If you don’t think your business is at risk, then you had better think again. Thirty years ago all you needed to secure your office or building were some good locks and maybe some security cameras. But today, in addition to the conventional thieves, you now have to worry about computer hackers, viruses, malware, email phishing schemes, and so on.
Practically every business has valuable physical and digital assets that are not properly protected. Do you have confidential client information? How about proprietary business knowledge? What about information that you just wouldn’t want criminals or your competitors to get their sticky fingers on? It’s a pretty sure bet that you answered YES to all three of those questions.
The loss of at least some of those assets will very likely have a devastating impact on your business. Business insurance, while an important part of your overall protection plan, can’t protect you from identity theft or shield your business from devious competitors or employees.
Whether you own a big or small business, a security and recovery plan is of the utmost importance. It must not only define what risks you’re exposed to, but also lay out specific steps for handling the most likely types of losses you may experience, both physical and digital.
The first thing you must do is determine the types of risk to which your business is vulnerable. What if you lost all of your client data? Not just their contact information, but also all of their past records? What about your bank statements, work orders, or tax documents?
Now that you’ve covered your digital and/or paper-based inventory, it’s time to consider the bigger, more physical parts of your business that may be at risk. Do you use unique equipment, such as 3D printers, lathes, plotters, or high-capacity laser printers? Do you have expensive furniture? What about your inventory, such as rolls of carpet, cans of paint, or cans of chili? What about your computers? Be sure to list all of the physical items that are vital to the continuation of your business, or would at the very least be hard to replace.
Once you’ve listed all of your physical items, it’s now time to move on to how you do your business. Most businesses nowadays rely heavily on technology, the internet, or employees with unique skills. Does yours? Do you depend on processes that are unique to your business?
Now, think about what would happen to your business if any of those parts were lost, stolen, or destroyed. Would your business continue operating if all of your client files disappeared? Is there a possiblity your customers would sue you if their information were exposed? Could you end up being the target of negative publicity? What if a disgruntled employee decided to get revenge for being fired? What if your office space caught fire or was flooded? If your competitors gained access to your confidential information, would it benefit them? What if your trade-specific equipment were stolen? What if you lost internet access for a day?
An effective security and recovery plan should contain safeguards, policies, and procedures to prevent most of the risks that could negatively impact your business. Although physical access to buildings is relatively easy to control, most small businesses have little more than a lock on the front door. A security camera system should also be a part of the arsenal. If paper documents are crucial to your business, you need to have locking file drawers. You should also consider scanning documents and saving the files on a backup server or in the cloud.
Is your inventory stored in locked rooms or cabinets? Do all employees have access, even to things that are not part of his or her job? Could a disgruntled or fired employee return to the workspace after hours with an extra copy of the key?
Your plan needs to protect the digital parts of your business also. Are your important files backed up? Are they protected by strong passwords? Are strong anti-virus programs installed on all of your computers? Do you have internet and email usage policies in place to protect your employees (and your company) from harassment charges? What about preventing them from downloading unknown files from the internet?
Do any of your employees work from home? Today’s working environment is highly mobile, and vital business information can be easily accessed beyond the confines of your physical office. Once your employees leave the office, do they know how to safeguard laptops, flash drives, cell phones, or even printed copies of business information?
What if a tablet is stolen from an employee’s home, car, or hotel room? Do you have a backup copy of the data? Do you have procedures for protecting data on computers that have access to public wi-fi connections in coffee shops, hotels, or airports?
Last, but not least, your plan should include steps to quickly restore digital information from a backup. Where is the backup information stored? Is it on a local server or a cloud service? Who has access to it? And most importantly, who knows how to restore it?
If your office is flooded, how quickly can you relocate? Can some of your employees temporarily work from home or other locations? If client information is stolen under those circumstances, do you have a way to contact them?
Most small business owners have probably taken the first steps in protecting their valuable assets, like purchasing insurance and putting locks on the doors. Unfortunately, few have taken the time to really understand the potential risks to their business.
If you take the time to put together even an informal security and recovery plan, you will go a long way in preventing a real disaster or other loss. Although the best planning won’t protect against all disasters, it can certainly lessen the impact to your business once they occur.
