Thursday, 28 July 2005

How businesses need to consider the risks of terrorism.

“London is under attack”, read the headlines, as many in the security world put their heads in their hands saying, “we told you it would happen sooner or later!”. Their prediction? That terrorism would reach our shores, affecting not government targets, but “soft targets” such as you, and me, and our livelihoods!

For most of us, terrorism is something that happens to other people, which we see on TV, read about in the paper, and feel somewhat distanced from. The reality is, though, that the threat of terrorism is now, and will for some time, be a real concern for UK cities, and whether you consider large corporate entities, small businesses, retailers, or even service driven firms, businesses need to consider the effect of attacks, and build contingencies in advance to protect themselves, and minimise disruption.
A common misconception is that protecting yourself in this manner is an expensive process. Granted, for many large corporations, they pay thousands of pounds per-day for consultants to assess risk, and plan accordingly, but also consider that they have hundreds of millions of pounds in assets to protect, along with many thousands of staff. For the majority of us, however, a few simple tips, and some logical thinking, can help build the strength into our businesses to cope with events which, we all hope, will never happen.

1. Role-Play & Risk Analysis
In the same way that the best way to protect your home is to ‘think like a burglar’, the best way to understand risks in this context is to ‘think like a terrorist’. If someone were to attack your vicinity in the same way as they have in other cities, what would be the effect? Would your business premises suffer physical damage? Would you lose stocks? Do you have business critical systems which could go down? Would your staff & customers be at physical risk? Would your staff & assets ‘in the field’ be at risk? (eg: van drivers, engineers). This is a rather macabre process, but, you must consider that unless you understand what *could* happen, its impossible to perceive what to do about it!

2. Understand Your City!
Unless your local council have had their heads lodged firmly in the sand for the past few years, they will – by now – have a disaster plan in place, outlining warning, evacuation and ‘what if’ procedures. Contact your council and local emergency services, and get this information, keep it to hand, and make sure you and your staff are familiar with it! Also important is ensuring you know who to speak to AFTER an event, how will you know when you can return? (after September 11th, and the London attacks, many areas of the cities were closed for a week or more).

3. “Immediate” Action Plan
Your first priorities in the event of an incident, are safety & communication. Plans should be in place to get your staff and customers to safety, and to inform all stakeholders (customers, staff, suppliers, etc), via any means necessary (eg: through phone/text or via website) about the situation, and immediate actions they need to take (eg: ‘until further notice, the premises are closed’). Any physical actions such as evacuation of staff and customers should be practiced and documented! Remember, if its your business, its YOUR responsibility.

4. Continuity Planning
After an incident, the next step will be to ‘pick up the pieces’. Good planning can, though, ensure your business is back up on its feet quicker.

IT Systems
With it systems being critical to most businesses, its important to make sure your systems are backed up regularly and that these backups are stored OFF SITE. Ensure you have contacts to replace any equipment quickly and to restore data onto it. Many local IT suppliers will offer ‘disaster recovery’ services in this regard. Also important is to consider if you need to access communications off-site while your premises are closed, eg: remotely accessing your business email, diverting phone/fax and so forth.

Physical Continuity
Do you have a list of suppliers for all the fixtures & fittings at your premises? Do you have a list of contractors you could contact in an emergency? What are your timescales to replace stock/machinery/assets? How will you secure your premises following an attack? (eg: boarding up, alarms, etc). As your business gets back on its feet, do you have procedures/systems in place to keep your stakeholders informed of what’s going on? (eg: informing staff, suppliers and customers?).

Financing Continuity
One of the most important considerations is the cost of continuity. Does your business have enough cash ‘at hand’ to be able to respond to an emergency? Are your assets all adequately insured? Does your insurance even cover acts of terrorism? (remember, many don’t!), and how quickly can your insurance provider respond to these scenarios – and what is the immediate claims procedure? How will you service any financial exposures during a crisis (eg: impending wages, supplier bills, other expenses). Following, particularly, September 11th, inadequate financial protection was a factor which caused many businesses to simply declare bankruptcy.

Once you have planned, and document, and thought, and practiced however – don’t forget – and, more importantly, don’t dwell! These are procedures for events which statistically are unlikely (though not impossible), and hopefully will never happen. But, if they do, you’ll be prepared.

Click to read full article...