BUSINESS FOCUS
FAILING TO PREPARE IS PREPARING TO FAIL
Adam Bernstein looks at ways of preventing serious problems arising and protecting businesses when they do.
C
ast the mind back to 2005, the Buncefield oil depot explosion and the London terrorist attacks; and more recently, the flash floods in Kent this last May and the failed TSB systems that locked customers out of their accounts for weeks on end. While we don’t suffer from earthquakes and tsunamis, the UK is not immune from other threats.
And the sector has suffered, Jewson in particular. In June 2017, the company’s Harpenden site was caught up in an international ransomware attack . The attack locked employees out of the site’s computers and card machines. It’s not clear how the issue was resolved but others caught up in the attack faced a stark choice – pay the ransom or lose data forever. Just as problematic for the company was a data breach in November 2017 that affected
Jewson.co.uk where the private data of 1700 customers was exposed . Apart from the negative publicity, the breach – if it had happened under the new GDPR – could have led to a serious fine. Firms need to plan ahead for events, no matter how unlikely they may be, through a business continuity plan. Done correctly, it could put the business in a markedly stronger position compared to rivals who fail to plan ahead.
Assess the risks
The threats to a business are many and while some of them seem improbable, they should all be considered - natural disasters; theft or vandalism; fire; power cut; fuel shortages; IT or telecoms system failure; restricted access to premises; loss or illness of key staff; outbreak of disease or infection; crises affecting suppliers; crises affecting business reputation; or terrorist attack.
They all sound very improbable but they do occur.
Develop a strategy and plan Clearly some risks can be ignored while others are accepted but a mutual arrangement with a neighbour is set up to protect in the background. Alternatively, self-sufficiency could be the route chosen. But however it’s approached, the plan should be written in
Insurance
Insurance should never be skipped on. It’s worth recording when insurances are due and checking that they have been paid for – no matter who is responsible for dealing with policy renewal. It’s just as important to note down the policy details and keep them offsite.
But apart from the obvious insurance – premises, stock, vehicles, public liability and employers’ liability – firms, especially independents, should also look at buying: • Directors and Officers insurance that covers negligence when running a firm; • Business Interruption insurance that will pay to keep a business alive following a catastrophe; • Keyman insurance which provides money following the death of a key person to the
November 2018
www.buildersmerchantsjournal.net
plain English so that all can understand it. Contemplate where redundancy can be built into the business without adding too much extra cost and knowing where certain pieces of equipment can be rented may save the day. The hard drive in a computer has a ‘mean time before failure’ rating: how long it’s expected to operate before it fails. That doesn’t mean it won’t fail sooner. Similarly, an update to the operating system on a system may cause more problems that it cures. The key to both of these scenarios is to back up data regularly, at least once a day, and keep the backup offsite and accessible. Communication is critical to any business. This is especially acute if the telephone system is VoiP (internet) rather than a traditional line. Plan to use alternatives. Is there a neighbour with a WiFi connection with whom a reciprocal piggy back arrangement can be agreed if the broadband fails? Consider a 4G dongle or a mobile phone plan that comes with plenty of data. Maybe have phones on different networks in case one fails. Look at scanning and filing documents electronically. Fast double-sided automatic scanners will turn paper into PDF files that can be backed up and placed in a searchable archive on a computer. This will free up space so that the originals can be stored elsewhere to further spread the risk of loss.
surviving business partner(s) to keep the business afloat or to buy out the estates share of the business from the deceased’s family; • Critical Illness Cover which pays out following the diagnosis of defined serious illness that is terminal or life threatening; • Permanent Health Insurance which pays an income when the insured can no longer work.
Regulatory
It would be a mistake not to mention the regulatory threat through changing legislation, case law and tax policy, any combination of which could bring a business to its knees. The forever changing ground of employment law is great case in point. Employees have become more litigious and as discrimination awards have no limit, a good case proven could cost thousands. Similarly, ignoring a tax demand from HMRC could lead to bankruptcy or a winding up order. Quite simply, ignorance is no excuse under law and so firms should keep abreast of all legal changes that may affect the business.
Write policies and risk assess Good polices and regularly risk assessing threats to the business may help it lower insurance premiums on the basis that it, as a business, presents a lower risk to the insurer. Further, everyone will know what do. For example, by writing a bad weather policy both employer and staff know the effort that is expected when trying to get into work and the pay/leave arrangements for when they fail to get in.
A good policy will not necessarily get a firm out of trouble if an incident occurs, but it will help mitigate any penalties heading its way following an investigation.
Of course, firms should seek legal advice before putting pen to paper. Clearly, the policies should be available for all to read.
Emergency Contacts Another key task, one that is simple to overlook, is the drawing up of a list of emergency contacts that includes key staff, the utilities, employment agencies and key suppliers. Otherwise how would calls be diverted if the building cannot be accessed? Remember also details of the company accountant, solicitor and the tax / VAT office.
Test
Finally, having spent time, effort and money in creating a disaster recovery plan, it should be both regularly tested and kept up to date – without informing staff that a scenario is a test. Plan deficiencies should be noted and corrected.
Ultimately, the threats affecting one business might be quite different for another. But the threats are real and statistically a business runs a 1 in 5 chance of something serious going wrong. BMJ
19
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
