Last month we published the first pair of our 8 critical tests for an effective small business continuity plan, and now we’re moving on to tests three and four.
[Test 3] Who might damage my business?
Business of all sizes are vulnerable to external threats, be it a totally random attack or someone closer to home. Data, IT systems, equipment and premises could be physically at risk from hackers, data thieves and burglars, but reducing the risk of hacking needn’t be prohibitively expensive for small businesses, as this Guardian article about small business and cybercrime shows, and starts with steps as simple of regularly changing staff passwords.
People often think that hacking depends on technology, but actually a lot of hacks start with persuading a trusting member of staff to hand over passwords, or username reset links, to someone they believe is a senior member of staff – aka the hacker, who’s done a bit of research on LinkedIn before calling.
Keep an unobtrusive eye on your employees’ personal situations, too – someone in severe financial difficulty may be more vulnerable to bribery, and someone under a lot of personal stress may react badly to job insecurity or mounting workloads.
Don’t forget the potential damage to intangible aspects of your business too; social media, for example, makes businesses much more vulnerable to attack from disgruntled employees, clients or competitors wanting to damage a brand’s reputation, and it’s important that this sort of crisis management forms part of your business continuity plan. Make sure you change social media admin rights on making anyone redundant. Dealing with negative attention online can be challenging, but the secret is to not get involved in any public confrontation. Signpost people to call you directly with any specific issues, and ignore generalised criticism wherever possible.
[Test 4] What must I back up? Where can I safely store the back-ups?
With innovations in technology over the last few years, there is absolutely no excuse for not backing up your data regularly. There are plenty of options for businesses of all sizes, from sole traders through to international companies, that back data up automatically so you don’t even have to think about it. Reliable options include Google docs and Dropbox, but there are many other cloud computing services. These have the added benefit of letting several people work on the same document at once, rather than sending different versions of files between themselves.
Don’t forget though that even data stored away from the main system needs to be back up; this includes any data or contacts on mobile phones (SIM card readers are very useful for this) and paper based data (store copies away from the premises, and preferably in a fire-proof safe). Think about the data you need to protect and how it might be physically at risk; is your building secure? Are all locks and alarm systems working properly? Are filing cabinets fire-proof? The Information Commissioner’s Office has more information on data storage and security.
Once you’ve thoroughly covered these aspects of your business continuity plan, you can find tests five and six here.
