Disaster Readiness Part 2: Surviving a Disaster

Hurricane season in the U.S. is June through November. And wildfires that spread across thousands of acres and swallow everything in their path make the headlines regularly.

A solid business continuity and disaster recovery (BCDR) plan provides a roadmap for handling business issues during all types of disasters. It doesn’t always take a major hurricane or a wildfire to put a BCDR plan into action. Attacks on security occur 24/7/365 nowadays.

Here’s how to put your BCDR plan into action.

Employee Safety

During any significant event, your first priority is to ensure employees are safe. Instruct them to follow the BCDR plan by checking in by phone, email and/or social media. Once you know everyone is accounted for, stay in touch with them periodically until the event passes, and let them know the next steps for getting back to business.

Although a cyberattack most likely won’t put employees in physical danger, it can affect their personal accounts. Spear phishing attacks and the like can spread from the workplace to employees’ personally owned devices if they use them for work purposes. Many types of cyberattacks can result in identity theft, draining of funds from bank accounts and unauthorized use of credit cards. The best way to prevent most attacks is to avoid suspicious emails that contain links or attachments – think before you click. Preview email messages before opening them, and if something seems important but doesn’t look right, research the sender and call them to verify legitimacy. Other suspicious emails should simply be deleted.

Finances and Sales

Call your insurance agent to help you assess damages and file claims. Be aware that there may be some lag time before an agent is available to come on-site.

If your business requires repairs or will be down for some time, reach out to your bank as soon as possible. Let them know your situation, how you’re responding and what type of expenses you expect to incur over the next two to six months to get back on your feet. And if you took the step to prequalify for a loan or line of credit before the disaster struck, you should have necessary funds within a short period of time.

Disaster Communications

Your BCDR plan should describe how you will contact staff during and after a disaster (phone, email and/or social media), as well as the company’s main point of contact. If the designated contact is someone other than you, be sure that person is carrying out the plan.

Let staff know whether they’ll be paid while the business is closed, when they should report for work (and where, if they are to work from home or in a new temporary location), and any special responsibilities they’ll have in the short term. Provide instructions for how to deal with customer and vendor inquiries, such as referring them back to you.

On that note, reach out to customers and partners, explaining that you’ve experienced a disaster and when you expect to be operational. Let them know which products or services you can and cannot provide during the coming weeks or months. Be sure to contact vendors as well and be prepared to negotiate compensation for in-progress orders that cannot be accepted for delivery. Presenting an organized, positive and proactive message is reassuring to those who depend on your company, and it may bring more business your way when you’re ready.

After a security event, you may be required to notify customers if their data has been breached. Many states have data breach notification laws that specify the number of days in which you must provide notification. Know the specifics of your state’s law and prepare notifications if required.

Physical Assets and Technology

If your building suffered damage, you can rebuild with sufficient financing or an insurance payout, but skilled contractors may be hard to come by. Unscrupulous contractors will swarm the area, perform shoddy work and then disappear. Be careful who you contract with by checking their status through the Better Business Bureau and similar organizations.

In the case of a cyberattack, it may take several days to fully restore systems. It’s usually best to reinstall systems and restore data from backups. If your data was not backed up or available in the cloud, it will be a long and painful process to re-create critical records for payroll, customer accounts, work products and more. Without backups, you may lose some information forever.

Moving On

Surviving a disaster is tough. It takes a certain amount of grit and resolve to see your way through. Using a well-crafted BCDR plan will help you keep your business operational, or get it back up and running as soon as possible, when disaster strikes.

Hear from the experts: 4 things to do immediately after a disaster strikes.