How A Small Business Can Spot Big Risks

There are a hundred and one things that can give your business nightmares. So it's important to spot threats before they turn into major problems. Here are a few tips on how to sleep soundly.

1. Don't sweat the small stuff

Your business is like a body. Everything is important but some bits are vital. Prioritise the people, equipment and information that are crucial. By thinking about which things matter most you can focus your time (and money) on protecting them. E.g. instead of filing away documents you will never really need why not back up your mobile phone SIM card, since it contains all the phone numbers of your key customers and suppliers.

2. Keep your finger on the pulse

If something is important to a business, there's likely to be a product or service out there to watch over it. There are services which can alert you when your website goes down, detectors for water leaks, lone worker monitors and even alarms which can switch on webcams for you to have a look at your premises. (So you can watch the disaster unfolding even while you are on holiday!)

3. Keep your eyes on the horizon

New laws and regulations can seriously affect your business. Yet you don't have time to monitor bills going through parliament or follow the progress of a new directive taking shape in Brussels. Join a trade association who will keeps abreast of things or sign up for news alerts from other sources. E.g. the Business Link regulation alerts or the BAD News current awareness bulletin from www.cobwebinfo.com.

4. Let other people be your eyes and ears

Your staff, suppliers and customers are a large network of potential information. Ensure they know what things matter to you and how to contact you if they learn something important. E.g. an acquaintance calls your mobile straightaway when he learns about a lawsuit involving your biggest customer.

5. Know thy neighbour

Getting to know your neighbours can produce a range of useful information that may help protect your business. You could learn that they are a qualified first aider or that they are keen to share the cost of anti-vandal paint or cctv cameras. Alternatively you may notice that they have no fire extinguishers and a leaky sink located directly above your computer!

6. Do a risk assessment

Risk assessments are often used for health and safety issues. However you should be alert to any hazard that might damage your business. Try the following exercise - imagine if you wanted to sabotage your own business! You will realise how easy would it be to;

break in.

overload that shelf which is above your computer.

block that drain cover in the warehouse.

ring the health and safety executive about your staff using the wrong ladders.

7. Single points of failure

Try to spot the single points of failure in your business. This can be the one piece of equipment which could bring your entire operation to a halt. Though it may not be just equipment you are overly reliant on. It could be a person, a customer or a supplier.

8. Damage limitation

Things will no doubt go wrong at some point. How you react can avoid calamity and will also be seen as a measure of your professionalism. Therefore a business continuity plan is essential. It details how you plan to cope when things go wrong. So when the customer calls you in a panic you can reply - " Yes we had a fire over the weekend. But we have arrangements to work elsewhere and alternate stock supplies. Your deliveries will happen as normal. We won't let you down. "

9. Get some outside perspective

There is a reason why we don't let our children mark their own exams! It is too easy to be complacent and think we have solved all the problems. It can be really useful to get some outside perspective on where your business might be vulnerable. There are a variety of sources who can offer opinions on your security, business continuity or emergency plans - local crime prevention officers, health and safety officers, fire brigade, suppliers/customers, insurers etc

10. Here today gone tomorrow

Things change. Your business environment is in a constant state of flux. The person or problem that was a threat yesterday may be gone today. Alternatively you may be faced with a whole set of new risks when you move offices, install new equipment, downsize or grow. Schedule some time every few months to re-assess your business risks, so that you are here today AND here tomorrow.

Simple Steps to Ensure Your Server Protected

IT support is one of the most critical aspects in running a business. If a company does not have use of its computer systems it means that they are basically closed for business.

Generally small business owners work hard to build up there intellectual knowledge and processes and this is often stored on their computer systems. It is generally not until it is to late that companies find out that there data has not been backup correctly or the right length of time.

Data backups are like critical insurance for a SME to ensure that in the event of a disaster their mission critical information is recoverable in a timely manner to ensure that they can get back to business as soon as possible Ensuring that Backup management it is part of the IT Support process and that backups are checked is critical to a successful restoration of normal business in the event of a disaster most SME fail to achieve this and as result are at great risk of incurring data lose.

There are some measures that can be taken to ensure that the risk is reduced.

Know what you're backing up on your computer systems

Ensure you test your backup regularly with different files being restored

Know long you keep a backup of your data for. If you need a file from 2 months ago can you get it?

