By Thomas Phelps of Laserfiche
If you think that a disaster won’t disrupt your business, just ask the U.S. Small Business Administration (SBA). The SBA lists over 60 major declared disasters — regional fires, flash flooding, mud slides and tornadoes — in 30 states in 2016 where impacted businesses could apply for disaster assistance loans. When a flood strikes, almost 40 percent of small businesses fail according to the Federal Emergency Management Agency (FEMA).
To protect your business, you should prepare for the unexpected and include four major disaster scenarios in your business continuity planning. This includes loss of systems and data, buildings, third parties and people.
Scenario 1: Loss Of Systems And Data
Businesses should create recovery plans in the event that they lose their systems, network and data. And it’s not just natural disasters that could lead to a loss. Property crime and cybersecurity breaches are also significant factors.
In 2015, FBI statistics show that property crime, which includes burglary and motor vehicle theft, claimed one victim out of every 40 people. The average loss per burglary was $2,316.
For small business owners, the theft of a laptop or documents from an office or a car is not as costly as the devastating loss of critical data. Businesses could also be subject to cybercrimes where crippling malware and ransomware attacks disrupt access to customer records.
Highly Regulated Industries. In the highly regulated healthcare industry, data breaches involving a patient’s unsecured protected health information have to be disclosed. The HIPAA Breach Notification Rule requires notification to be provided to affected individuals, media outlets and the U.S. Department of Health and Human Services. Recovery plans should include involving law enforcement, where appropriate, and addressing breach notification requirements.
Importance Of Data Backups. When recovering systems and data, it’s important to assess whether data is backed up properly. “For small businesses, what could hurt them is that they do not have their data backed up anywhere,” says Davida Johnson, director of Community Partnership Programs at the UCLA Office of Information Technology. Johnson is the program director of UCLA IS Associates, a nonprofit CIO leadership organization that includes IT leaders from Fox Entertainment Group, Molina Healthcare and Jet Propulsion Laboratory as its members. “Businesses assume their systems will be in place when they recover, and that’s not always the case,” says Johnson.
Using A Cloud Document Management System. Michelle Quan, CPA, president of Los Angeles-based US MTX Professional Services, takes extra precautions. She periodically backs up sensitive business data from her server to encrypted drives. “As a small business owner, our focus is on providing exceptional client service,” says Quan. “We can’t afford a single day during tax busy season where our server may go down and we can’t access our client data. We need to make sure data is securely encrypted. ” Along with performing backups, Quan plans to purchase a secure, cloud-based document management system to augment her current fileserver. Tax forms and client information will be scanned directly into the cloud document management system. This way, Quan can eliminate paper, reduce risks of document theft and work with documents securely.
Scenario 2: Loss Of A Building
Business continuity plans should account for scenarios involving the loss of a building. This includes not being able to access an office for weeks if a fire damages parts of the building. A chemical spill, an active crime scene or citizen protests blocking city streets could also impact getting to your office.
Recovery plans should include reciprocal agreements with other businesses for office space if a building is destroyed or not accessible. Employees should have the ability to remotely access applications, systems and data securely during a disaster event.
Scenario 3: Loss Of Third Party
Small businesses rely on third parties to provide front or back office services. Payroll, IT, digital marketing and other services are critical to small business owners. Recovery plans should account for third parties that may go bankrupt or abruptly stop providing key services. Businesses should identify a list of alternate providers prior to a disaster and minimize their reliance on any single vendor.
Scenario 4: Loss Of People
The loss of a key employee could significantly impact a small business — especially if individuals have not cross trained other people on critical responsibilities. Business owners should train backup staff on recovery plans that include procedures to recover and perform critical processes.
Preparing for the Unexpected
Businesses should anticipate four major disaster scenarios — loss of systems and data, buildings, third parties and people — in their business continuity planning. Critical business information should be inventoried and stored in a cloud-based document management solution that can be accessible anytime, anywhere and on any device. By taking a few steps to prepare for the next Big One, businesses will minimize the impact of a catastrophic disaster and continue business operations faster.
Thomas Phelps IV is the Vice President of Corporate Strategy and CIO of Laserfiche, a global enterprise content management software company. He is responsible for corporate strategy and training, vertical marketing, analyst relations and IT. Thomas has deep expertise in business continuity management (BCM), having led enterprise-wide initiatives for Fortune 1000 companies. He teaches on BCM and IT governance for the globally-recognized Certified Information Systems Auditor (CISA) exam review course and has guest lectured on BCM at University of Southern California.
The views, opinions and positions expressed within this guest post are those of the authors alone and do not represent those of CBS Small Business Pulse or the CBS Corporation. The accuracy, completeness and validity of any statements made within this article are verified solely by the authors.