Most of us business people don’t think about this question. To most of us, the prospect of going out of business because of something that you cannot control, is silly. The problem is that there are a number of things that could put you out of business that the lack of control is only a minimal component of the whole situation.
These are the risks that we could envisage that you would have no control over but have to mitigated in some way. If you have done a business risk analysis then most of these things would have been thought of. If not then some of these ideas could save your business.
The risk analysis of your business will highlight and define a business continuity plan and a disaster recovery plan. They are critical for a business, should be part of the business plan and should be revised and updated as change is incorporated into business. Most small and medium business and some not for profit organisations do not have a business plan never mind a BC and DR plan.
What else could put you out of business. Here are four risk ideas that have to have mitigating solutions applied against them.
A normal disaster
These are the normal problems floods, fires, earth quakes and tsunamis are the least expected event that could happen to a business. The mitigation of a normal disaster, depending on the effected area, will also affect everyone around you.
Solutions include: off site backup, access to quick money, having a comprehensive DR and BC plan and creating a culture within the business.
This is something that is seldom thought about when it comes to shutting down your business. Your Intellectual Property (IP) could be critical to your business. A different way of doing something, the creation of new software, your contact and client list and other business systems that makes your business unique are potential targets for this type of attack.
What would happen to your business if someone stole your important prototype and the schematics, stole your client list and then deleted your copy or stole you accounting records for the last three years. This information is the life blood of your organisation and should be better protected than most systems in your business.
Solutions include: auditing and reporting with substantial triggers, the use of best practices, training and system policies.
A cybersecurity attack
In today’s world the risk of a cyber attack is not only an idea, most business connections have already been targeted. A cyber security attack is not only a breach of your data, it includes robotic attacks from spyware, malware, viruses, worms and hydras. Most robotic attacks are mostly problematic, they do little damage except to the most unprotected system, they are targeted because most businesses use Microsoft software as their primary operating system and applications.
These attacks are a case of just doing business, but a robotic attack with some social engineering smarts behind it can be a totally different propersition. This can be targeted with a highly effective weapons, controlled by a real hacker and you can now have monumental problems. One of these attacks will leave your business well and truly hurt and in most cases the lack of trust from your clients will be your final undoing.
Solutions include: vigilance, patch management, auditing and reporting, good technology and end point protection.
A financial problem
This is closely related to the cyber attack. Most cyber attacks are targeted at the financial components of your business. They are interested in stealing your money, followed by your IP, and closely related to gaining access to your client records including credit card, personal information and bank details. If they get through your defences most businesses will collapse. Some in spectacular ways and some will just go away and hide and never recover.
Although people have short memories, lose their money or have someone steal it through your business then it will be a long time before someone trusts you again. In that time your revenue will suffer and so will your profits.
Solutions include: training, auditing and reporting, layered protection and internal procedures.