“Planning for emergencies only seems expensive until you need it, and then it’s priceless,”
Duncan Stirling, a Shefford man who helped his company recover from the Buncefield oil storage disaster.
- Do you know the risks for Bedfordshire? If not have a look here.
- Remember the risks can impact your business as well.
- Regardless of the size of your business, you need to be prepared for a variety of incidents.
- Are you prepared for utility failure?
- Are you prepared for staff not being able to access the building for days, weeks or months?
- Are you prepared for a flu pandemic?
- Give your business a quick health check with our checklist.
- Well done you have a Business Continuity Plan! But does it work? Don’t leave it too late to find out.
- Test your Business Continuity Plan using our testing scenarios here.
- A recent study showed that 96% of reported crime had a cyber element.
- Consider the number of times telephones and computers are used to research, facilitate crimes or used as a means of communication.
- Your biggest threats are:
- Insider Threat (theft/fraud/data breach)
- Malware by phishing attacks
- Data Breach
- Social Engineering leading to scams
- Theft/fraud by Customers or vendors
- Give your business IT a quick health check with our checklist.
- See the following leaflets for additional cyber security advice:
- Prepare Your Business – Mandate Fraud Leaflet
- Get Safe Online – Beds GSO Safe Business Leaflet
- Bedfordshire Police – Protect yourself online leaflet
- Bedfordshire Police – Password Security leaflet
- Prepare Your Business – Phishing Leaflet
- Bedfordshire Police – Cyber Savvy and Cyber Hub leaflet
- Prepare Your Business – Cyber Safety Advice
- Little Book of Cyber Scams
- Cyber essentials (CE) and ISO27001 Presentation
- General Data Protection Regulation Presentation
- Action Fraud provides a clear signpost for reporting all types of fraud, including identity theft, investment, credit card and consumer fraud.
- Whether an individual or a business you can contact Action Fraud by calling 0300 123 2040 or going online.
“When my 10 year old daughter told me the doors had moved on their own on the morning of 11 December 2005,” he recalls, “we didn’t know what she meant, but then I got a call from my boss and you could hear his voice shaking. He told me about the Buncefield explosion and to start doing whatever we needed to do to get our business up and running again. What was uncanny was that we’d rehearsed our disaster recovery plan only the week before and even though I’d moaned about it, I was very grateful we had!”
At the time Duncan worked for Steria, an IT services company who sold disaster recovery solutions, and were located only three buildings away from the Buncefield plant that exploded in the early hours of Sunday, 11 December 2005. As part of a team rebuilding the company from the ground up he spent Sunday calling suppliers to get 180 laptops delivered to their makeshift offices; it was the beginning of three weeks of intensive effort as he and his team worked 14 hour days, living off takeaways, to save the business. “One of the worst things,” says Duncan, “was imagining what would have happened if the explosion had happened during normal working hours. It had blown random holes in walls, embedded glass and debris in the chairs where people sat, blown steel shutters through two walls and wrecked new offices we’d just relocated people into. It would have been horrific.”
“We needed to find new premises for our 400 staff, new IT equipment for them to use, have those rebuilt for our needs and network them. We needed tables and chairs for them to work at and cabling so they could all have the power they needed. “When the explosion destroyed our building it took all our PCs with it, our data was backed up offsite but one of our neighbours had their data systems wiped out. Fortunately I had a strong personal relationship with our supplier so when I called them on Sunday afternoon to order 180 laptops they got on the job and they arrived on the Tuesday. We then had to build them to our spec and our team worked 14 hours a day to do it. I was out buying KFC bargain buckets to keep everyone going. “While we were up and running on the Monday, taking orders and dealing with enquiries, it took three weeks for the situation to be stabilised and over a year before we could finally move back into some parts of our buildings.
“While you can’t plan for everything having some kind of plan helps you hit the ground running when any kind of emergency affects your company. You might have to start from scratch but having a plan and good relations with your suppliers and customers means that you have an advantage over those who don’t. You need to think about the basics, what’s important to your business, what do you need to survive and to get back on your feet. “For example every business needs access to the internet, to their data, and you might need to get your phones diverted to new numbers so you don’t lose your customers. You might need to arrange alternative childcare if people are relocated, your staff might need to travel further too. We had counselling for staff and support networks were set up in Hemel Hampstead for those affected.
“There’s also the physical and emotional effect which you don’t notice at the time. To get back up and running our staff worked long days for weeks and ate takeaways at their desks. People hit an emotional brick wall and need to take a break, fortunately they do this at different times, but you have to plan for your staff having time out from this rollercoaster so they don’t burn out. “But what I did see was people pulling together, I never understood what people meant about the “Blitz spirit” until then, but you can see it when disaster strikes.
“I’d advise any business, whatever its size, wherever it is, to think about getting a business continuity plan. That’s why I’m attending the Bedfordshire Local Resilience Forum events in March to talk to business people about how they should prepare for the unthinkable, because if it happens, it won’t be a drill.”
- VSAT (Vulnerability Self Assessment Tool) – a free self assessment tool that takes no longer than 30 minutes to complete, provides you with an assessment report and sign-posts you to best practice
- Risk Authority Robust V4 is a business continuity package you can use
- Business Continuity Institute (BCI) – for free good practice guides, training, workshops, a bookstore and accreditation
- ISO 22301 (previously known as BS25999) – The international standard for business continuity planning
- Centre for Protection of National Infrastructure – for the top 10 security tips, guidance to create a security plan, to learn about pre-employment screening / how to handle bomb threats / how to make your building secure / about cyber-security
- Business Continuity for Dummies – The Cabinet Office have helped develop this guide on business continuity