This week, we’re going to talk about preparedness from a slightly different angle that’s widely accepted in business circles—business continuity plans. Whether you own a business or not, everyone has the “business of running your household.”
This has been front and center for me for the last couple of weeks because of a rash of hacker attacks on business websites and an upcoming presentation I’m doing on this very topic for a Fortune 50 company.
In short, many businesses have assessed the biggest threats that they face and have developed plans so that if those threats happen, they won’t go out of business. What kinds of threats?
1. Natural disasters like hurricanes, tornadoes, flooding, wildfire, etc.
2. Manmade disasters like terrorist attacks.
3. Disruptions in the banking system, including the ability to get paid by customers and the ability to pay suppliers/vendors.
4. Interruptions of key supplies from suppliers. Specifically, disasters knocking out key suppliers.
5. Electrical blackouts/brownouts.
6. Bad flu seasons, pandemics, and bio attacks.
8. Computer breakdowns.
9. Hackers & Viruses.
10. Death or disability of a key employee.
This list isn’t complete, but it should sound similar to the threats that you’re considering for yourself personally.
You may think that business continuity plans don’t affect you, but they do if you’re in one of these three groups:
1. Business owner.
2. Employee of a business.
3. You depend on a business for food, water, fuel, medication, etc.
In other words, business continuity affects everyone…ESPECIALLY retirees or anyone else who depend on an outside source for income, doesn’t have savings, has little money for preparedness, and depends on stores having food and/or necessary medication available to buy on a continual basis.
It becomes more obvious when you look at your household as if it were a business. You have suppliers and vendors that you use on a regular basis, as well as “customers” who pay you for the work you’re doing now or for work that you’ve done in the past.
At a minimum, businesses are negatively affected when these disasters happen, and in many cases they never recover fully, if at all. Statistics vary widely, but it’s generally accepted that the majority of businesses that don’t have a continuity plan in place will fail if they’re struck by a disaster. That’s why it’s important that you know whether or not the companies that you work for and/or deal with have a continuity plan in place and that you plan on them not being around after a disaster if they don’t.
One of the big differentiators of companies that DO survive disasters is whether or not they have a plan in place, but just like with personal disaster plans, the best intentions don’t get them done. Here are some of the common obstacles:
1. Business owners have to be somewhat optimistic to go into business. This makes them discount risks and the effect that disasters might have on their business.
2. The chance of any single disaster happening is very slim. But when you add up all of the slim percentages of various disasters happening, there’s a good chance that most businesses will be impacted by disaster. Business owners tend to focus on how unlikely individual disasters are rather than how likely it is that they’ll be affected by ANY disaster.
3. Idle money looks bad on balance sheets. When companies spend money on a backup generator, it means they’ve got money sitting idle…money that they could have paid to the owners or spent on inventory that they could have sold at a profit. When they spend money on offsite data backup, it doesn’t make them ANY money…it only helps prevent the loss of money in the event of a disaster.
4. Just-In-Time is more profitable than stocking a large inventory. When companies borrow money for inventory—and all companies borrow money for inventory, whether it is in the form of a loan or in the form of not paying the owners—they’d like to have as little excess inventory as possible. Ideally, they’d run out of inventory just as the truck was backing up with more inventory. And, yes, all businesses have inventory as well…even CPAs and other professionals, but in their case, their “inventory” is in the form of their time and the time of their employees.
5. Many businesses are in survival mode during good times. Even though these struggling businesses are the ones most likely to be put out of business by a disaster, they seldom have the time or resources to take the necessary steps to plan for a disaster.
So, what do you do? It depends on whether you are addressing the concerns of a business owner, employee, or someone running the business of your household. Here are some quick tips for all 3:
For business owners:
1. Do offsite backups of your computers. I like mozy.com, but there are several options now. If you have a server, consider using a RAID array so that any single hard drive failure won’t knock out all of your local data. I personally used Mozy in April when my computer died to recover all of my documents, videos, pictures, etc. I have also had a couple of server hard drives die over the last decade or so and having RAID arrays in place made it so that I only had MINUTES of downtime in the middle of the night while the faulty drive was replaced instead of days, weeks, or months of lost income.
