• Emergency planning: protect your business

    • A significant proportion of businesses fail to reopen after a major emergency
    • Companies can minimise the disruption by formalising emergency and contingency plans and carrying out risk assessment on their premises
    • With almost half of British firms admitting they’ve been affected by a cyber attack or data breach in the past 12 months, SMEs need back up on a daily basis

    Keep staff safe and ensure your business can get back on its feet as soon as possible following flood, fire – or even a terrorist attack.

    From terrorist and cyber attacks to fires and extreme weather, the world today faces a host of threats that have the potential to damage your business.

    And while the chances of being affected by any of these factors may be relatively rare, their impact can be devastating.

    “A significant proportion of businesses do not reopen after a major emergency,” says Peter Nicholls, senior safety, health and environment consultant at Mentor. “Traditionally, this may have been a fire or flood, but it could now be large data loss, cyber attack, terrorist attack or an extreme weather incident.”

    So what should firms do to protect themselves against such threats and limit the extent of any losses or disruption? Nicholls says there has long been a requirement in law for businesses to plan for emergencies. “This is not only a legal requirement but also makes good business sense,” he adds.

    “Your starting point may be to identify the main products and services that your business delivers. This might seem obvious but you need to know what these are and also what activities and resources are supporting the products and services.”

    Nicholls says this key information can help you identify alternative products, suppliers, services and ways to keep your staff productive when problems arise.

    Prioritise staff safety

    In terms of physical emergencies, such as flooding, fire or other real-world issues, he adds: “The first priority is to get all your staff, customers and anybody else out of the building and to safety. This can only be done efficiently if a plan is in place and it has been practised.”

    Businesses should ensure one or more staff has responsibility for raising the alarm, and that everyone knows where emergency exits are. “Think about how you leave the building safe for the emergency services and minimise the damage and reduce the recovery time. You will also need to account for everyone once you are out.”

    Businesses should have fire risk assessments carried out on their premises, Nicholls adds, and it also makes sense to check flood risk (the government has a postcode checker here, and you can download a Business Flood Plan from the Environment Agency here.


    Cyber threats often overlooked

    While terrorism and extreme weather are more likely to make the news headlines, businesses in the UK are at least as prone to fall victim to online threats. Recent government figures found that almost half of British firms had been affected by a cyber attack or data breach in the past 12 months.

    “Preparation is key for defending against cyber attacks, but sadly a lot of SMEs are still under the false impression that they won’t be attacked, and that only big companies and banks need to worry about hackers,” says Vince Warrington, MD of cyber security firm Protective Intelligence. “Sadly, the truth is very different.”

    Warrington says the most common form of online attack faced by smaller firms is ransomware – where access to data is blocked by a computer virus until money is handed over to the criminals responsible.

    “Traditional defences – such as anti-virus software – can only mitigate the risk to a certain degree, so SMEs need to have an effective recovery plan in place,” he explains.

    Back up to thwart criminals

    This should involve regularly backing up critical data, ideally on a daily basis. “Using the cloud is another way of making your business less brittle when it comes to unexpected incidents,” Warrington says. “Many vendors offer cheap ‘virtual machines’ and ‘software as a service’. These allow you to run your business applications and get access to your data from a wide range of computers, so in the event of your staff not being able to get into the office they can still work effectively from another location.”

    Robert Rutherford, CEO of IT consultancy QuoStar, adds: “Businesses need to be proactive in identifying which key IT assets, from hardware through to systems and specific services, must be protected in the event of an IT outage, rather than waiting until disaster strikes.

    “This can range from email and customer relationship management (CRM) systems, through to individual devices such as company smartphones and laptops.

    “Many smaller businesses do not consider their data to hold value, but there will undoubtedly be an impact on either the business or its customers if specific data is lost. This could be anything from a whole day’s sales information to an entire list of client contacts.”

    Emergency planning is key

    Whatever threats your business faces, it is important to draw up a formal emergency plan, Nicholls says. “This should include key information such as the location of shut-offs for electricity, gas and water supplies, telephone numbers of key contacts in the business, and other important numbers such as the energy supplier and utility emergency numbers.”

    It could also be useful to have a call cascade system so staff can be contacted quickly in an emergency. “If your business is based in a major city, you are more likely to be affected by a terrorist attack,” he adds. “Can you contact staff quickly, and do you have the technology for staff to work from home temporarily – or is there an alternative location you could set up and use on a temporary basis?”

    Finally, Nicholls says, the emergency plan should be communicated to all staff, practised frequently, and reviewed or kept up to date on a regular basis.