Business Brief / Current News
- Small Business Computing News
- Today’s Small Business News from Inc.
- MintLife Blog
Feel free to comment and add your own favorite small business blog to the list!
Small Business Taxes
Yesterday the Small Business & Entrepreneurship Council published the Business Tax Index 2010. The Council looks at 16 different tax measures ranging from income, unemployment, property taxes, etc. and ranks all 50 states from best to worse. The best… South Dakota. The worst… New Jersey.
Depending on how you organized your business, there may be several tax strategies available for you and your accountant to consider. For example, some things to consider are how to reduce the amount of taxable income and/or reducing your tax rate. For those times you do have to pay taxes, controlling when those payments are made could avoid potential cash flow problems. Make sure you and your tax advisor understand what tax credits are available to you and how to properly claim those credit. Be diligent in watching for anything that might trigger the Alternative Minimum Tax rules.
Related articles by Zemanta
My Thoughts on Social Sentiment Analysis
I’ve been watching a few folks bantering back and forth about “sentiment analysis” and the like. I have to admit that it has been very hard to keep “scientific girl” under wraps and not question the rationality of the conversation.
With a background in chemistry, math, and information technology; I’ve mostly dealt with data that are absolute and measurable. The word “data” has Latin origins meaning “something given.” I have a difficult time acknowledging the measurement of human emotion by analyzing linguistics.
There are commercial software programs ($$$$$) that use various algorithms and theories in an attempt to analyze the humanity behind the written word. Most that I’ve looked at require the input of taxonomies and or ontologies, speech lexicons, and other configurations prior to analyzing word streams. Despite the extensive pre-work, I fail to see how any of these could quantitatively evaluate emotion, sarcasm, slang, or other human communication traits.
There are open source programs like UIMA and LingPipe that can be used to build frameworks for linguistic analysis. Jumping into either requires much more headspace that I care to lease out at the moment!
If you continue to watch this segment closely you will soon see a rapid emergence of companies clamoring for market share. Some offer human insights, others do not. In my opinion the best article regarding social sentiment analysis was published by Jason Falls (@JasonFalls) entitled “Why You Shouldn’t Trust Automated Sentiment Scoring.”
Don’t get me wrong: I’m not saying the people behind automated scoring aren’t working hard or helping us accomplish a difficult task easier. I am saying, however, that we need to be clear that letting a machine supply us with this particular piece of marketing intelligence is flawed. It’s not that we shouldn’t do it, but that if we do, we must understand the limitations and prioritize the intelligence accordingly.
That pretty much sums it all up! Perhaps there will be a day sometime soon when computers can truly be emotive and adaptive like HAL. But until then, we all need that human intuition and touch and I’m not sure that can be shrink-wrapped and sold.
What then is the answer for the small business owner? At this point in time if your brand (or company) isn’t yet widely recognized, it would be difficult to justify the expense of social sentiment analysis using some of the currently available commercial tools. If you’re just curious, you may want to take a look at some of these no-cost alternatives.
Small Business in Southern Indiana
I was fortunate enough to be able to attend today’s open house at the Southeast Indiana Small Business Development Center. Blayr and her team are doing a great job for our area! The first quarter 2010 results speak for volumes! I’ve listed a few here…
- 29 new businesses were started
- 308 jobs were created
- $10,631,223 change in sales was recognized
You can see for yourself the true impact of small business to our economy. Each of those businesses created about 10 jobs!
I chatted with a few of the new business owners that were showcasing their wares during the open house. I’d like to give a shout out to:
- Thorpe Woodworks – these folks produce an amazing line of wood products for your home. Some of their basketweave butcher blocks were almost too beautiful to use!
- Shady Patch Farm – definitely some homemade goodness! I tried their BBQ sauce and a couple of dip mixes. I recommend stocking up!
- Casada Creations – Nancy had some beautiful handcrafted jewelry on display. All of her pieces are very tastefully designed! You can see them for yourself on her Etsy page.
This is but a small fraction of successful small business in Southern Indiana. I’m excited to be working with the SEIBDC to take Veracity to the next level!