It is one of the most important tools for a successful small business, but most owners are too busy working to consider it. Disaster planning can mean the difference between surviving a calamity and having to shutter the doors forever.
According to the Small Business Administration, an estimated 25 percent of businesses do not reopen following a major disaster.
“It’s my belief that most people have so much on their plate when they own their own business that they just don’t have the time,” said Brian Dennis, certified continuity planner with the Kansas Small Business Development Center. “Their time is sucked up into all the other things you need to do when you are trying to make your business profitable.”
Continuity refers to the ability to continue to conduct business despite a major incident. Dennis understands first hand the importance of disaster planning. He was the owner of a chain of coffee shops in New Orleans when Hurricane Katrina struck. At the time, Dennis had 250 employees in three-dozen shops. Because he had a disaster plan in place, his businesses were up and running in less than a week. Now, Dennis shares what he learned from that experience with other entrepreneurs.
A good continuity plan looks different for every business. For a restaurant, it could be finding a way to keep your wait staff busy if a disaster happens. For a service business, it could mean making sure your business networks are not susceptible to cyber attacks. For others, it could be simply identifying alternative office space or building a relationship with the right security and cleanup companies to protect your inventory if a major storm damages your building.
Dennis says the small business community generally does not put that much effort into continuity planning because they are too caught up in the here and now.
“That’s an area that people just don’t focus on because it’s about having to sit down and think about the worst possibilities,” Dennis said.
While Dennis offers services to help businesses make continuity plans, he has some tips all small business owners should begin to think about.
Start with insurance
Make sure your policy doesn’t have any holes. If it’s important to you to ensure that payroll can be met to keep employees, then consider how long you might need that coverage in place. That kind of insurance will cost more but will save you from having to find and hire new staff once you are up and running again.
Find strategic partnerships
Business owners should think of creative ways to continue to deliver services or goods in the event of a disaster. Strategic partnerships with similar businesses may make sense. For instance, a restaurant might want to make a deal with another restaurant for servers to be able to take shifts in the event of an emergency. Think about back up office space. Or, if your business relies on a unique piece of equipment, find a competitor who would make a reciprocal agreement for using that equipment so you can fill your customers’ needs when your main space is unavailable.
When a natural disaster hits, a call to a cleanup company is a smart choice. Companies such as ServiceMaster Cleaning Services can help businesses hit by disasters like smoke, fire and water damage. Owner Kevin Nocktonick says water is the biggest physical problem businesses are likely to encounter. When a pipe breaks or bursts, it can quickly become a big disaster. ServiceMaster can assess, secure and, if necessary, remove and store salvageable business assets.
He says a contingency plan made in advance limits business disruption and Disaster Recovery the severity of any service break. However, most businesses are not prepared.
“Most think it could or would never happen for them. Those that had planned for it were repaid countless times over by not only saving lives, but the property and, in many cases, their business,” Nocktonick said.
A good contingency plan includes educating employees and having practice drills for emergency situations.
“We’ve seen situations where this happens to a business and they struggle for months on end,” Nocktonick said. “Other businesses that have a plan, the employees know what to do. When it does happen, they immediately go to the point of contact they are assigned to.”
Physical security monitoring can be another first step toward preventing a disaster and is often a smart part of a good continuity plan. Frank Padilla, recently retired sergeant in the Criminal Investigations Division of the Topeka Police Department and now owner of Guardian Security, says companies such as his can help with front line security in the event of a disaster. If a building is compromised, they will help make sure no one comes in to take advantage of the situation.
A security presence during off hours can help prevent not only a break-in or theft, but also a fire or other incident.
An often-overlooked role of a security company is to help companies deal with terminated employees. That includes escorting a terminated employee from the building in order to safeguard against any incidents.
“Security is an important part of any business, especially when you have workplace violence issues,” Padilla said.
Padilla recommends businesses also consider Crime Prevention through Environmental Design concepts to develop strategies for preventing crime. Things like general upkeep, making sure bushes are trimmed and lighting is adequate can help prevent theft disasters. An assessment of walkways and signage can also help. Padilla says many companies do not think to put physical security in their continuity plans.
“A lot of people don’t think of this until it’s too late or in the 11th hour. It’s nice to think about security because you don’t want to be scrambling through the yellow pages when the time comes,” Padilla said.
Not all data backup systems are the same, and many small businesses are unprepared for the kind of disaster that can hit when a server goes down. Jim Driggers, president of Network Technologies of Kansas, Inc. recommends that businesses incorporate both on-site and off-site data back up. On-site backup is quickest to restore, but off-site is good when equipment is destroyed or your server gets a virus.
Data backup is more complicated than simply “putting it in the cloud.” Driggers suggests small business owners consider image backups because they are easier to restore than the file-to-file back ups that many companies currently use.
“That’s old technology. They don’t Information System Contingency realize until they need it that it is a long hard process to restore a full server,” Driggers said.
For on-site backup, Driggers says the standard is to have data automatically backed up every 15 minutes. Cartridge back-up systems in the servers of clients should be swapped out five days a week. Data should also be stored off-site and encrypted with a long-term retention of at least seven years.
Driggers says random quality checks on backups are critical. Even the best back-up systems cannot tell if a file is corrupted. While off-site data storage isn’t free, it could pay off in the long run.
“It’s the best money you’ll ever spend,” Driggers said.
AOS Security Architect Mike Palitto says cyber attacks are the biggest security threat to small businesses. A cyber attack can quickly take a company down and possibly open an owner up to big liabilities for not storing information securely. All companies that use computers are at risk today.
Small businesses owners should consider two important considerations in cyber security. The first is doing businesses with larger corporations.
“When you do business with a bigger customer, you will be held to some standards to defend your network,” Palitto said.
Consider the 2013 hack of the discount chain Target. Millions of customer credit card numbers were exposed through the work of a vendor HVAC company. Even though it was the HVAC company that had the inadequate cyber security system, Target was found liable in a class action lawsuit. That means many small business owners may now find themselves having to prove the security of their computer systems before getting that contract with big business.
The second changing element of cyber security is the increase of smaller scale cyber attacks. Target had millions of customers’ data to attack, but trends show that data is being leaked in smaller amounts. That makes smaller breaches— like those that can affect a small business— potential moneymakers for hackers.
Businesses that are not required by law to secure information have generally been less vigilant and find themselves vulnerable to cryptolocker software. In these cases a hacker basically “holds hostage” the company’s information and demands a ransom to give it back. Cyber security defense and remediation has become so sophisticated, Palitto advises business owners to rely on a managed security advisor to protect their computer systems.
“It’s about identifying the threat, and putting protections and response in place to recover fully,” Palitto said.