Regularly clean tape drives and replace media

Look at multiple backups for redundancy. Eg Disk Imaging online internet based backups

If your using Window 2003 ensure shadow folders are turned on and enough space is allocated to them

Ensure that multiple copies of data are keep offsite

Look at having a written disaster recovery plan not only for the data but the entire system

Train users to store important information in certain locations that are backup There are many measures that can be taken to ensure data is backup and tested. Companies need to ensure that they reduce their risk profile or risk data being lost.

Source: http://ezinearticles.com/?Simple-Steps-to-Ensure-Your-Server-Protected&id=1008660

Emergency Planning for the Future

WHEN A BOEING 777 AIRCRAFT carrying 136 passengers and 16 crew members crash-landed at Heathrow Airport in January, it was regarded as being exceptionally lucky that everyone escaped alive and with only relatively minor injuries.

The escape seemed even more remarkable following eye witnesses' claims that the British Airways flight BA038 from Beijing just managed to clear the airport perimeter fence before landing short of the runway with sufficient force to remove the landing gear from the plane.

The images of the damaged plane with its emergency escape chutes fully extended are still very fresh, and it has been routinely reported that the passengers and crew had a lucky escape. Certainly, luck did play a part but I think there was more to it than just luck.

The cockpit and cabin crew on the Boeing777 did their job professionally and this probably helped reduce the severity of the incident and contributed to a relatively positive outcome.

The response of Heathrow Airport Fire and Rescue Service and London Fire Brigade was effective and professional, and this may also have helped contribute to the positive outcome. The fact that they performed so well was probably due to the close liaison between the two services who regularly plan and train together for such emergencies.

An eye-witness reported that fire crews arrived "within minutes and evacuated all the passengers." John Trew, Airport Fire Manager at Heathrow Fire Station, is reported to have commented that apart from the colour of staff uniforms it was difficult to differentiate between the ARRFS and local authority fire personnel; they worked so well together. Such performance does not come easily! Time, effort and considerable cost are involved in perfecting a collaborative response to an emergency. Safety management and emergency planning have been key themes at two conferences I have recently attended. These were the IAFPA (Far East) Conference in Singapore in October 2007, and the more recent AFOA Conference in Dublin in January 2008. It is likely that at least one of these themes will be re-emphasised at the forthcoming IAFPA (Middle East) Conference in Abu Dhabi this month.

As many major aerodrome incidents demonstrate, emergency planning is not just an airport issue. The ARRFS do spend a significant amount of their time simulating probable scenarios and emergencies - fortunately, and in the main, this is the only mechanism open to them to practise the possible emergencies they may encounter on an aerodrome.

The ARRFS environment is geared to training and simulation and yet, even in this environment, full-scale exercises are not easy to facilitate. Full-scale multi-agency exercises ar even more difficult to organise and resource andhave to be undertaken to reduce the impact on the community and the economy. It s worth noting that in the recent incident at Heathrow21 flights were cancelled and many long-haul flights departed and arrived late, with 24 incoming flights being diverted to nearby Gatwick, Luton and Stansted. Despite the cost and the other inherent difficulties I think we would all agree that such exercises are needed if emergency services are to respond and work together in a co-ordinated way when major incidents occur.

Establishing a plan is one thing; testing it is another. Heathrow Airport, in close liaison with its emergency planning stakeholders, frequently tests the plan as do other CAA licensed aerodromes. As a result of good liaison and the regular testing of the Heathrow plan it appears that all stakeholders were able to work well together during this incident.

How do you test your emergency plan? Redkite Systems already supply airports and local authority fire and rescue services with safety management systems; to record staff competence and to record equipment safety inspections and tests. In addition, and having been made aware of the problem, we have developed a prototype 'Emergency Planning' system that can help emergency agencies develop and assess staff performance in line with the requirements of their emergency plans.

In 'Emergency Planner', a scenario is defined and the participating agencies identified, with staff being allocated to specific roles and functions. The scenario can be modularised to concentrate on different elements of the plan, culminating in a full-scale test to meet UK CAA Aerodrome licensing and International Civil Aviation Organisation (ICAO) requirements.

Breaking an emergency into composite modules has been broached by airport safety regulators, and Redkite Systems have already provided a basic system to accommodate this methodology.

Another advantage of the Redkite Emergency Planning System is that many ARRFS and, increasingly, local authority fire personnel are familiar with the Redkite system and we have made every effort to keep this familiarity to reduce training requirements.

Business online blog

Business Continuity Planning

Business continuity planning is one subject that is often left to the last minute but is one of great importance.

If you wait until 'something' happens, it could be too late. I have seen people wading in calf deep water looking for the stopcock; others reading the instructions on a fire extinguisher in the middle of a fire.

