In a day and age when a host of concerns—power outages, fires, illness of key staff, damage to stock, stolen laptops, customer complaints or criminal activity—can greatly disrupt business activities, every business owner needs to be prepared to mitigate the impact of these events.
A carefully thought out business continuity plan can help you cope with a crisis and enable you to minimize disruption to your business and your customers. It can also help safeguard your staff, assets and reputation while protecting your bottom line.
First, you need to determine what the greatest threats are to your business. To calculate the risks, crisis management expert Cheryl Hirst, who is the director of business continuity and disaster recovery at Erie Insurance, recommends using this formula: Threat x Vulnerability x Impact = Risk.
- Threat – What is the likelihood that an event (natural or man-made) will occur? The events generally fall into three categories: natural (flood, hurricanes) man-made (fire, workplace crime) and technology (data breaches, system failures).
- Vulnerability – What are the risk factors or gaps that could increase the likelihood and/or impact of the event?
- Impact – What is the impact or costs that an unplanned event could have on your business? How could it negatively affect your team and interrupt your business processes or technology?
- Risk – By looking at the threats, vulnerabilities and potential impacts, you’ll have a broader understanding of the risks to your business.
When conducting the risk assessment, Hirst also recommends focusing on people, processes and technology.
- People – Whether it’s a severe weather event or a man-made accident like unintentionally cut power lines, it’s important to think about how such events could impact your staff. “If 30 to 40 percent of your staff is not available to come into work because of an unplanned event like a flood, that could have a catastrophic effect on your business,” Hirst says.
- Processes – The risk management cycle begins with an inventory of business-critical processes and functions. “For example, identify the most critical parts of your business that need to be operational as soon as possible following a disaster,” Hirst says.
- Technology – It’s important to map out the step-by-step procedures to restore critical technology resources. If your office laptops are stolen, do you have the devices backed up? Could you communicate with your employees if a disaster happened during or after work hours?
“Your goal is to think about natural or man-made risks to discover your vulnerabilities and then estimate the impact on your business,” says Hirst. “When a crisis hits, this advanced planning and preparation will help you through the stressful situation.”
To help you get started, take this seven-question, self-assessment quiz to find out how well your business is prepared for a crisis. For additional information, visit these websites, ready.gov or disastersafety.org.