StrategyDriven Risk Management Articles

How to Prepare Your Business For the Unexpected

Every small business that succeeds does so at least in part as a result of the strategies employed by its owner in a bid to fulfil their personal vision of the future, but few such owners spend any time working on plans to help them deal with unexpected emergencies.

Small enterprises are far more vulnerable to such events and failing to make proper provision for any kind of disaster scenario, whether a data breach or hurricane, means you risk being caught off guard. Not having a suitable plan in place will also make it far more difficult for you to get your business back on track should the worst-case scenario come to pass.

Select your team

The first step is to set up a planning team composed of employees from across the company chosen for their in-depth knowledge of specific areas of the business. Such a team should include those from IT, telecommunications, logistics and customer service divisions and should be capable of running the business from a temporary location if necessary.

It’s a good idea to spend some time brainstorming with key members of your team to discuss how your enterprise can best respond to a wide range of events. As the response needed to deal with a fire is very different from that needed to deal with a data breach, you may need to have a number of plans in place.

Ready your responses

In the event of a natural disaster, the news agenda is unlikely to focus on your company alone, but in the case of a man-made disaster such as a data breach, you’ll be facing the music alone. In such scenarios, it is essential to make some sort of public statement as soon as possible. Waiting too long to respond to this sort of crisis means you lose control of the story as the media will simply seek out other sources of information. With stories spreading throughout the world almost instantly through social media, any kind of delay can ultimately prove fatal to your company’s financial future.

Cross-train for consistency

If you or one of your key employees is injured in an accident, the effect on your business could be devastating. Cross-training employees so they can take over each other’s roles, at least on a temporary basis, will prevent your business from grinding to a halt.

It is also worth ensuring you know in advance exactly which lawyers to call to deal with such incidents. At a firm such as Harrell & Harrell personal injury lawyers, for example, every case is reviewed by two or three lawyers to ensure it is being assessed not just from a physical point of view but also in terms of the potential financial losses and cost of rehabilitation. Preparing a list of specialists in advance to cover every likely scenario will allow you to respond far more effectively.

Contemplate succession

This kind of planning for disasters should include every aspect of your life. Though it may be unpleasant, it should include plans for what will happen to the company should you die. Ensure there is a provision for new ownership in your will.

Similarly, if you have started the company jointly with your wife, husband, or business partner ensure there are plans are in place for how the business could be divided up in the case of a split. In all such cases, the process of planning should start as early as possible.

StrategyDriven Risk Management Article

What Should You do if You Get Injured at Work

For most employees, their workplace is a safe environment that is maintained to keep everyone safe. Even if you do have to do a dangerous job, there will be measures in place to keep you as safe as possible. However, for a few people, their workplace is not so safe, and this can lead to accidents and injuries at work. No-one likes to take action against their employer, but if you do get injured, then you need to get the support you need.

What is the First Thing You Should Do?

Having an accident in any situation is scary and a little disorientating. However, when it happens, you need to think clearly and report it to your manager. If you need any medical attention, then in the first instance the first aider should be called and a paramedic if needed. If there are others there with you, ask them to take pictures of the incident on their cell phones including what caused the accident and pictures of your injury.

See Your Doctor

When you first suffer the injury, you will usually be sent to a doctor that has been hired by your employee. They will assess your condition and write a report to the employer. It is important to give the doctor all the information about the accident that caused the injury and any subsequent action taken by a hospital. Your employer should be made fully aware of the injury you suffered and also advised about your current condition. Your employer should give you a form to request benefit help. If they don’t provide one, your doctor or the hospital will also have them.

Seeking Help and Advice

If you think that your accident at work could have been prevented, or if you are unsure of the process, then you need to speak to a specialized lawyer. There is a personal injury attorney in San Diego and other states that can look at your case and decide what course of action needs to be taken. It is important to choose a lawyer that has experience in this type of case because they will be in a better position to advise you.