In reality we should all know what to do in an emergency well before the emergency happens and be prepared for most eventualities.

We have read about the terrorist attack, the dirty bomb and other major catastrophes but it is often the 'soft' disasters which can cause irreparable damage to a company.

One such problem occurred recently; the company uses a card entry system to gain access to the building. The server housing the operating system failed and prevented anyone entering the building. It was apparent that there was no manual override; people milled around outside the building, not really knowing what to do. Eventually someone broke a window to gain entry. Of course the alarm went off and before it could be turned off the police were on site; embarrassment all round.

The company has now put a system in place to override the card system if it fails in the future.

The winter season also means that illness will increase; how many companies have prepared for a flu epidemic? Sadly very few.

Companies that have incorporated ISO27001 (Information Security Management System) will have an emergency plan in place, regularly tested and validated. This together with an IT disaster Recovery Plan will be able to deal with most eventualities. The old saying that 'if you hope for the best but prepare for the worst' is a good mantra to use.

Companies that have suffered major disaster, like being in the vicinity of the Buncefield fuel depot fire, and did not have any business continuity plan have disappeared without trace. Insurance cover just didn't mitigate all the problems. Those companies that did have a plan in place, had difficulties but managed to survive.

It is a pity that, as of December 2007, there are only 363 companies in the UK certificated to ISO27001. It is a very big standard to achieve but the benefits are huge.

Franchising

How Safe Is Your Computer Data?

As recently as December 2007, a New Zealander was subject to an FBI investigation on world-wide cyber crime which also resulted in Dutch authorities imposing strong penalties on companies using his malicious software.

Managing data security is unavoidable in today's business environment and is a critical task for many. But what has all of this got to do with the small business owner?

Perhaps the cost of your laptop or your office personal computers does not amount to that much in the grand scheme of things. Have you ever stopped and wondered how long it would take to replace the data that you stored on them; or what damage losing customers' sensitive data would have on your business.

I recall an ex-colleague at a large, international accounting and consulting firm whose laptop was stolen from his car. He stored valuable information about several blue-chip clients' projects he was working on his hard drive. Not only did he lose the only copies that the firm had (which meant that weeks of work was lost) but he potentially put the firm at serious risk of bad publicity and losing major clients.

How well do you protect your computer hardware and data? How much would it cost to replace them? The following are just a few tips to help protect you.

Use Anti-Virus software and keep it software up-to-date. Hundreds of new viruses are discovered each month. You are not just protecting yourself when using virus software, but also others you communicate with.

Always use a Firewall - A firewall is an "internal lock" for information on your computer. Many computer operating systems already have firewalls installed and you must activate them. There are many other firewalls available to download or buy that help you secure your computer.

Learn the risks & rules associated with sharing files or your internet connection. You can be exposed to danger via e-mail, file-sharing, a broadband connection or a wireless connection

Disconnect from the net when idle. If you're not using your net connection, (when you go to bed as an example) turn it off. It's much harder to hack your computer when it is not connected. This is especially important if you have a high-speed connection.

Use strong, unique passwords and don't share them with anyone & back up your data frequently

Take immediate action if you think you have been hacked or infected by a virus and contact your ISP

Protecting your information can be a major deal for a small business owner but using the proper tools can ease the burden significantly. Such efforts will dramatically reduce the chance of a major security breach and also the costs and damage to your company's reputation that such an event causes.

Business Continuity Planning BS25999-2-2007

I wonder how many companies were faced with the same problem that I faced following the Christmas and New Year shutdown: my office landlord decided that he would turn off the heating during this period in order to save money. The net result was that the office, and more importantly the computer equipment, became very cold. Upon turning the heating back on, condensation formed and this caused the equipment to short out.

The resulting bang not only did my constitution no good, it meant that the computer equipment had to be repaired. Fortunately our company has a business continuity plan which was put into action and none of our clients were put to any inconvenience.

At the end of 2007 The British Standards Institute produced an new standard BS 25999-2 Business Continuity Management and its code of practice BS25999-1. This can be either a stand-alone system or as part of ISO27001 (Information Security Management Standard).

BS25999-2 sets out the requirements for BCM (business continuity management) and how any organisation can reduce or mitigate any incident which interrupts or degrades the company or its operations.

The main areas are:

Identify what potential risks could affect the company; Know what equipment would be needed in the event of a loss of building/facility; Keep copies of staff information off-site to be able to contact key personnel if required; Plan who will do what and when; Make contingency plans for staff if buildings are unavailable; Keep copies of important information off-site; Review and train everyone in the continuity plan and IT disaster recovery routine; Test the plan regularly; Learn lessons from any tests; Ensure the plan is kept up to date.

