Author: Stuart Crawford

You know running a successful business requires much more than just offering a great product or service. It takes constant engagement and collaboration of all of your employees to produce the best results, and it takes your best effort to remain competitive in a crowded marketplace. Collaboration between employees used to mean lots of daily and weekly meetings. Those long hours stuck in the meeting room often wind up taking a toll on productivity, and this loss of productivity is quite often negatively reflected in a company’s bottom line.

The good news is that modern technology now provides an alternative to the traditional meeting: Online meetings. Conducting meetings online not only saves employees travel time and the expense of attending a meeting in person, but quality online meeting software provides the tools that make hosting a meeting more convenient and more efficient than ever before.

Many companies used to avoid online meetings because they were complicated to set up, time-consuming to maintain, riddled with technical problems, and expensive to purchase. But now there are no more excuses. Microsoft offers businesses of any size a quick, powerful, and inexpensive way to streamline meetings: Microsoft Teams and Microsoft Teams Rooms.

What is Microsoft Teams and What is Microsoft Team Rooms?

Microsoft Teams is an ideal way to keep everyone who works at your company, as well as your partners and shareholders, in the loop and working in concert. Microsoft Teams is a suite of communication tools, including web-based, allow employees access to secure and private chat, file sharing, critical business apps, and the video meeting software, Team Rooms. Microsoft Team Rooms eliminates many of the hassles and time-sucking aspects of face-to-face meetings while still allowing them to be productive.

Whether you are having a 1-to-1 meeting or hosting a webinar for hundreds of people, Microsoft Team Rooms goes beyond many of the standalone online meeting solutions to give you the features which really matter to you. A few of these standout functions are easy scheduling, one-click joining, automated note-taking, extensive whiteboarding tools, along with the ability uploading files and share desktop screens. The best part is that Microsoft Teams and Microsoft Team Rooms is part of the Office 365 subscription you probably already use!

How Can Microsoft Teams and Microsoft Team Rooms Help to Make Your Next Meeting Better?

When it comes to hosting a productive meeting, you need a system that you can depend on no matter what. Microsoft Team Rooms has you covered by:

• Offering a single platform accessible through desktop computers, mobile devices, and dedicated video conferencing systems. Whether your meeting attendees are at your home office, in the field or even at home, accessing Microsoft Team Rooms is a breeze. Everyone will be able to participate fully using one seamless and secure application.
• Securing your data. As part of the Office 365 suite of applications, Microsoft Team Rooms reduces the security risk of transmitting your private data using another video conferencing solution. Microsoft is dedicated to protecting your information.
• Making administration and maintenance a snap. Even if you have a dedicated in-house IT department, you want it to concentrate on running your business, not your video conferencing software. Setting up Microsoft Team Rooms is intuitive, and if your employees ever run into problems, assistance is always available.
• Providing almost infinite scalability. Do you host a variety of meetings from small groups to large webinars? You don’t have to spend thousands of dollars on dedicated video conferencing equipment, use any smart monitor or computer-attached screen. Do you have a lot of new hires? They can immediately access Microsoft Team Rooms meetings with their Office 365 account through their computer!
• Supporting post-meeting follow-ups. Since Microsoft Team Rooms is part of the Office 365 suite of applications, if you choose, your employees will continue to have access to notes and files after the meeting. This accessibility makes it a snap for your employees to work together and reduces the amount of time it takes to complete a project.

With the quality tools you need to host an online meeting, the collaborative tools you need for your employees to be productive, and a price point you can’t believe, Microsoft Teams and Microsoft Team Rooms are a comprehensive online meeting solution.

Did you know that your Macintosh webcam could have been hijacked? A serious security flaw in the Zoom video conferencing application joined Mac users to video calls without their permission.

Zoom has now released a fix – click here.

A vulnerability in the MacZoom client allowed malicious websites to enable Mac cameras without users’ permissions. This is a serious flaw that was thankfully discovered by Jonathan Leitschuh.

Jonathan Leitschuh, a US-based security researcher, reported this serious zero-day vulnerability. It allowed any website to forcibly join someone to a Zoom call, and activate their video camera.