Gather Your Evidence

From the beginning, it is vital that you start to gather all of the evidence you can about the incident and the correspondence. Keep all your letters, medical reports and emails about your accident or your time off work so that your lawyer can see them. It also helps if your employer denies that something happened, or that an area wasn’t safe. It is also a good idea to keep the receipts of any medical procedures or drugs that you have been prescribed. It will help with finding a settlement figure later.

Many people successfully claim for compensations from their employer for an injury at work, and they have still employed them the same company afterwards. It is important that you know the procedure and who to seek help from at the time.

StrategyDriven Risk Management Article

Why Disaster Recovery Strategies Are Still Crucial for Businesses – Even in the Cloud Age

Recently, it was reported that scientists may have found out a very plausible reason for the disappearance of the Mayan civilization. The 3,000-year-old civilization vanished almost entirely (though there are still some descendants of the Mayans alive today) in or around the 9th century AD, and as yet, nobody really knows why this happened. They were highly advanced, large in number, and had inhabited their lands for millennia, and yet they were effectively wiped out.

The new theory, based on analysis of materials found at the bottom of what is known as the ‘Blue Hole’ in Belize, is that the Mayans left their region and dispersed, breaking up their civilization, because of a drought. A natural disaster was something that this 3,000-year-old civilization just wasn’t equipped to handle.

So, what does this have to do with your business? Well, just like the Mayans, you may well be very vulnerable to the destructive effects of a disaster.

Sophisticated Technology Only Does Part of The Job of Protecting You


Disaster recovery used to be a big deal in business, with companies prioritizing every element of their strategy as essential, from back-ups for data through to providing access to staff from offsite locations to allow for business continuity when an office and its equipment were made inaccessible (or destroyed) by a disaster.

Naturally, some of the things that took a lot of work to plan for 15 years ago are no longer such complicated problems. With the cloud, offsite back-ups are no longer essential for all businesses to preserve data if servers are destroyed. Remote working is very easy to achieve with mobile technology and SaaS applications, so keeping key staff in operation when a site is inaccessible is also no longer something that requires intense planning.

However, just because the technology is there and a lot of your DR plan can effectively be pinned on it, it doesn’t mean you no longer need one.

Detailed Planning

While you know your data is all backed up to the cloud and your staff all have access to what they need from home (or a secondary office location), you still need to look at the details. Important things include the roles and responsibilities in the event of a disaster, inter-team communication protocols, and how key stakeholders and clients will be kept up to date and provided with services during the incident.

Risk Analysis

While devising your DR plan, you should also consider the risks associated with different types of disaster, and also both the likelihood and severity of those risks. This will vary by location for things like earthquakes and hurricanes, however, some disasters like fires and floods caused by burst pipes can happen with fairly equal likelihood anywhere, and this all needs to be thought about in your plan.

Don’t rely on the fact you have the latest technology when it comes to disaster planning – the Mayans had some of the best tech of their age, too!

StrategyDriven Risk Management Article

3 Ways to Improve Information Security in the Workplace

In the new digital world where everything is shared and connected, there is a growing concern about information security and integrity of the data you keep. This includes both company records and client files. Treating security breaches has become increasingly difficult, and thanks to recent advances in technology, all of your sensitive data could be uploaded to a malicious party at once in a matter of minutes.

While we know that there is no such thing as an unbreakable system, we can use some ground rules to improve data-security. This will make your data unavailable for malicious software and potential hackers. Here are a few steps you have to take in order to reduce the possibility for breaches.

Plan Ahead

In the world of digital information security, hindsight isn’t worth a lot. Make your security strategy in advance, selecting who will have access to which information and when, where that information will be stored and what will be the procedures to access it. If you know everything you need beforehand, there will be no loopholes that you will need to rush to fix afterwards.

Use Professional Help

There are plenty of companies dedicated to information security, and you should use their assistance in the planning process. These companies will help you formulate your protocols, manage your filing system and select which data can only be accessed with ID cards for instance.

Professionals in this field were often once on the other side themselves, and they will know all the IT security holes that companies miss and can help you prevent them in your information security policy.

