Death: The ultimate business continuity and disaster recovery challenge

Image of a candle on a black background - Destination Certification

Yes, today’s topic is morbid. We’re sorry for dampening your day, but it’s such an under-discussed subject that we feel like we have to push through.

Dying sucks, but it’s going to happen to all of us (probably). The circumstances and the timelines will vary, but it’s coming. We might get some notice and have time to prepare our affairs. But we could be struck down in car crashes, by aneurisms, or by premature heart attacks. The moment before, we might feel like we still have wonderful decades stretching out before us, and then in an instant, we don’t.

Our deaths will devastate those around us, especially if they come unexpectedly. The last thing any of us would want to leave to our loved ones is a complicated maze of affairs. If they are already grieving, even the slightest challenges may seem insurmountable.

But unexpected deaths can also cause major problems for organizations as well:

  • What if the deceased is the only one with knowledge of certain aspects of the company?
  • What if they were the one who maintained most of the company’s key business relationships?
  • What if they were the only one who had skills that were vital to the business’ core mission?
  • What if only they knew the passwords to certain critical accounts?

Not only could an unexpected death devastate the deceased’s colleagues, but it could also grind operations to a halt. While death is generally something we don’t like to think about, we must plan with the possibility in mind, to ensure that the business can continue to survive, even if a key employee dies unexpectedly.

There are a number of strictly business and finance related issues, which are out of our wheelhouse, so we won’t cover them in depth. But issues that sole owner and multi-owner companies may need to consider include:

  • Life insurance
  • Succession planning
  • Financing
  • The terms of the buy-sell agreement

To plan appropriately for business continuity, you need to ensure that no single owner or employee presents a single point of failure. There are many ways that things could fail after a death, but two critical weaknesses involve:

  • No one else knowing how to fill the deceased’s role.
  • No one else having access to critical information or accounts.

Thankfully, with a little planning, you can help to limit these issues and ensure that business operations continue.

Appropriate documentation for each role

One technique that can help to smooth over the untimely death of a key employee is to create documentation about the important aspects of each critical role. The necessary details of these documents will vary depending on the role. In some cases, they may just involve things like client and supplier contact information, as well as important details about the relationships.

On the IT side of things, you might want employees to document information like:

  • An overview of the role.
  • Tools and accounts that they use.
  • Important configurations, such as firewalls, web servers, DNS, routers etc..
  • Network and data flow maps.
  • Details about backups.

It’s probably best to have these documents in a form that can be shared relatively freely, so you should keep sensitive information like usernames and passwords out of them.

When all of the details are laid out neatly in a single document, it makes it far easier for the organization to pick up the pieces in the case of an untimely death. Other employees can step in and ensure that critical tasks are still conducted. These documents can also make it much easier to train a replacement.

Maintaining account access

Maintaining account access in the event of a death can be a huge challenge, especially if you are following the principle of least privilege, which is vital for reducing the impact of breaches on your organization.

Some accounts will allow you to share admin privileges between multiple users, such as WordPress and many Google products. This is useful, because you can add multiple employees to the account. If someone dies unexpectedly, other employees will still be able to access the account. The remaining employees can simply remove the admin privileges of the deceased, and add in the replacement whenever they are hired.

However, it’s important not to just make everyone an admin. This would heighten the risks associated with data breaches, because it would make it much easier for attackers to gain privileged access or for a malicious insider to cause mayhem. While planning for death is important, you need to consider the tradeoffs between security and redundancy and come up with a balance that suits the risks your company faces.

Not all accounts allow you to nominate multiple admins for the purposes of redundancy. In these cases, you will need to develop a secure technique to share access, even if the employee dies. Commercial password managers like LastPass or Bitwarden offer a range of password sharing features that can help with redundancy. They even offer access logs to help with oversight and detecting whether passwords are being shared in an unauthorized manner.

Planning for the worst, hoping it doesn’t happen

While we really hope that your organization never has to face the devastation of an untimely death, it is an unfortunate thing that can happen. Appropriate planning can help to alleviate a lot of the problems that may occur. The last thing you want is to struggle through a business disaster at a time when everyone is overwhelmed with grief.

Image of the author

Cybersecurity and privacy writer.

Would you like to receive the DestCert Weekly via email?

Your information will remain 100% private. Unsubscribe with 1 click.

Page [tcb_pagination_current_page] of [tcb_pagination_total_pages]