Businesses that focus on the big security breach may very well be missing the smaller threats that can do serious damage.
A human can easily kill a gnat. So how is it that just one gnat can drive you crazy, even though you can kill it in an instant? You are bigger and mightier ... yet one gnat can get the best of you. That’s because you’re too big for the gnat, as it buzzes around your eyes, nose and in your hair.
This is just like when businesses implement giant measures to enhance security and protect themselves against big threats like hacking, or natural disasters like a tornado. The business feels mighty with its extensive video surveillance, steel bolt doors and armed security guards. Yet, it's unable to foresee or handle the small stuff that can have dire consequences.
Some businesses make the mistake of focusing on only a handful of tactics and, as a result, other threats slip in undetected, or if detected, they’re not detected enough to be mitigated. Instead, all the business leaders can do is swat haphazardly, hoping to get a hit.
When businesses zoom in on only a few specific tactics, this results in a rigid plan that can’t adapt, and is useful only if the anticipated threat is precisely how it was envisioned in the first place. Concentrating on just a few selected risks means not seeing the bigger picture—missing greater risks that can come along.
Of course, you can’t possibly anticipate every possible threat. But preparing for just a few isn’t smart, either. What's a business leader to do? Follow this list to prepare smarter.
Emergency Plan of Action
- Make sure all security and continuity plans are adaptable.
- Consider the human component, and work it in to the plan. Can IT’s brilliant plan be sustained by a person? Are facilities manned by one person or a team? .
- Cover all basics and implement regular updates.
- Don’t get sucker punched. Consider a variety of threats (from cyber sources to natural sources), not just a few, and the various ways your organization can respond and resolve.
- Be aware. Figure out backup locations for your business to function should you be forced to displace.
- Prepare staff. Designate a core team and keep their contact information handy so anyone can reach them anywhere.
- Communicate. Design an emergency communications protocol for employees, vendors and customers, etc., for the days post-disaster. Confirm emergency response plans with your vendors and suppliers, and prepare to use alternate vendors.
- Keep your data backup tools in excellent condition.
- Keep your inventory of assets up to date.
- Safely and efficiently store documents. Duplicates of all crucial documents should be kept off-site.
- Routinely make data backups, ideally both locally and with a cloud service.
- Determine succession of management in case key players can no longer function.
- Know the signs of a dying computer. A blue screen can mean a hardware problem or driver conflict. If things are taking way too long, there may be too much software … or a failing hard drive. Strange noises during startup, for instance, can also mean a hardware failure. Consider it your warning.
- Set up your backups. You can set up backup protocols with a program like Belarc Advisor, which is free and lets you know what to install and when it’s time to replace a computer.
- You may want to consider replacing your computer every two or three years to avoid being stiffed by a computer that’s suddenly gone stiff. Nothing’s more alarming than suddenly losing all your data, and there’s no backup computer that you can just turn on and pick up where you left off.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.