Analog vs. Digital

No matter how complete a security suite is, there are thousands of hackers who are actively trying to break them. What hackers and malicious software can’t break is the lack of a physical connection with the sensitive data mainframe.

You can work with a company like IDSecurityOnline to make ID cards to limit access. You could have a separate locked room that only reliable personnel will be able to access and transfer very specific data from manually. Having this physical barrier will make your data un-hackable, as there is nothing to hack. There are hackers who are able to pass even the most sophisticated firewalls, but there are none who can pass a literal one.

In this case, even if you have a security breach, most of your most sensitive data will remain secure, and you will be able to patch your system and move on.

Destroy After Use

If you are working with sensitive data, you shouldn’t leave your hardware unattended, even after you have no use for it. If you can, try to destroy anything containing sensitive information.

Believe it or not, but there are people out there who will dig through your trash for your old hard drives. This is why every information security professional will advise you to rinse your hardware in acid before you discard it, and by hardware, we mean everything: hard drives, printers, VoIP phones, everything.

As you can see, reducing the chances for security all boils down to a few sets of procedures. But more importantly, it’s all about having a plan and doing the steps necessary to safeguard critical information from prying eyes.

StrategyDriven Risk Management Article

6 Tips to Protect Your Business from Identity Theft

Identity theft is becoming an increasing concern for people, with major data breaches becoming a normal part of our daily news cycle. In fact, it is safe to say that your information is probably somewhere out in the void, just waiting for somebody to pick it up and start using it. This is not an exaggeration, this is just the unfortunate reality we have to deal with today.

As a business owner, you are most likely to be targeted by potential identity thieves not as an individual, but as a source. Your databases can be breached leaving all of your customers vulnerable, and putting your face on the news in a way you never wanted. To help protect your business from being targeted for identity theft, we offer six easy solutions to safeguard your company and your customers.

Secure Your Computer Infrastructure

Having a strong firewall and running anti-virus on a regular basis will save your company potential damage. There is an endless arms race running between security companies and hackers every second, and patches to anti-virus software are the only way for us to keep up. Failing to update your anti-virus is like refusing to cancel a lost credit card: you’re just asking for somebody to steal from you.

Change Passwords Regularly

Breaking into an account takes time, but it can be done. If you have been using the same password for the past five years that is more than enough time for somebody to have used brute force to figure out what it is. Adopt a policy of changing passwords at least once every three months, and do not use the same password in more than one place. This will foil brute force attempts to steal information. Require the same routine of your staff as well!

Compartmentalizing Customer Information

The information of your customers should remain on a need-to-know basis at all times. Identity thieves will often exploit your staff to attempt to pull customer information from them. Ensure that your staff only has the bare minimum customer information they need to do their job: they can’t reveal what they don’t know after all. Using identity verification techniques that minimize the exposure of confidential information ensures that the cause of identity theft is not somebody who works for you. Third-party identity verification services such as Cognito can help limit exposure to sensitive information.

Use Dedicated Devices

Do not let employees use their own devices for work related purposes. While employees mean well, their personal devices could be compromised in ways you cannot account for. So, make sure you have a clear distinction between work devices and personal devices. If an employee needs to work from home, the best option is to provide a device for them to use for work. At work, having a dedicated terminal for sensitive functions (like banking) will limit that terminal’s exposure to viruses and other ways to compromise it.

Educate Your Employees

The weakest link in any security arrangement is the human link. Educating your employees on proper security protocols can help reduce your business’s risk. Education is not perfect, but instilling a culture of good security practices will go a long way towards safeguarding your employees and customers from theft.


If all else fails – making sure you have good insurance will protect your business from the fallout. No matter how much you work to protect your customers, a few will inevitably fall through the cracks. Having insurance will allow you to make it right with your customers without destroying your business.

Protect Your Customers, Protect Your Business

Remember that identity theft is, for the most part, preventable. While you cannot do anything about other companies that fail in their obligations, you can do something about your business. Following these steps will protect both yourself and your customers from the perils of identity theft and fraud.