Burning it down on the way out – how can non-tech founders protect themselves?
As the title suggest, I'm writing in hopes of assistance with solving a problem that many of us "non-technical" founders face -- a technical person has all the leverage to make a lot of crummy things happen to a business overnight.
People can put trust in their team members, but let's face it -- shit happens, and when it does, it would be nice to know that the owners are going to stay the owners and the IP/code stays with the company.
What should we do that doesn't seem accusatory and scream "the sky is falling"?
SO... Non-Technical Founders: What are some techniques that you have used / seen to help with this?
Technical Founders/Tech people:
What are some things that you've thought to yourself "These idiots don't realize I can just X,Y,Z" or "If they were smart, they would/wouldn't have done X"
What about legal things? Different tools/software? Procedures?
I couldn't find any information on this topic, so anything would be useful.
6 comments
[ 2.9 ms ] story [ 23.8 ms ] threadThis is why we have contracts and lawyers. You shouldn't start up a company without first having paperwork that clearly defines who owns the company, its intellectual property and other assets. For example, who owns what percentage of the shares, what is the corporate governance structure (who are the CEO, officers and board), etc.
This applies even to a business partnership of two people.
There's a few measures you can take: 1. Daily backups of code repositories, on a computer you trust. 2. Periodic backups of the production server. 3. Check your contract agreements on IP with a proper lawyer. IP is very sensitive as a lot of techies also have side project.
But in general, trust your techies. People are reciprocal. If you start putting in more safeguards, they start putting in their own. Don't isolate them from meetings/clients, don't put too many levels of security, don't hire people to "check up" on that guy, trust the intern.
Most engineers just want to build stuff. If you let them build stuff they will be very happy and loyal.
Although I am the technical co-founder in this situation, I am protecting myself against mistakes made by senior technical staff. It would also protect to a measure against malicious action.
I certainly hope I never have a dispute with my business partner. If I did, I would try to resolve it amicably and if necessary resort to the courts. At no point would I even dream of cutting off my nose to spite my face by damaging production systems for example or deleting code. That just gives the other side ammunition at best and at worst the consequences can be very serious [0]
As others have noted, there is little you can do to stop a trusted director-level partner or employee if a switch flips and they suddenly become evil. Setting up a write-only backup system is about the best you can do... but if you're non-technical who are you going to trust to do this?
[0] https://www.theregister.co.uk/2008/12/29/terry_childs_trial/
But there are other cases you should cover against, like the techie getting run over by a bus. The first thing that comes to mind is to make sure you have an admin account and/or a recovery procedure (a master password printed on a piece of paper in a safe, access to the account’s email address to reset the password, etc.) for everything.
Everything in this case is at the very least: AWS account (including the root account to manage the bills), e-mail provider, Gsuite admin rights, whoever you brought your domain names from, Dropbox, bank/PayPal/Stripe, GitHub/BitBucket, your telco, the admin accounts on your corporate PCs, and just about all the services you use on a daily basis. The email accounts and DNS are IMO the most critical; you can retrieve a lot of stuff if you control the e-mail or the domain name. BUT this assumes the accounts were set up with a corporate email, which may not be the case if you’re a small company - probably a personal e-mail was used to register the first services, which are also the most crucial. And if the techie knows what she’s doing, she will have enabled MFA, so e-mail alone probably won’t cut it.
Just ask yourself: if the tech person dropped off the face of the earth, what would you be locked out of?