Prepare your business
Your business could be severely affected by an emergency. Taking the time now to consider how you would cope will better equip your response to an incident.
For example, if your premises were affected by a fire or a flood, how would you carry on your core business?
The following may help your response to an emergency:
- Prepare a business grab bag
- Create a business continuity plan
Our leaflet contains basic advice on preparing your business for an emergency:
Business continuity planning
Business continuity planning will help you to understand and manage the risks to the everyday risks faced by your organisation.
It will help you prepare for emergencies or disruptions, by planning different ways of working that enable you to continue to deliver key functions.
Did you know?
1 in 5 organisations suffer a major disruption every year.
80% of businesses affected by a major incident (that don't have business continuity planning arrangements in place) either never re-open or close within 18 months.
The council and partner agencies have produced the guidance document below to help you assess your current business continuity planning arrangements.
It also has ideas to improve the resilience of your business:
The Civil Contingencies Service can offer further information and advice on business continuity planning.
Cyber security / Information assurance
Companies or individuals who initiate active attacks on others may do so for a range of reasons such as to breach national security, take part in acts of terrorism, crime or industrial espionage.
To secure against such attacks, the Centre for the Protection of National Infrastructure (CPNI) advise businesses to consider the following questions and to keep these under constant review:
- Who would want access to your information and how could they acquire it?
- How could they benefit from its use?
- Can they sell it, amend it or prevent staff or customers from accessing it?
- How damaging would loss of data be? What would be the effect on your operations?
Carelessness is the cause of many cyber failures - for example, failure to encrypt a USB stick or when staff ignore corporate procedures regarding external emails.
Here are a few steps which can be taken to ensure the safety of your information and to minimise the risks of a successful cyber-attack.
- Keep track of authorised and unauthorised devices and software
- Organise both hardware and software on laptops, work stations and servers
- Continually review vulnerability assessments
- Install defences against harmful software
- Introduce and promote training for staff
- Limit and control network ports
- Control use of desktops e.g. using strong passwords that follow known standards
- Keep detailed logs, identifying location, malicious software deployed and activity of machine affected
- Control access to facilities, information and systems on a need to know basis
- Monitor staff accounts appropriately
- Establish data loss prevention techniques
- Embed incident response plans (protect your organisation's reputations)
- Maintain a secure network
- Reinforce staff messages around vigilance e.g. only opening emails from trusted senders and reporting breaches of security