The other week I received an email threatening to shut down my website unless I sent Bitcoin. I’m pretty sure you’ve all seen something similar. While this one was just a scam and easily fixed by upgrading my security, it got me thinking about how a small business could easily be crippled by a random act – either malicious and intentional or a natural disaster. Big business will always have a business continuity plan (I’m old enough to remember the doom and gloom doing the rounds way back in 1999 with the potential disruption from Y2K), but what about small businesses like us?
It might seem over the top, but in the world of reliance on electronic devices and the internet of everything, how would your small business cope with a fire, cyber attack or serious illness of key personnel? How long would it take to get your business back up and running in the event of serious disruption?
If you don’t know where your back ups are stored (or worse, What’s a back up?), then you really should think about a risk assessment. Now before I lose you completely, and you roll your eyes and think that you aren’t big enough to worry, don’t panic, it actually isn’t complicated.
A risk assessment is simply a structured way of thinking about the following questions and then documenting the outcomes:
- What can go wrong?
- What is the likelihood that it will go wrong (without applying Murphy’s Law)?
- What can I do to prevent or minimise the risk?
The first step is to brainstorm What can go wrong. There are obvious ones which will apply to all small businesses plus the ones specific to you. Examples:
- Fire destroys premises.
- Internet connection is cut to premises (think Telstra/Optus/Vodafone outage).
- Unauthorised access to your computer system.
- Client trips and falls on your premises.
- Inventory becomes obsolete due to changing fashion/fad.
- Industry disruption (is there a chance of Uber, Airbnb or Amazon or similar your industry).
- Computer system back up fails.
- Zombie apocalypse (still with me??).
The list could be very long, but the more specific you can be, the better.
The next step is to document the likelihood that it could go wrong. This should ignore any measures that you already have in place (eg you probably already have anti-virus software installed. Think about the likelihood without it). Taking our examples:
So at first glance at the list above, you’d be closing the business and having a good lie down! But now we have to consider the impact of the something going wrong. Mostly we are talking about the financial cost, but in a broad sense. Reputational damage has the potential to destroy a business.
Remember, the likelihood of something happening will depend on your specific circumstances. I live in downtown Sydney, so a cyclone is remote, but a hailstorm is a different matter!
Now, it’s a simple mathematical equation:
Risk = Likelihood x Impact
Combining our tables:
Sometimes a little judgement is needed to split the categories – that’s where it’s important that you as the owner is heavily involved.
Once you have your risks, it’s now time to think about what is already in place to mitigate any high or medium risk. For example, do you have security software installed? Is it updated regularly? Do you require employees to regularly change their passwords? Do you have business insurance? What does it cover? This is the hardest part of the exercise: determining what is already in place and identifying those areas where you might be vulnerable.
The final step is to assess whether there is something else that can be put in place to mitigate the risk and whether it is financially viable to do so. An example would be the destruction of premises. In an ideal world, you could maintain an empty office to move to if there were a disaster. The cost would be prohibitive, so is it possible to team up with another business in a different location to provide an alternative in the event of a disaster.
While it may seem complicated, the reality is, most small business owners do something similar in their own mind, it just isn’t documented. Taking the time to write it down could mean identifying a hole that you hadn’t thought about (what do you mean the zombies are coming and the baked beans are past their use by date!).
If you need help to assess the risks in your business, I offer a FREE 30 minute initial consultation. You can easily book online here and I look forward to helping you sort your finances!