Plus, he said that the vulnerability let any webpage cause a Denial of Service (DOS) by repeatedly joining the Mac user to an invalid call.

Even if the user uninstalled the Zoom application from their Mac, it could be re-installed remotely.

What Should Mac Users Do?

To fix this particular issue, Leitschuh advised that Mac users with the Zoom application installed, update it to the latest version of Zoom and then check the box in settings to “Turn off my video when joining a meeting.”

A computer webcam is always a potential gateway for security intrusion. This is why some users put a piece of tape over their webcam just in case.

Zoom Has Since Patched The Vulnerability

The vulnerability has been patched; however, the flaw could have exposed up to 750,000 organizations around the world that use Zoom.

Leitschuh said that the Zoom vulnerability was originally disclosed on March 26, 2019, and that a “quick fix” from Zoom could have been implemented to change their server logic. However, it took them 10 days to confirm the vulnerability. And, it wasn’t until June 11, 2019, that Zoom held their first meeting about how to patch the vulnerability. This was only 18 days before the required 90-day public disclosure deadline.

He said that he contacted Zoom on March 26, giving them the public disclosure deadline of 90 days. Zoom patched the issue, so a webpage couldn’t automatically turn on a webcam, but that this partial fix regressed on July 7th, allowing webcams to once again be turned on without permission.

What Was Zoom’s Response?

“Zoom installs a local web server on Mac devices running the Zoom client…This is a workaround to an architecture change introduced in Safari 12 that requires a user to accept launching Zoom before every meeting. The local web server automatically accepts the peripheral access on behalf of the user to avoid this extra click before joining a meeting. We feel that this is a legitimate solution to a poor user experience, enabling our users to have seamless one-click-to-join meetings, which is our key product differentiator.”

Zoom also reported that they had no record of a Denials of Service or this type of weakness being exploited. They said that they fixed the security flaw back in May.

There are everyday warriors in businesses across the country, but these individuals may never have worn the uniform of their country. This next generation of cyber warriors is being groomed by organizations of all sizes in an attempt to overcome the growing skills gap in the cybersecurity world. While many current cybersecurity analysts started in general IT, there are individuals throughout the business and technology world that are moving towards this lucrative career path. Unfortunately, there are few set career paths already in place and no firm list of skills to develop to move in this direction. See what Under Armour’s VP & CISO, Matt Dunlop, is doing to arm the next generation of cyber warriors that he knows his organization desperately needs.

Background of a True Cyber Warrior

One of the key reasons that Matt Dunlop sees the value of developing these skill sets is because he’s worked throughout the fields of mathematics and computer engineering since his time in the U.S. Army as a colonel. After starting as a network engineer, he further developed his skills by completing a master’s degree in computer engineering and ultimately a doctorate in a related field. When the U.S. Army Cyber Command was created, he was a logical choice to help stand up this new division — partially due to his status as a computer science educator at West Point. In his position as CISO with Under Armour, he’s able to bring together his passion for teaching and marry it with his deep knowledge of technology and cybersecurity. “As we look into the future and project this huge job shortage, companies are looking for the silver bullet,” says Dunlop. “But I look at it as a long game.”

Creating Lifelong Learners

Cybersecurity is an ever-changing landscape and one that doesn’t have a set career path or an endpoint. Dunlap is currently working with the National Cyber Education Program to help create a generation of students that are interested in the exciting field of cybersecurity. There is a major deficit of individuals who have the breadth and depth of knowledge that would allow them to effectively provide cybersecurity protection for an organization. Sparking the interest of the next generation of smart workers is crucial, especially as automation takes the place of low-level activities and leaves plenty of room available for strategists and individuals who are able to implement more complex — and therefore more challenging — environments. Historically, cybersecurity professionals begin as entry-level IT professionals and work their way through the ranks to ensure that they gain the necessary knowledge about infrastructure and integrations to help protect an organization from both malicious actors and internal business challenges.

