When Disasters Happen Part 2:
Unnatural and Man-made Catastrophes
In Part 1 of this series, we discussed how to prepare for natural disasters like floods and earthquakes, but man-made events can be just as devastating, especially when they involve technology. Target Corporation reported that it lost $17 million in the fourth quarter of 2013 after it was hit by hackers who gained access to customers’ credit card information, and that doesn’t include the long-term effects of customers being afraid to shop there anymore. 1
Small businesses can be even more vulnerable than large corporations to security breaches, employee sabotage, or computer hacking. They’re less likely to have dedicated IT departments, redundant servers, or any of the other controls that a big business can afford. A single hacking incident can cause as much damage as a major fire, but while a business will almost always install and maintain fire alarms, its owners may not think to take precautions against unnatural disasters.
Think of the damage that could result if a disgruntled employee erased all your customer information, or a hacker got into your financial data. And a computer loss doesn’t need to be the result of criminal activity. A sudden power surge, a crashed hard drive, or simple human error can cause untold damage and business interruption.
Only about half of small and medium-sized businesses in the U.S. have a plan to deal with an outage or disruption to their computer or technology resourcesOnly about half of small and medium-sized businesses in the U.S. have a plan to deal with an outage or disruption to their computer or technology resources. 2 When computer security firm Symantec surveyed those who didn’t have a plan, 52 percent said they didn’t think computer systems were critical to their business. Maybe they were sheepherders or belly dancers, but for the rest of us, computers are vital to running our day-to-day operations, from keeping track of orders, to doing the bookkeeping, to sending and receiving emails. If the computers go down, we might as well go home for the day.
Don’t wait till you’ve already been hacked before taking measures to protect your business from unnatural disasters. Here’s a quick outline to follow. You can also find more information and tools in the “Resources” section below.
- Identify which systems and data are critical to running your business so you’ll know how to prioritize your protection measures.
- Backup and archive important files, such as customer records and financial information. Set up a schedule to regularly back up all your files, automatically if possible, and store the copies in a safe, offsite location or in the cloud (or both).
- Control physical access to your computers, especially laptops and tablets, which can be easily stolen or lost. Lock up mobile devices when they’re not in use. Make sure each employee has a user account that’s protected by a strong, unique password, and change all passwords every three months. Remind employees not to write their passwords down or share them with others.
- Limit administrative computer privileges to IT staff and key personnel. To limit exposure to sabotage, employees should only have access to the systems they need for their jobs. To help prevent downloading viruses and other malware, employees should not be able to install any software without permission.
- Install security software on your network server and on all PCs and laptops to help protect against cyber-attacks, and install updates as soon as they are available. Your systems should be regularly “swept” to detect malware that may have crept in.
- Provide firewall security for your Internet connection to protect it against incursions, and make sure that if employees work from home, their home systems are also protected by firewalls.
- Secure your WiFi network to prevent hackers from accessing your data over a wireless connection. Your WiFi should be secure and encrypted, and access to the router should be protected by a password.
- Train employees in security practices and make sure everyone knows your cybersecurity policies and the penalties for violating them. Instruct employees on how to handle and protect confidential customer information and other vital data.
- Test your plan frequently to make sure files are actually being backed up, that outsiders can’t get into your network, and that all devices are password-protected.
Taking some time to secure your systems against unnatural disasters may save you lots of money in the long run, and will certainly give you more peace of mind today.
A disaster recovery plan should not be done once and put away. It needs to be regularly updated, communicated, and improved to make sure it’s available when it’s needed most. The future of your business may depend on it.