Threats to the health and continued operation of your small business can come from every corner:
- Your employees,
- Your government,
- Outside human forces (hackers), and
- Outside natural forces (Mother Nature).
Grim statistics tell us that 40% of businesses never reopen after a natural disaster. Recently, a telemarketing firm closed its doors and threw 300 people out of work after a ransomware attack.
Worst-Case Business Scenarios
These tales of woe didn’t need to happen. It’s all about being prepared and knowing what to do when you’re suddenly faced with worst-case business scenarios. Take these tips to heart and you and your small business won’t be cited when the next time some writer starts to list hapless businesses that have gone under due to a failure to prepare.
Even in the Internet Age, it’s your employees – and maybe your partner – who pose the biggest and most constant threat to your business. Intentional and unintentional human acts can bring down a business in one fell swoop or slowly erode its viability.
Combating internal threats requires a comprehensive approach that combines:
- Careful hiring
- Smart supervision and business systems
- Diligent training
Let’s face it, small businesses often rush to hire someone who seems like an excellent candidate for an open position without thoroughly checking references and performing a comprehensive background check. This is especially true if the candidate has been recommended by a current employee.
Invest in professional background checks, and in addition to contacting listed references, ask for the names of other professionals who have worked with your candidate when you talk to their references.
Once onboard, be sure to train all your employees in security measures, including online safety and facility safety. Do not give employees higher network permissions than are required for their jobs. Have alarms and cameras in place and be sure they are operating properly.
Fraud is one of the biggest problems for any small business. Put checks and balances in place for handling business funds. For example, if a single employee is responsible for paying vendors, recording receipts, and making deposits, you are making your business vulnerable for skimming. Break up these functions. Require two signatures on checks. Implement strict financial oversight including audits.
The Tax Man
President Reagan famously quipped, “The most terrifying words in the English language are: I’m from the government and I’m here to help.”
I love the quote, but I think he was just a little off base. In my opinion, the most terrifying words are, “I’m from the IRS and I’m here to audit your tax returns.”
The fact is, even a diligent taxpayer can get in trouble with the IRS. And, to make matters worse, few of us have any idea how to deal with it when we’re hit with fines, penalties, and big back tax bills. After all, the IRS can seize our homes, vehicles, bank accounts, or any other property it can use to pay off our tax debt.
As with all the tips I’m offering here, I hope you’re never faced with a situation where they are the only things that save your business and financial standing, but you need to know that there are several ways to lessen the burden of IRS levies and fines:
- Monthly Payment Plans
- Partial Pay Installment Agreement (pay less than owed)
- Hardship Offer in Compromise (pay less than owed)
- Stair-Step Agreement (payments increase over time)
- IRS Fresh Start Initiative (pay off over time with no penalties)
- Hire a Tax Debt Resolution Firm or Tax Attorney to get you the best deal
- Get “Currently Not Collectible” Status (only for those in dire financial situations)
Cybersecurity has gone from a topic that didn’t exist a couple of decades ago, to one that makes major headlines virtually every week. The tragic fact is that by the nature of their work, cyber villains are always a step ahead of cybersecurity professionals.
Your only hope is two-fold:
- You don’t get hit with the absolute latest cybercrime tactic, and
- Your training and security measures cover all known threats.
The issue small business owners need to grapple with is to decide whether or not they – or their IT team – are adequately prepared to train, install, and supervise all aspects of the company’s cybercrime defenses.
Getting up to speed on the proper handling of email and general cybersecurity are topics that most business owners should be able to understand and train their employees on. However, many owners are letting this slip.
On the other hand, hardening your defenses against strong network attacks is probably beyond the scope of most owners. To meet those needs, I suggest bringing in a cybersecurity consultant to assess your weaknesses and propose a cybersecurity plan.
Further, with the boom in cloud-based Software as a Service (SaaS) offerings, small businesses can essentially hand over some of their security concerns to organizations better suited to handling online security.
But even when you’ve signed up with a SaaS provider, the threat of security holes is still there. For instance, many of your employees will be tempted to connect to your SaaS providers via their personal unsecured smartphones or other devices. This is where an expert can help you implement a smart policy with good controls.
Finally, not every threat to your business can be blamed on people. Natural disasters cause billions of dollars of losses every year. If your business is in a rural area of California, it may have been threatened by a wildfire recently. And, your whole building doesn’t have to burn to the ground to put you out of business.
If you have critical company information on a hard drive that gets destroyed by a hurricane or flood, it can be just as devastating as losing your entire office.
To prepare for a natural disaster you need to consider both human factors and your business’s infrastructure:
- Who manages which aspects of recovery?
- Where will employees be located after the disaster? Who will communicate with them?
- How will computer networks/information be restored?
- What is the condition of the physical plant, etc.?
For example, if you suffered a hurricane that managed to leave your facility unscathed, but all your employees fled for safer ground, how would you get reorganized and reopened?
Custom emergency preparedness plans are required for different businesses in areas prone to different types of disasters. Ready.gov — part of Homeland Security — offers extensive “toolkits” that walk you through all the steps you need for devising your own plans.
But as a final word of advice: In the case of each of these worst-case scenarios, it’s critical to understand the situation, internalize the information, draw up the plans, and periodically review/update the plans while times are good.
Don’t wait until it’s too late.