2. Use anti-virus software and scan your computers regularly. Don’t JUST scan your computer when it starts acting strange. There’s a new Trojan malware that actually wipes out other malware on your computer so that you won’t have any reason to scan your PC. As of last week, it was estimated that over 2 million computers have this malware and don’t even know it. At some point, the Trojans will be activated and used for a nefarious purpose, but for now they just sit idle like terrorist sleeper cells. I change anti virus software quite often because of how frequently hackers evolve, but I like Microsoft Security Essentials right now.
3. Use different usernames and passwords for EVERY login. Roboform and LastPass are two good ones that will let you sync your logins between computers, phones, and tablets. Your logins will be protected by a master password, so even if someone gets your phone, they won’t have your password. In fact, on my phone, I’ve got a password for the phone, a password to open Roboform, and a 3rd (strong) password that’s required to actually see any data.
4. Don’t let employees (or yourself) use public wifi locations unless they’re using a VPN (virtual private network) to encrypt and protect data.
5. Get procedures manuals in place for all of your key employees. What to I mean by “key”? Anyone who, if they were to get hit by a bus tomorrow, would have a serious long term impact on your business. Have them start by writing down everything they do on a daily/weekly/monthly basis. Then have them start writing down, step by step, how they do it. Then cross-train employees using only the procedures manual. If there are questions, make sure they’re answered in written form in the procedures manual and NOT verbally.
Many banks go so far as to require mandatory two week vacations for all employees. Why? There’s two major reasons…first, to make sure that the bank has redundancies in place to survive any single employee leaving. Second, two weeks is generally considered a long enough period of time to uncover embezzling and other illegal activities that an employee could cover up if they were working all the time.
6. Find backup suppliers and develop relationships with them.
7. Figure out multiple ways to accept payment from customers. Backup merchant accounts, paper credit-card forms, systems for accepting cash/silver/etc., or even PayPal.
8. Insurance. If you can afford it and the risk makes sense, get it.
9. Take half a day, and write down the top threats that your business faces and what your response would be if those events happened. Do it with key people in your company if it makes sense. Then, focus on the common responses and take any actions necessary to make sure that you have everything you need in place to execute those responses.
10. Keep in mind that a company with a “perfect” disaster plan is probably wasting a lot of resources. Continuity planning is a continual balance between optimal short term profitability and long term stability and you’ll have to make your own decision about which end of the spectrum you want to be on.
11. Most importantly, get yourself prepared personally and suggest that your employees get themselves and their families get prepared for disasters.
This list isn’t complete by ANY means…but it has punch list items that most businesses can implement within the next 24 hours and gain at least SOME resiliency against disasters.
1. If your company doesn’t have the above mentioned steps in place, suggest that they do so and/or help them do so.
2. Consider adopting some of the same data protection measures that businesses do.
3. If possible, put cash aside for a time when your company may not be able to pay you because of a breakdown in electronic banking, going out of business, or have other issues.
4. Don’t depend on your employer to always be there…get yourself and your family prepared for disasters.
5. If your company doesn’t take continuity planning seriously, consider what you could do in the event of different disasters to help them keep their doors open and operational. It may mean the difference between getting paid or not getting paid.
6. If you have a job that you can do from home, figure out what you would need to do if there was a 20-30 day lock down of your town from a pandemic or bio attack to be able to keep working. In other words, if you leave your computer at the office, do you have a way to log in? Are you able to take an encrypted USB drive home with your current projects on it?
And for everyone:
1. To the extent that you can, store up as much of the “stuff” that you use on a daily basis.
2. Look for alternate/backup suppliers for anything that’s life-sustaining.
It’s especially helpful if you look at the business of running your house through the lens of business continuity planning.
3. Back up and protect your data, including logins.
4. Run disaster drills when possible…pretend you’re a week into a disaster, your fridge is completely empty and warm and you’re living on your emergency food, purifying any water you drink, dealing with any human waste you generate, and regulating the temperature in your house without help from the electrical company or gas company. Run the drills, evaluate your results, and adjust as necessary.
As a note on this, as odd as it sounds, it’s easier for me to do 72 hours in the woods with my backpack than it is to do 72 hours in my home with no utilities. It may be because I expect everything to work at home and I expect to rough it in the woods…I’m not quite sure, but I’d love to hear from you if you have similar experiences.
Let me know your thoughts on this…whether you own a business or work for one, does it have a continuity plan in place? If not, what steps are you going to take to protect yourself from their demise after a disaster?
Until next week, God bless and stay safe.