Incidences of natural disasters have been on the rise, with recorded changes in air temperature, wind patterns and sea surface temperatures, and with natural climate oscillations such as the El Niño Southern Oscillation. Unpredictable weather patterns can directly and indirectly affect business operations around the world. With the start of hurricane season kicking up in June, and with Houston residents still dealing with the record destruction wreaked by Hurricane Harvey last year, businesses should review their plans on how to set up strategies ahead of time to enable their employees to best prepare for a worst-case scenario.
Since forecasters at the National Oceanic and Atmospheric Administration are predicting a near or above-normal 2018 Atlantic hurricane season, which runs from June 1 to November 30, now is a good time for business owners to start testing their current plans.
In the aftermath of a hurricane, flood or wildfire, businesses can face interruptions, such as the loss of electricity or communication. Whether the corporate headquarters or a satellite office is damaged, here are some good protocols—from backing up data, to communicating with employees on proper emergency protocols—that can help minimize losses and maintain productivity.
Data should be backed up daily to ensure that business can go on as usual without inconveniencing customers or interrupting operations. Because external disasters can come without a warning, business owners must have a habitual discipline for backing up information.
Another important area for managers to consider is whether their backups are usable. “There are cases of companies doing daily backups, but discovering months later that the backups were corrupted,” said Joseph George, vice president of product management for global recovery services at Sungard Availability Services, an information technology services company. “Just as important as backing up daily is making sure you are monitoring backup jobs and ensuring the backups are usable, which highlights the importance of testing.”
“Many smaller companies are still too relaxed about backing up their data on a regular basis,” said Alex Hamerstone, practice lead for governance, risk management and compliance at TrustedSec, an IT security consulting firm headquartered in Strongsville, Ohio.
“Many mid-sized organizations are getting better,” he said. “Adoption of the cloud has made backing up easier in many cases, since the cloud provider will back up systems and data for you.”
Instead of just backing up daily, companies should also strive to back up hourly, so less data might be lost, Hamerstone said.
“Just as important as backing up daily is making sure you are monitoring backup jobs and ensuring the backups are usable, which highlights the importance of testing.”
“Consider the example where you back up daily at 11:59 p.m.,” he said. “If a disaster strikes at 6 p.m., you have lost the whole work day’s transactions and data, and are rolling back to the previous day’s image,” says Hamerstone. “This is why, especially for transactional data, real-time duplication to a separate, secure system can be essential.”
Managers should have an established protocol to get in touch with employees during a disaster or in its aftermath, so they can receive updates about whether their office was damaged and is a safe working environment.
“The key thing to remember is that the communications plans and procedures need to be in place well in advance of the disaster,” George said. “Trying to figure that out at the time of a disaster is often too late.”
Multiple forms of communication should be used during a disaster, since some forms of messaging, such as texts, are more resilient, and it can be hard to determine which methods will be damaged when a flood or fire strikes. In addition to email and text messages, social media is a good backup to alert employees of the current situation and whether they should plan on coming into the office.
“Businesses should test their emergency preparedness plans and procedures frequently, and ensure that their employees have a way to communicate with their managers and each other during a natural disaster, even if the power or Internet goes down,” said Brian Cruver, CEO of AlertMedia, an Austin, Texas-based emergency communications software company.
“A two-way communication system enables managers to send and receive information from employees across multiple channels and devices,” he said. “You can use an emergency communication system to check in with employees to make sure they are safe, provide evacuation details if needed, or tell them whether they should come to work or work remotely. No matter where employees are located and what devices they are using, the right emergency notification software will enable them to receive updates on what to do next.”
Take Hurricane Irma, for example. Leveraging location services like geofencing (the use of GPS or RFID technology to create virtual boundaries) helped AlertMedia administrators ensure that only employees in or around the surrounding areas of Miami during the hurricane received critical messages and not all employees outside of the immediate crisis zone.
"Hurricanes often result in power outages and loss of network or cellular service,” said Cruver. “A hurricane communications plan should utilize multiple channels, such as text, voice-call, email, and mobile application pushes to ensure that messages have been sent and received.”
In the aftermath of a disaster, streets and satellite offices may have been flooded or damaged, hindering business operations. One solution is to enable a portion of the employees to work remotely from their homes or at temporary offices established by the company.
"You can use an emergency communication system to check in with employees to make sure they are safe, provide evacuation details if needed, or tell them whether they should come to work or work remotely."
This often depends on the regulatory environment of the industry, but for the ones that allow it, employees can securely log into their network through a virtual private network known as a VPN, or a secured login to a corporate web portal.
There are several industries and functions where a remote login can be trickier, even on a short-term basis. Employees such as traders will need to be back at work within several hours and have access to a trading environment, while industries such as healthcare have regulatory restrictions on access to data, said George.
With technological advances today, however, working from home is a feasible option for many employees. After Hurricane Harvey made landfall last August, the offices on the first floor of the American Productivity and Quality Center, a Houston-based non-profit organization focused on business best-practices research, had over 10 feet of water. “The flooding completely knocked out our systems, and our internet service provider was also impacted,” said CEO Lisa Higgins.
Given the severity of the damages in the city and in their own building, the American Productivity and Quality Center became a virtual one for seven weeks, as 70 employees worked from home using company-issued laptops while the offices were being rebuilt.
If a business has sustained massive damage, such as a loss of data or other interruptions, other risks such as cybersecurity concerns should remain a priority. Cybercriminals will take advantage of natural disasters and attempt to exploit companies financially.
“Cybercriminals will launch many fake websites in an attempt to get victims to transfer money, assuming it will go to support the victims of natural disasters,” said Joseph Carson, chief security scientist at Thycotic, a Washington D.C.-based provider of privileged account management solutions. “However, it is going straight into the pockets of cybercriminals.”
Phishing incidents tend to rise after a disaster, said Hamerstone. “After any disaster, there is a rise in spoofed emails purporting to be from a charity assisting in the disaster, or providing information about the disaster,” he said. “Hackers know that after a disaster, companies are likely to be more focused on getting things up and running, and less focused on security.”