What this guide is
It’s important to be prepared for a range of emergencies that could affect your business, including:
- physical emergencies, such as fire or flood
- cyber emergencies, including cyber attacks.
Read the information on this page to ensure you’ve prepared your business for emergencies.
How to prepare your business for an emergency
Your business could be severely affected by an emergency.
Taking the time now to consider how you would cope will better equip your response to an incident.
For example, have you planned how you would carry on your core business if your premises were affected by a fire or a flood?
To help your response to an emergency, you can:
- prepare a business grab bag
- create a business continuity plan.
Business continuity planning
1 in 5 organisations suffer a major disruption every year.
80% of businesses affected by a major incident – that do not have business continuity planning arrangements in place – either close within 18 months or never re-open.
Business continuity planning will help you to understand and manage the risks to the everyday risks faced by your organisation.
It will help you prepare for emergencies or disruptions by planning different ways of working that enable you to continue to deliver key functions.
View our business continuity planning leaflet to help you assess your current business continuity planning arrangements. It also has ideas to improve the resilience of your business.
Our Civil Contingencies Service can offer further information and advice on business continuity planning. Email them at ccs@renfrewshire.gov.uk
Cyber security and information assurance
Companies or individuals who initiate active attacks on others may do so for a range of reasons, such as to breach national security or to take part in acts of terrorism, crime, or industrial espionage.
To protect against such attacks, the Centre for the Protection of National Infrastructure (CPNI) advises businesses to consider the following questions and to keep these under constant review:
- who would want access to your information, and how could they acquire it
- how could they benefit from its use
- can they sell it, amend it or prevent staff or customers from accessing it
- how damaging would loss of data be, and how would it affect your operations?
Carelessness is the cause of many cyber failures – for example, failure to encrypt a USB stick or when staff ignore corporate procedures regarding external emails.
Here are some steps you can take to ensure the safety of your information and to minimise the risks of a successful cyber-attack:
- keep track of authorised and unauthorised devices and software
- organise both hardware and software on laptops, workstations and servers
- continually review vulnerability assessments
- install defences against harmful software
- introduce and promote training for staff
- limit and control network ports
- control use of desktops – for example, using strong passwords that follow known standards
- keep detailed logs identifying the location, malicious software deployed, and activity of the machine affected
- control access to facilities, information and systems on a need-to-know basis
- monitor staff accounts appropriately
- establish data loss prevention techniques
- embed incident response plans to protect your organisation’s reputation
- maintain a secure network
- reinforce staff messages around vigilance – for example, only opening emails from trusted senders and reporting breaches of security.
More information
Here are some non-council resources on preparing your business for emergencies: