Last week, I was prepping a snazzy video I recorded in between episodes of gorging myself on Boise, Idaho cuisine.  I had hoped to post that this week – it was a fun update to tell you all about my new video series coming up here, my new ultra-sexy newsletter format, and some other news.

I’ll get to all that juice news soon, but first things first.

Unfortunately for me, the Universe had other plans last weekend.  You’re gonna want to hear the story – get comfy and grab an adult beverage.  You’ll need it.

What To Do When the FBI Calls at 5AM

This tale begins last Friday evening, about 10PM.  I was busy whittling away on my email Inbox, after a busy week.  *Errrp – server not found*  Quickly I came to realise my server had went down.  I saw my SysAdmin was online, so I pinged him to see if he could quickly resurrect it, since I can do that myself but sometimes it takes his more tech-god-worthy intervention.

Looks like a small DDoS attack – will send you a SMS once it’s been squashed.

Slightly worrying as I’m well aware at how crippling DDoS attacks can be, even on well established sites. Unfortunately, this is a weakness of the Internet that is not new.  It started to get late, and my SysAdmin seemed hurried, so I thought, well – we’ve had a good traffic week, and nothing major on for the weekend so I’ll just leave it for the night.

Sadly, my poor wee SysAdmin was in the midst of dealing with a virtual meltdown of the datacentre he’s hosting folks in.  So much so, that he had to involve not only his “upline” (the major Internet Service Providers above him, but the backbone telephone company folks above that!).

Did you know that when a telephone company gets involved in a major Internet issue of these sorts, they alert their pals in the FBI?  Particularly when said attacks come from countries who aren’t exactly on everyone’s political invite-to-dinner list.  (Note: this happened even though my sites are run out of Canada.)

SysAdmin kindly got in touch with me at 5AM Saturday – I did ask him to let me know, after all – but the alert wasn’t a “all clear” but more of a “Oh Sh!T” moment.  He had some questions for me courtesy of the FBI Cybercrime Unit, curious if I had been threatened, blackmailed, or otherwise recently.  I didn’t know at the time (half asleep), but this attack was serious, and they didn’t know who the target was.

Fast Forward to Sunday, and things are finally starting to improve.  After several failed attempts to stem the flow of data disaster, the person who was the target was identified.  They were kicked off the data centre, shut down, and the rest of us affected moved to safe ground (new IP addresses).

Despite having worked for over a decade in the world of software and well versed in damage control and disaster planning, this whole episode left me feeling a bit victimized and downright vulnerable.

Breaking News:  You Don’t Own The Internet

One thing that I try to advise my clients time and time again: many of the virtual platforms you use, you don’t own. Classic examples:

  • Your hosting provider has terms of service that allow them to pull the plug if they think anything untoward. Guilty until proven innocent.
  • Many domain registrars, such as GoDaddy, have a similar agreement.  GoDaddy’s is very extensive – for example, if they think you’re being a bit spammy about your email newsletter from one of their domains and they find out about it, Zap.
  • Twitter, Facebook, LinkedIn: even people who aren’t doing anything naughty can get locked out.
  • As the Egyptian crises has reminded us, the government can take away the whole internet too.  (Good reading here and here.)

It’s quite possible that none of these things will ever happen to.  But what if one of them did?  What would you do? Not to seem pushy, but you might want to think about that NOW, rather than when it happens and you’re in OMFGPANICMODE.

How to Run Your Internet Business Without the Internet

Here’s the rub with running an online business – and as more and more businesses go more and more virtual, the rub gets a little…well, not so good.

  • When you had an old fashioned business and the town mayor decided to reroute traffic away from the street, which is where all your business came from, you could go and lobby.  And either stop that change, or get compensated for it and move shop.   Now, online, if the traffic stops flowing, nobody really cares.  Your problem, mate.
  • When you decided to set up shop and chose your suppliers, you negotiated a fair agreement with each of them so that you knew that you were protected.  There were handshakes!  Now, here are 500 pages of Terms of Service agreements, take it or leave it, and you waive your right for recourse, bub.
  • When you found subterfuge, foul play, or an otherwise nasty opponent, you had options.  You could get a lawyer, you could go talk to them over a cocktail and sort it out.  Now, what if you don’t know who’s the nasty opponent?  And sorry, we haven’t really got those laws right yet – check back tomorrow.

Deep Thought: Taking a step back for a minute and looking at the big picture, we’re slowly building a huge economy and a whole new generation of business owners on the back of a platform that has an awful lot of loose threads.  Scary shit, people.  Scary shit.

Takeaways

By now, you’re most likely crying into what is an empty glass. Get a refill, and let’s figure this thing out.  A few tidbits of advice for you:

  • Be Aware:  Take the time to learn more about this big bad online world we live in.  Instead of just clicking “Yes I Agree” all the time, how about you read the fine print? Could be scary and enlightening.
  • Protect Yourself: You need to be prepared for the WORST.  Make an evaluation about what you would do for every single platform were removed. Be sure you don’t have any critical files locked behind a Google Account you might get locked out of, and double-check your password reset info.  Read the terms of service on your software vendors, and if you don’t like what you see, consider an alternative.  Know what your contractual rights are, if any, when things fail.
  • Know Your Damage Control Plan:  The minute you know that your problems aren’t just a hiccup but possibly the disaster of a lifetime, you need to swing into damage control immediately.  Once you know all the potential problems with your various systems and software, write down what you’d do in a failure.
  • Make Backups of Everything:  This is easy but often overlooked.  I advise that you run backups with your host to make a daily backup of everything, but also I suggest a 2nd backup off-site.  Amazon S3’s solution is cheap and easy; WordPress folks, you can do it easy with a plugin.  With an full S3 backup, you could switch registrars and hosts fairly easily.  Don’t forget backups of things like Google Docs or your financial accounts software.

I wish I had better answers and a longer list, like these guys have good systems policies and terms of service, or these politicians support small-biz friendly Internet policies.   But I don’t right now – it’s certainly an issue I’m going to spend a lot of thought on though.

What do you think – is the Internet just fine or is there a root issue here?  What can small business owners and individuals do to protect themselves in the event of disaster?

Please send this to someone who probably could use a wake up call before their stuff goes on the fritz.

And while you’re at it, sign up for my newsletter – I’m relaunching it next month as a PDF-style magazine and OMFG it’s gonna be good.