The Green Sheet Online Edition
January 22, 2018 • Issue 18:01:02
Rehearse, review your emergency plan
Year 2017 was tough for small business owners, many of whom suffered devastating losses during extreme weather events. Only partial numbers reflecting the financial impacts of these events were available in December 2017 when I researched natural disasters for "Delivering more than payments amid disaster," the lead story in The Green Sheet, Jan. 8, 2018, issue 18:01:01. Updated tallies paint a sobering picture.
On Jan. 9, 2018, The New York Times reported that 16 distinct billion-dollar disasters occurred in 2017, with collective damages totaling $306 billion. "Some made headlines for weeks, and some were simply overtaken in the public's consciousness by the next one," wrote the article's author, Kendra Pierre-Louis. The 16 disasters, which impacted every season and every U.S. region, include the following:
- Hurricane Harvey: $125 billion
- Hurricane Maria: $90 billion
- Hurricane Irma: $50 billion
- Wildfires, Western states: $18 billion
- Hailstorm, Colorado: $3.4 billion
- Severe weather, South, Southeast: $2.6 billion
- Drought, North and South Dakota, Montana: $2.5 billion
- Hailstorm, Minnesota: $2.4 billion
- Tornadoes, Midwest: $2.1 billion
- Tornadoes, Central, Southeastern states: $1.8 billion
- Flooding, Missouri, Arkansas: $1.7 billion
- Flooding, California: $1.5 billion
- Severe weather, widespread Midwest: $1.5 billion
- Severe weather, Nebraska, Illinois, Iowa: $1.4 billion
- Tornadoes, Southern states: $1.1 billion
- Freeze, Southeast states: $1 billion
It can (and will) happen here
Scott Teel, Senior Director of Communications at Agility Recovery Solutions Inc., said it's human nature to think of catastrophes as things that happen to other communities and companies. When disaster strikes, those affected frequently say, "I never thought it would happen here." Planning is critical, and companies need more than a dusty three-ring binder, he said.
John Swanciger, CEO of Manta, a small business service provider, said advance planning is key to surviving natural disasters. Write a plan and share it with all employees; help them understand the company's response, and their specific roles, in case of possible disasters, he said. Swanciger also advised providing evacuation routes, escape procedures, emergency phone numbers and clear instructions in accessible locations, as well as reviewing and reinforcing the plan with regular drills and preparedness meetings to minimize interruptions and ensure business continuity.
"Establish a plan for continuing to operate remotely during a shutdown by designating employees who can work from home," he said. "If you find yourself responding to an emergency that's already in progress, it may be too late."
Protect virtual, physical assets
Marc Punzirudu, Director of Security Consulting Services at ControlScan Inc., said incident response (IR) plans are also important for cyber-related emergencies. The IR plan works hand-in-hand with a business continuity plan to restore business-critical systems, and the first step is pulling together available documentation and holding a tabletop exercise, he stated. "You cannot test too often, or have too many test scenarios," he said. "Each scenario should be authored in advance and mirror real and present threats to the organization."
David Ellis, Vice President of Forensic Investigations at SecurityMetrics, said table-top exercises help familiarize employees with their roles in a data breach and test an organization's response to a potential hacking scenario. "By testing your plan, you can identify and address holes in the plan and help everyone involved see where they can improve, and do this when there is no actual risk to your business's assets," Ellis said. "Just having an incident response plan won't help you in a data breach. Your employees need to be aware of the plan and be properly trained on what they're expected to do should you get breached."
Often IR plans are ineffective because they are obsolete or companies haven't provided employees with adequate training, Ellis noted. He emphasized that IR plans are for the entire company, and it's important to have buy-in from the C-Suite. "An IR plan is a living, breathing organism that is only valuable to a company if it's up to date," he said. "Review, revise, practice and train."
Dale S. Laszig, Senior Staff Writer at The Green Sheet and Managing Director at DSL Direct LLC, is a payments industry journalist and content provider. She can be reached at firstname.lastname@example.org and on Twitter at @DSLdirect.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.