Having a business continuity plan in place will not stop a disaster happening, but it certainly will ensure that its effect can be mitigated and will ensure that the company can be up and running in the shortest possible time.

It is important to note that many companies that have been subject to a major disaster and do not have a business continuity plan have gone out of business.

Be prepared. It is not only for boy scouts.

Is Your Organization Prepared to Sustain Business and Respond to a Disaster?

If you are in the market for a global commercial satellite service provider of voice, video and data connectivity solutions, you're not alone. Businesses, government entities, humanitarian groups and public service departments such as fire, police and emergency responders are increasingly in the need for fixed and mobile satellite communications. Whether for backup, emergency or occasional use, satellite services provide the flexibility and reliability that traditional terrestrial communications can't compete with. As communities expand and businesses reach across physical boundaries the need for voice, internet, video and data to continue despite location or cause for disruption grows with demand and intensity.

When it comes to safety, emergency services and communications, preparation and taking count of necessary precautionary measures is critical to the lively hood of community members. When disaster strikes, preparation has and will continue to be the best method of protection. With any disaster preparedness plan, a solid communications method is imperative. While many organizations have taken head to recent natural or man made disasters and secured commercial satellite services - others have yet to deploy the necessary steps to ensuring communications and basic communications services remain intact.

Municipalities and organizations worldwide need to incorporate superior satellite technology into their response action plans. There are a number of providers that offer a range of services from high speed internet via satellite, mobile satellite, business satellite internet to voice, fax, data and video over satellite services. Many government entities and public service organizations rely on the ability to quickly respond to situations, communicate between the personnel on the ground or at the scene seamlessly with the command center. In areas where infrastructure is limited or not accessible, having the agility of a mobile satellite communications network can literally change the outcome of a crisis situation. Being able to rely on automatic satellite, modem and networking services in command or responder vehicles is realistic if the provider is reputable and has the bandwidth to support commercial satellite services worldwide.

Mobile satellite services can be installed in command vehicles with communication devices between the internal computers and VoIP phones, wireless devices such as PDAs and laptops, featuring mobile satellite internet and networking services, capable of uplink and downlinks operability. The satellite connectivity capability is tremendous, especially in mobile and first-responder environments. With the right services, support and mobile infrastructure, organizations and agencies can be confident in their connections.

There are many options in fixed and mobile satellite services, first responder and emergency satellite communications. Organizations can deploy high performance multi-network communications through a single source, thereby ensuring the quality and operability of mission critical procedures. In conclusion, search for a provider that can provide quality connections and reliable support staff to ensure that when disaster strikes, your organization can respond without delay.

Offsite Data Backup Plan - What Online Backup Services Vendors Must Have

Having an offsite data backup plan is a necessity to support your business continuity and disaster recovery needs. To support these objectives, you may also have ascertained that using an online backup services provider to be viable but find it a challenge to identify suitable vendors.

If so, here's a two-stage methodology that can make life easier for you:

- Stage 1: We will use an initial set of criteria is used to identify a short list of candidates that are able to provide a minimum standard of service for immediate and longer term.

- Stage 2: We will determine your provider of choice by assessing the short-listed candidates against a final set of criteria.

Today, we will discuss the details of Stage 1 and outline key requirements that must be fulfilled by all short listed candidates.

I. Established operations

In the past, many impressive start-ups have gone bust. Based on experience, vendors who have been in business for 5 years or more are more likely to be able to support in the long haul.

II. Large customer base comprising of business clients

A sizeable business clientele usually co-relate with the vendor's proven ability to provide a satisfactory level of service for business requirements that are usually more stringent by nature.

III. Premise that is secured

As a rule of thumb, consider candidates who use world class data centres for their operations. This is because data centres often have good physical security equipment and measures to prevent unauthorised access. Data centres also have built-in protective measures against natural disasters that include earthquake and fire.

IV. Scalable offerings

Data storage requirements will increase along with the growth of your business. While your immediate need is the priority, the short-listed vendors must have expandable data backup plan offerings to accommodate additional storage when the need arises.

V. Affordable plans

Vendors who offer "too good to be true" free storage for life are hard pressed to survive in the long run and therefore should be excluded from the short list. Instead, identify candidates who can provide the required service at prices that are affordable, based on a budgeted price range.

By evaluating using the five criteria above, you will have a short list of candidates that can offer the minimum level of online backup services to support your offsite data backup plan objectives.