Disaster situations are uncomfortable to think about. Even the most pessimistic among us have been guilty of avoiding the discussion by saying things like “that won’t happen to us.” But that’s the exact mindset you want to avoid when it comes to protecting your business.
Everything we do in Business Continuity Planning involves risk impact avoidance, mitigation or acceptance. We cannot prevent outage events from occurring; we can only prepare for how to respond or minimize the impact of risks and outage events. During our speaking engagements, or when talking with clients about potential risks and conditions to plan for, we often hear, “that won’t happen” or “that can’t happen.” While I am not superstitious, there are times I wonder if Mr. Murphy is real. Today I will share some of the events that can’t happen – that did. Have you ever thought:
We are too small for any cyber criminals to target us.
I spoke to a colleague who is concerned about data security. He told me he had to change some settings on his personal firewall and router; within 15 minutes he noticed traffic from China. The traffic did not come from an individual, but automated bots looking for vulnerabilities.
I went to lunch with a friend who owns a small sign manufacturing and printing company. He told me his accounting system was down with a ransomware attack, and he was a bit concerned because his IT consultant (they are too small to have a dedicated IT person) was not sure if the backup could be restored.
We are in a hardened data center. It has complete redundancy.
In a hardened data center with environmental controls, backup power, and a hurricane-proof structure, the monitoring team heard some rumbling. They looked at the outside wall and saw the bottom of the wall start to move inward – like the bottom of a domino sliding forward. With nothing they could do, the wall hit the first rack of equipment, and then the domino effect did happen – rack by rack started to topple over. A community water main leak had eroded the foundation; when the main broke, the pressure of the water pushed the wall in.
We are in a safe area/industry. Workplace violence will not be an issue for us; we are like a “family.”
Individuals at businesses or other locations where violence occurs are always shocked. You don’t hear anyone say, “well, we expected something like this to happen.” Instead, you hear “he seemed fine,” “this is a quiet location,” or “nothing ever happens here.”
Here are some statistics regarding workplace violence-related deaths, and injuries resulting in days off of work, across various occupations from the National Safety Council’s Injury Facts 2016:
- Government: 37,110 injuries, 128 deaths
- Education and health services: 22,590 injuries, 35 deaths
- Professional and Business Services: 4,460 injuries, 65 deaths
- Retail: 2,680 injuries, 127 deaths
- Leisure and hospitality: 2,380 injuries, 107 deaths
- Financial activities: 1,100 injuries, 37 deaths
- Transportation and warehousing: 840 injuries, 71 deaths
- Construction: 680 injuries, 36 deaths
- Manufacturing: 570 injuries, 36 deaths
Our facilities are not subject to natural hazards.
The facility may not be, but what about the people? In one example, during the storms preceding a hurricane, the emergency response team was on a conference call, ensuring there were no actions needed or that everything was prepared (all employees had already been sent home in advance of the hurricane making land). During the conference call, multiple people stated they had to drop off the call; they did not know when they would be available. They lived in lower lying areas: waterways were overflowing, homes were being flooded, and sump pumps were not keeping up with the water. People’s personal lives and homes will always take precedence to their work.
Our people know better than that; they won’t make that mistake.
People do make mistakes and do dumb things. For example, in one data center, the power interrupt button did not have a cover until after a visitor to the data center inadvertently leaned against the wall and pushed the button. The entire data center crashed.
Applications go down due to human error. It seems that airlines have suffered from this occurrence frequently over the last several months.
A person with access to sensitive information left digital copies of financial and confidential data in a rental car. The rental car company could not find it. The organization had to report the loss of confidential data which included personal, private information.
Just because risks and events may have a low probability of occurring, please don’t assume they will never happen. That is the beauty of our lives and world; we may think we are in charge, but Mother Nature, and Mr. Murphy, sometimes like to prove us wrong.