There are, of course, different levels of disaster and for the worst ones your business would be the last thing on your mind. But what if your workplace suffered fire or flood? What if your laptop or ‘phone was stolen? What if your computer hard drive was hacked? Do you have a disaster recovery plan?
These days most of what is needed to keep our business running is in electronic form and relies on the internet and, therefore, electricity. This makes the entire running of our business vulnerable to fire, flood, theft and remote access.
It really is worth doing a risk assessment for your business.
Points to consider are:
Would I be able to recover my data and contacts if my computer/laptop/phone was compromised?
Do I have vital and/or archive information stored in paper form that is vulnerable to fire and water damage?
What do you require to support your critical business activity?
How long would it take to recover the data?
What would the cost be in the data loss – both in terms of income and cost of getting in expert help?
At what point would you need to inform your clients?
Do you need to have an alternative base for your business?
There will be other areas to consider depending on your business. Having done a risk assessment you need to put procedures in place for reducing this risk and have a plan if “disaster” does hit the business.
Reducing the Risks
There are a number of ways you can reduce the risks and key one are as follows:
Back up all your electronic data regularly (usually daily) onto a remote server – this means you can log on to the information wherever you are.
Check your professional regulations to ensure that your back up system is compliant. Some information must be stored on UK servers.
Do a second back up on to an external hard drive, usb or dvd and store it away from your main data store.
If you have all your contacts in your phone make sure you have a backup of that too
Work with an IT expert to set up the correct security requirements for your business – this can include setting up the back ups, virus protection and encryption. It also means they know your system if the worst happens and you need their services urgently.
Many businesses have to keep archive material for set amounts of time – often 7 years. If these archives are in paper form store them in containers that offer some protection against fire and flood. Alternatively there are scanning and archiving services that will store these on a remote cloud based server.
Look at insurance options and check whether you have cover for business down time and disaster recovery.
If you are a financial adviser you may have a lot of personal data – if you store this on something that is easy to steal or mislay (eg a laptop) ensure that your files are encrypted.
The Financial Conduct Authority produced a very useful fact sheet concerning data security in small practices and is well worth a read for any small businesses with an office base.
Do you need to contact clients to tell them if you have a problem?
You certainly do if your database has been hacked into: You need to let them know the extent of the breach in security and provide details on how to reduce their on-line risk.
This happened recently to Betty’s of York when their on-line shop database was compromised. They advised their clients to change passwords as, although their passwords were encrypted, they had been stolen. They also reassured customers by saying that bank details were stored separately and had not been accessed and asked customers to be vigilant about emails or phone calls purportedly from Betty’s but asking for financial information.
Otherwise the decision about letting your clients know is up to you. The message should certainly be “business as usual” but you may need to ask for some leeway in achieving deadlines.