During a disaster, you have a choice: either you can make money or lose money. There is no “breaking even” when a disaster strikes. But you have to have your disaster program ready, and employees are the critical element that makes or breaks a company’s response.
They are the ones who will get your processes back up, expand your client base, and get you back in business. But that means they have to be ready for the disaster. But how do you know if they are ready? Your employees aren’t going to tell you outright that they aren’t ready for a disaster.
Wondering if your workforce is prepared for a disaster? There are 4 signs that you should look for that will help you answer this question:
Lack of Knowledge of Disaster Plan
This is an instant give away. When employees don’t have even a basic understanding of how the plan works, there is a 0% that the plan will function the way that it was designed. Disaster plans are technical documents that require constant training and employee readiness about them.
They should know how the company will communicate in a disaster, where the alternate site locations are, how to reestablish basic company functions, etc. A couple years ago I was talking to a colleague once in the recreation industry, and she had no idea where the business would go in a disaster, even though the company had spent tens of thousands of dollars to set up an alternate location!
Indifference to the Disaster Program
In other words…no one cares. I can tell instantly when employees are indifferent to a disaster program: as soon as the disaster program is brought up in a meeting, people start to yawn, or open their smartphone, or show renewed excitement for that upcoming dental appointment.
When the leadership isn't actively engaging with employees, the disaster program is at risk of becoming obsolete. An adaquately trained workforce will keep an eye out for changes in the company that will affect disaster operations.
They also hold regular discussions with the employees in meetings specifically devoted to the disaster program. These are programs that will last in the long term.
Lack of Questions
When employees aren't asking questions about the plan that means they have never been engaged in the disaster program. No disaster program, regardless of its mechanisms and the expense that went into its creation, is perfect.
Employees that are ready for disaster ask questions about the program and the implications for themselves and their families.
Empty Exercises
Employees who are ready for a disaster understand how critical it is to participate in disaster exercises. I have seen companies that hold an exercise from 8AM to Noon, and half the employees don’t bother to show up because they think it’s an optional vacation day!
The leadership and the employees need to understand that exercises are critical to the disaster program, and that management means business. And they don’t have to be boring!
If management takes the time to create a fun exercise, everyone will want to participate.
If you are worried that your employees aren’t prepared, make sure you engage a disaster manager who can help develop a customized program unique to your workforce! This is the most effective way to Reverse Disaster.
Yesterday, a hacker from the group Anonymous took credit for a coordinated cyber attack against Internet domain registrar and web hosting company Godaddy.com. The denial-of-service attack caused a complete company-wide outage for several hours, and was the largest in the company's history.
The result was chaos. Millions of small business websites were down, including shopping carts and e-mail accounts.
Regardless of your position on Godaddy or Anonymous, September 10th cyber attack should be a wake up call for your business to prepare for these types of major outages, or one of the casualties is going to be your business. Outside of non-state groups like Anonymous, there are a number of nations that are known to recruit and train hackers with state complicity or encouragement: North Korea, China, Russia, among others.
Godaddy is unlikely to lose its company because of the outage. However, as a small company, you probably do not have the substantial financial resources to ressurect lost business. And if you do have the money, why not spend it in a way that ensures you can take advantage of your competitors' lost business?
Website/Shopping Cart
Simply put: If your site is down for hours, your competition is going to be cheering! Even if it is for a short time, your reputation can be damaged, and potential clients will go elsewhere. However, if your competitors are not prepared and yours is, this is a chance for you to increase your business and gain ground on them! But you have to have the adaquate preparation first.
If you aren't ready for a cyber attack, you risk wasting a lot of money, particularly if you have an online advertising presence. You will still be paying for the clicks and online time, but you will get ZERO conversions. That is money thrown away. Even if you do turn the advertising off in time, you will be losing valuable face time with potential clients.
E-mail
Using a personal e-mail address to send professional correspondence looks amateur and rookie. Not only is the e-mail address going to be foreign to clients, vendors and others, it might be placed automatically in the spam folder by a message server. This is the case with Hotmail addresses, because the server will associate the word "hot" with pornographic material.
One of the other issues is the content of personal e-mails are not appropriate to the professional setting, and are rarely corrected in time. More than once I have seen disaster-striken companies who (inadvertently) send out a client e-mail with something like this in the signature line:
Jon "Bubba" Smith
"As always, EAT the MEAT, TOSS out the BONES"
Is that the impression you want to make with a new client? In business we talk a lot about first impressions, and a signature line with "eating meat" and "tossing out the bones" is not a way to foster a professional, long-term relationship under any metric. This is a reason we create a clear differentiation between professional and personal e-mail addresses. During a disaster, this line does not need to be blurred.
This also does not account for the fact that you will now have to forward all the e-mails from the personal box to the professional box, will have to delete the message in the personal box, make sure you have not violated your privacy or terms of service, and then hope that your clients aren't e-mailing your people on their personal address.
However, this can all be avoided with some simple preparation.
Reversing Disaster - Basic Tips
1. When your company is facing a disaster, your company should seek to look even MORE professional, not less. Every e-mail, every message, every client interaction should be given the highest professional feel possible.
2. Don't put all your technology eggs in one basket. If you use one vendor for all your IT needs, this is an invitation for trouble. Spread out your platforms (hosting, cart, e-mail etc.) between multiple vendors. This will ensure you have a resiliency for your business.
3. Purchase a disaster plan from a reputable source. Don't waste your time buying templates or getting disaster plans from some fly-by-night business you find online. Get their credentials, make sure they understand your long-term needs, and stick with them. They will keep your business resilient.
Commit to a little preparation, and your company can easily Reverse Disaster.
Patrick Hardy, LL.M., CEM, ALEM
