Hell hath no fury like the average person when their phone or computer doesn’t work properly. But while non-functioning phones, computers and other electronic devices are an irritation in our personal lives, they can have very serious consequences when running a business.
Almost every business now depends on functioning IT, so even minor computer problems can waste substantial amounts of time and money. Major problems can stop a company doing business if computers have been affected by cyber threats such as ransomware, or if IT or telecommunications are damaged or destroyed by extreme weather or fire.
Yet many small business owners do no more than the bare minimum towards disaster recovery and business continuity planning. Only 61 per cent of small businesses regularly back up customer data and IT systems, and only 27 per cent store customer data off-site or on a separate device, according to the 2016 FSB Business Crime Survey.
“Most small businesses don’t do anywhere near enough around business continuity,” says Nick Kulkarni, an FSB member who runs Home & Business Computing (HBC), a small IT services company in King’s Lynn, Norfolk. He believes this is in part because of a lack of understanding around what a company can or should do.
Another reason is that small business owners have limited time and energy to ensure they have the optimum IT set-up. As Justin Bentley, who runs Belfast-based JCB Consulting Services, notes: “People want to concentrate on the things that make them money. But if you don’t do business continuity properly it may cost you a lot – you could go out of business.”
The first step is to identify the business processes that require protection – and the extent to which they rely on IT and on broadband or telephone connections. It’s then a question of whether there are processes in place that will allow recovery of the systems and data needed for the business to operate, within a reasonably short timeframe.
Any business owner who has been through the experience of relying on back-up processes knows how important they can be. Louise Chenery is Director and co-owner of The Tile Shop, which sells kitchens, bathrooms and other domestic products from its showroom near King’s Lynn.
In September 2014, the business was brought to its knees by a major fire that broke out in the middle of the night.
“We lost about 20 per cent of the showroom,” she says. “It destroyed all
the kitchen displays.”
The fire – and firefighters’ efforts to douse the flames – also knocked out the building’s telecommunications and heating systems and wrecked its computer server. It took the business 18 months to recover, in part through diversification into selling different products and by converting part of a warehouse into an additional showroom.
But in the immediate aftermath, speedy recovery of the server and company data played a crucial role in helping the company to stay in business.
Tim Norman, who now runs his own security services company but then worked for another services company, helped HBC’s Mr Kulkarni to restore The Tile Shop’s IT capabilities.
“We had to set up a couple of terminals and download the back-up data to those,” he says. “We had it all back up and running within 36 hours and we’d ordered a new server.”
Backing up data regularly, to a removeable storage device kept off-site, is easy and cheap, says Ken Seymour, an FSB member and Director of KTS Computers, an IT services company based in St Ives, Cambridgeshire.
“Windows comes with a built-in back-up tool, and USB drives are not expensive,” he says. But he urges companies to ensure the back-up drive is not left plugged into the system when not in use. If it is connected, a ransomware attack that encrypts all the data on the company’s computers will do the same to the data on the back-up drive too.
Data could also be backed up on a service provider’s secure facility in the cloud. This could involve working with a specialist disaster recovery service provider, or it might just be a matter of using (for example) a paid-for Microsoft Office 365 account.
It is not usually a good idea to rely on a free cloud service for this purpose as it can be difficult to recover data, and these services may not be secure enough for regulatory purposes.
Small firms also need to take steps to avoid cyber attacks. Often, this will be the result of staff inadvertently introducing malware or ransomware into the system.
FSB’s 2016 research suggested that almost three out of ten small businesses (29 per cent) had suffered a malware attack in the previous year. And more than one in three businesses in the financial, insurance, professional, scientific, technical and administrative/support sectors had been hit.
The research also showed that the average cost of a cyber crime incident for a small business was almost £3,000.
FSB membership now comes with basic cyber protection insurance free of charge, and members can upgrade to a higher-level cover if they choose. Visit fsb.org.uk/benefits for more information.
Many small businesses do not follow best practice in protecting themselves against cyber threats, which seems short-sighted when there are so many effective anti-virus technologies available. It is also vital to download new updates for all your software, on every device, because these fix vulnerabilities that might otherwise be exploited by malware.
The other crucial step small businesses need to take to keep systems safe is to try to help staff recognise security threats. A variety of resources – available online and from cyber security providers – can help teach staff how to spot warning signs, from the language used, to the sender’s email address.
Finally, stay on good terms with neighbouring businesses, says Mr Seymour. “We have connected people up to their neighbours’ broadband connections a few times in an emergency,” he explains. “We’ve run cables into the building next door, or picked up the wi-fi. But you need to get on well with the neighbours for that!”