As we write this, Texas is into the recovery process and Hurricane Irma is landing its final blows on northern Florida, headed north through Georgia and maybe past Memphis; it looks to be a tough year for weather. 2017 also seems to be a bumper crop year for hackers; both the normal data kidnappers who encrypt and hold your data hostage, and the ones sponsored by foreign governments. So, here is our checklist for your consideration:
Data backups — We know we are becoming a broken record, but we have heard so many sad stories recently that we know there is still much work to be done. Even if you are backed-up to the minute somewhere on the Cloud, massive power outages, unlucky hardware outages and data breaches can compromise all of those backups. One wholesaler described their experience: “We got hacked. They encrypted our data then they wiped out our cloud backups. Their ransom was hundreds of thousands of dollars. It was a mess that took weeks to clean up.” The wonderful stability of computer and communications hardware along with the warm fuzzy feelings we get from the mental image of “the Cloud” has lulled us all into acting like it is too solid to fail.
Your action: Consciously evaluate the business impact of an extended outage. The estimates for recovery in Texas are weeks, and even months, for power, communications, facilities, equipment and data restoration. Can your company survive if you lose a day of billing? How about a full week? A whole month? Some of your customers may own up to what they owe, but others will act like they found a winning lottery ticket. If you have no proof of sale, it is a lot less likely that you will collect on those sales. Next, do that same evaluation for taking orders, cutting POs, paying invoices, etc.
Your action: Test your recovery processes. (Note: we said processes — plural, since you must be prepared for multiple scenarios in your backup and recovery.) Thus far, we have never heard that a test recovery went perfectly. We almost always hear that something significant was learned in the testing.
Your action: Keep your own copy (maybe multiple copies) of your data. The recent hack at Equifax is a sad reminder that even big, well-funded companies get compromised. Hard drives and backup tapes are cheap compared to the losses from a disaster or a breach. Yes, it is inconvenient to carry the tape or hard drive home with you, but it’s nothing compared to the loss of your critical operational data. Note that we mentioned carrying the backup home. If your backup is connected to your network, even via WiFi, when your network is hacked, it is vulnerable.
Your action: Review what is getting backed up to ensure that all mission-critical systems are backed up. We assume your server’s operating system AND settings will be saved. (We can make assumptions about your backups but you should verify.) Your ERP data will be backed up. What about your ERP programs? You cannot assume that your vendor will have a current copy of any modes or settings that are unique to your company. What about your webstore and any API servers the store uses? What about email servers both onsite and offsite. What about the PIM content for your store? What about any Cloud based apps you use like SalesForce, etc.? What about your passwords safe?
Your action: Determine what information and documents need to be maintained on paper documents and/or on removable devices outside your computer systems. What will you do when all the passwords you need to recover the server are stored on the server that is 4 feet under water? You can certainly restart your company by calling all of your banks, vendors, customers and employees (who may also be under water) to rebuild your information, or you can maintain that data on paper, on a thumb drive, on your phone and/or on a file in the cloud. If you keep it on the Cloud, remember it may not be readily available since you may need to access it using the Internet and the Internet may not be available. One of the recent lessons from Irma was that while the cell networks were down, in some areas the phone landlines and internet connections were up and running. Several of the providers opened their WiFi hotspots up, allowing customers and non-customers to access the Internet through their networks. We wouldn’t bet the farm on this, but you will want phone numbers and email addresses available to use whatever communications links are operating.
Your action: Develop procedures and train your team on how to conduct business without your computer systems or network. For many years, wholesalers maintained a small stack of order forms under their counters that could be pulled out and used when the computer went down (they were needed and used since the computer went down fairly often). Computers are so stable now that very few wholesalers have any way to take orders when their ERP is down. With barcoding and computer assigned bin locations, you may have ceded that disaster business to some other company, but we think you should make that decision so you don’t explicitly get blindsided by the event. Are you going to close the doors and send everyone home until the computer is back up or have a “Plan B”?
Our industry’s wholesalers and manufacturers are normally the unsung heroes of natural disasters — We cannot give the first responders enough credit for staying put in these dangerous situations and saving many, many lives. Next come the people who provide food, water and shelter and work to restore basic services. Then our industry provides many of the important materials and tools that are needed to recover from these massive natural disasters. We applaud all the companies who work hard to support the recovery of their community. Over the years we have seen wholesalers in our industry operate out of their trucks parked in their parking lot or, when the wholesaler’s lot was out of service, a grocery or department store’s parking lot. With their limited “warehouse” space, they had to keep their finger on the pulse of recovery stocking the types of products needed through the different phases of the recovery. In Houston, we’re guessing the pumps and generators were more important than decorative faucets at the start.
Your action: These are difficult to plan since there are so many possible scenarios, but when you have a stated intent to be back in service as quickly as possible, your team will figure it out. You may be able to preassemble some of the supplies your team may need for getting back in service. You know they will need water, food, generators, extension cords, lights, etc.
Cash — When natural disasters occur you will need all sorts of equipment and materials to get back up and running. Unlike a normal hard drive failure or power failure that is local to your company, everybody will be scrambling to recover from the natural disaster. Everything, especially the mission critical materials, will be in short supply and in high demand. While many of your vendors know you and may continue to supply product to you on your existing account, the service vendors you might need may be strangers who are not able to check your credit or validate your credit card. Your banks may not be available to provide cash.
Your action: Consider if and how much cash you might need in the short term to reestablish your operation in the first couple days. In these emergency situations, cash is king, queen and jack when you need to get something done. Obviously, keeping cash presents the risk of theft during the crisis but also becomes an attractive target for that junior embezzler/thief in your organization who is just looking for an opportunity to jumpstart their career.
Take care of your people — When Rich interviewed A. J. Maloney of Coburn’s Supply after it got hit by Katrina and Rita, he discussed how their company worked to contact people after the events; first to make sure its people were safe and sheltered, but then to start the process of getting people to staff its store reboots in order to support the recovery within the communities it serves.
Your action: Make sure you have a process for the ongoing maintenance of the current home and cell numbers for your people, their home addresses AND personal e-mail addresses. Some companies ask their employees to call a hot line or e-mail to report their status, where they are and whether they need help. Irma and Harvey are good reminders to get them up to date.
Flood insurance — Many businesses in Texas didn’t think they were in a flood-prone area. FEMA will provide maximum grants of about $33,000 and small SBA loans beyond that.
Your action: Reconsider flood insurance.
Alternate sources — Often when your life is disrupted by a natural disaster, your suppliers may also be disrupted. Your challenge then becomes where to source the materials needed by your customers. Sometimes your buying group peers can even provide the same brands you sell.
Your action: Maintain a contact list on paper, on a thumb drive and/or in the cloud of the alternate suppliers you might need in a disaster.
We are certain there are other topics that you will want to consider for your specific situation, but we hope this will get you thinking about your disaster planning and motivate you to take preparatory steps that will reduce the impact of bad situations and also speed your recovery if you are impacted.
Although by the time you read this Hurricanes Harvey and Irma will be weeks past, the recovery is just beginning. Both ASA and HARDI have started relief efforts to aid members that have been affected. You can visit hardinet.org/hardi-unity/ or asa.net/harveydonation for more information.