Cloud is Changing the Face of Cybersecurity

As cloud-based applications gain prominence in today’s business world, cybersecurity professionals will need a better understanding of data and integrations as well as hardware and servers. Transitioning from general IT to cybersecurity requires in-depth knowledge of how and where weak points can occur in an organization’s security net. From next-generation firewalls to strategies for warding off malware and phishing attacks, there are integration details that require recognition of how data flows throughout your business — and beyond. Pulling together information from disparate cloud-based platforms leaves a fail point that needs to be monitored, especially when you consider the proliferation of third-party vendors in the business ecosystem. Each link in the chain that passes data between organizations and customers must be analyzed and monitored for compliance and security throughout the sales and manufacturing cycle.

Arming the next generation of cyber warriors starts with firing the imagination of generations of children and young adults as they enter the formative years of their education. Cybersecurity is an exciting career path and one that will continue to morph as threats emerge. Encouraging staff members to become lifelong learners is one of the shorter-term ways that Dunlop encourages individuals to enter the cybersecurity field, but he is the first one to recognize that we need a broader group of future professionals to enter this critical field and support the security of businesses in the future.

A recently discovered security vulnerability could leave Mac users exposed to malware disguising itself in other programs. If your business relies on Mac, it’s important to know how you can protect your company from falling victim to a cyberattack.

What is the Security Vulnerability?

In early 2019, security expert Filippo Cavallarin discovered a bug in Apple’s Gatekeeper functionality. Gatekeeper is a service that inspects apps that you want to install on a device to ensure they are certified by Apple. If not, you’ll get an “are you sure?” message before you complete the installation.

Cavallarin discovered that there’s a flaw that lets untrustworthy apps trick Gatekeeper into giving the all-clear signal, meaning you never get that “do you really want to do this?” alert.

Instead, once bypassed, you will get a simple, “please download” message, which could contain a zip file that once unpacked, connects back to the hackers’ server.

Cavallarin gave Apple 90 days to repair the flaw, but Apple did not, leading the researcher to disclose the exploit himself in late May. The vulnerability affects all macOS versions. As of this posting, Apple has yet to address the vulnerability.

How Can the Vulnerability Be Exploited?

In late June, cybersecurity companies began noticing the first identified attempts to bypass the Gatekeeper function, now dubbed OSX/Linker. The first identified attempts were believed to be a test to see if the flaw can truly be exploited and worked by writing something to a text file on a compromised computer. Those test runs were signed with certificates used by known adware producers behind the OSX/Surfbuyer malware.

At present, it does not appear that the OSX/Linker malware has taken root outside of test environments.

The identified malware attempts also used a common technique used by malware writers. In a second strain discovered, the malware was disguised to look like Adobe Flash Player installers, a tried and true approach that tricks Apple users into downloading malware when they think they’re downloading a routine software update.

The second strain of malware, dubbed OSX/CrescentCore, checks to see if there’s evidence of common third-party anti-malware software and tools that reverse engineer code on a computer. It also checks to see if it’s being installed on a virtual machine. If so, it will not install itself. Researchers have already found OSX/CrescentCore on multiple websites. It’s also disguised as an Adobe Flash Player installer.

CrescentCore also appeared via high-ranking Google search result listings, which redirected multiple times to a suspicious website.

Once installed, OSX/CrescentCore installs a LaunchAgent folder in a Mac Library folder that includes code to be run every time a user logs in.

It appears the malware coders got access to an Apple Developer ID to deliver the sample code in some instances.

Another identified exploit, called OSX/NewTab, inserts new tabs into a Safari browser session. The injected tabs can contain loaders or malware packages.

One danger of this potential malware is that the embedded code on disk images points to a malicious app on a single linked server. That means that a malicious app could be distributed more easily at any time.

Aren’t Apple Computers Virus-Proof and Much Safer than Windows and Other Operating Systems?

It’s a longstanding myth that Macs are inherently safer than Windows PCs. In recent years, hackers have increasingly targeted Apple operating systems to exploit vulnerabilities.

