PLAN FOR THE WORST

Few situations strike fear into the hearts of small business owners like the possibility of some sort of disaster. Whether a natural disaster strikes, a critical supplier has a supply interruption, or some version of a cyberattack occurs, the key to weathering a major interruption of your business is planning.

IDENTIFY THE RISKS

The first step, at the risk of being too obvious, is to brainstorm the potential disasters you would like your plan to cover. Along with each disaster scenario you should list what the acceptable impacts are. Assign to each disaster a priority and an acceptable target time for how long the impact will take to mitigate, and how it will be mitigated. Identifying these vulnerabilities is an important step and should involve knowledge from each of the functional areas (i.e. sales, IT, manufacturing, and legal). For example, if you were dealing with a power outage and the effect on IT you may set a goal to have all computers functional and up to date within two hours after power is restored. This may require putting some data in the cloud. Or, you may decide to have a backup power source on site so that the loss of power has minimal effect on computer operations.

DATA AND COMMUNICATION

Most businesses rely heavily on computers for storing and manipulating data. As a result, there are a lot of digital assets that naturally come with a variety of software tools. Just a few examples include the following:

• The ability to create an asset inventory to maintain a current list of assets, age and where they are located.
• Store customer and order data and keep redundant back-ups in the cloud. This can be part of your hosting package.
• As added precautions, any on-site servers can be set up to download the last 24 hours of changes to physical media and stored in off-site location.
• Taking advantage of the security features that come with your hosting package can be an integral part of your recovery plan.

Whatever the plan is for disaster preparedness, it needs to be communicated throughout the organization. Thanks to the COVID pandemic, a lot of companies have experience with off-site work. Some natural disasters can have impacts that last for weeks. If that situation occurs, people in the direct line of communication should have a phone tree (both digital and printed), so they know who to contact when they have questions, or need to broadcast some information broadly. It should also have contact information for critical suppliers. If some workers need special equipment to do their jobs they may want to color code those pieces of equipment so they can quickly identify them and don’t leave them behind as they are packing up.

RESET THE ENTERPRISE

Once the disaster has passed, to have a clean relaunch, you want a plan. Designate a primary and secondary for each function. Examples might be who validates and restores data. Who will communicate to stakeholders and who will identify damages, liability, regulatory reporting and handle insurance claims. If a supplier is impacted someone will need to be in touch and plan for the ramp-up of business.

STAY READY

Once you believe you have set-up the right disaster response, you need to validate it by running mock trials. Each mock trial, say every six months or so, should be followed by a de-bugging process. What went well, or poorly and what can we do to improve the situation. Keep your outside suppliers in the loop as well. They may have considerable resources available that will make your recovery easier.

Some disastrous situations are avoidable by having a robust computer system that can identify break-in attempts, while diligent use of two factor authentication can keep hackers out of your computer, and regular back-ups can mitigate data loss. However, extreme weather events often appear quickly and randomly with a lot of force. A lot of the disaster preparedness can help for those situations as well. The biggest unknowns in these situations are where will it hit, how severe will it be, and how long will the impact linger. Although weather events create some of the same situations discussed earlier, the randomness increases the risks. So for weather events, (floods, fires, high winds) it’s best to get out of harms way as soon as the risk has been identified. This may call for a quick evacuation with an offsite meeting on-line once everybody is settled. It’s impossible to achieve 100% smooth and safe disaster response, but as we’ve shown there are a lot of things one can do to reduce the level of disruption with a bit of planning and practice.

Photo Credit: https://images.pexels.com/photos/5965211/pexels-photo-5965211.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=2

Small Business Resources welcomes questions from inquiring minds looking to improve their business outcomes using best business practices combined with available technologies. Submit any questions you would like us to explore on your behalf to contact@sbresources.com.