In February 2018, for example, OSX/Shlayer was discovered, yet another Adobe Flash Player scam that would download additional adware and malware. Similar to the newly discovered threats, it also looked for installed anti-malware software. The year also brought the discovery of OSX/MaMi, which pointed an infected computer to a server allowing them to access websites, even those with encrypted traffic.

June 2018 was an active month for malware discovery. There were several types of malware that exploited a Firefox browser vulnerability. A cryptocurrency miner was discovered embedded in pirated copies of audio software, making it possible to take over a Mac’s processing capabilities to mine.

What Can My Business Do To Protect Our Systems?

There are several security steps to take if there are Apple operating systems in play on any devices connected to your business network.

1. Stick to What You Know and Trust
   Make sure you stick to apps you know are certified by Apple or are from highly trusted sources. Be suspicious about any apps that are downloaded from an unrecognized source, too.
2. Scan Your System
   Make sure that your anti-virus programs have added the OSX/Linker vulnerability to their detection registries. Many commercial and free anti-virus apps and tools have already added the vulnerability to their known threat lists.
3. Don’t Install Adobe Flash Player
   It’s really not necessary or helpful to install Flash at this point, as Adobe is discontinuing the product and will stop releasing security updates after 2020.
4. Partner for Security
   No matter what operating systems your organization uses, you need comprehensive network and data security. Partnering with a valued managed IT services company gives you the security and confidence that hardware and software are protected and monitored constantly. With next-generation firewalls and best-in-class anti-malware protection, you can keep hacker threats contained and minimized.

Technological downtime can make or break a law firm. Even an hour of downtime can cost a small or medium firm as much as $250,000.

What Exactly Can Go Wrong?

Unfortunately, Murphy’s Law has been known to apply in legal cases, meaning if there is an opportunity for things to go wrong they will. It is important that your firm has a dedicated professional, our team of professionals, either inside or outside the firm that can honor your firm’s confidentiality and keep potential problems at bay and/or under control. Some potential issues include

Case Management Issues

Filing is most efficient when stored electronically. They manage related documents, billing, and customer relationships

Security Problems

Reputation is everything for a law firm, and that extends to the attorneys and other staff at the firm. Still, even with so much on the line, the American Bar Association found that as many as a quarter of firms did not have security policies in place. Nothing puts a damper on a firm’s reputation, or even on specific lawyers than a security breach,

Compliance Issues and Software Integration

Various industries and professions have their own set of confidentiality agreements, that any legal team that works with the company needs to follow in order to protect clients, consumers, and any others involved. Some of these include Health Insurance Portability and Accountability (HIPAA), the Gramm-Leach-Billey Act of 1999 (GLB) and the Sarbanes-Oxley Act (SOX). Following these privacy acts means that legal professionals are prevented from disclosing information. The same discretion needs to translate to technology compliance.It is necessary to have software in place that can handle this responsibility, and see to it that attorneys and anyone else with access can run any necessary software correctly and efficiently without violating compliance standards.

Internal Collaboration

Internal Collaboration is an issue that needs constant monitoring due to the way social media quickly evolves. It is common for attorneys to use the internet for communication, however, it is less common for them to communicate internally about a case, which would make their casework more efficient. The right social media integration can help improve communication and make casework more thorough and efficient. Salesforce, customer relationship management solutions are a common tool used by attorneys and their firms in order to produce better results for clients.

How a Managed Service Provider Can Help

Proactive and Regular Maintenance at a fixed can cost can help with all these issues by applying the knowledge to give your firm or business the right IT infrastructure that will support your needs. That means that attorneys and other employees will receive the training they need to serve your clients confidently and safely. if you have an existing system in place, we can analyze what you have been doing so that any necessary changes can be quickly set in motion.

While we at the {company} manage your system remotely, we are still there remotely to answer questions remotely that will improve customer relations and overall productivity. To learn more about how {company} can help your firm contact us today.

Patient scheduling IT doubles the output of booking agents and cuts the time needed to schedule an appointment in half. This can increase the happiness of patients and physicians by lowering the costs of healthcare. When health care professionals digitize their systems, the resulting process improvement enables them to adopt a more consumer-friendly culture.

What Are the Main Problems with Manual Scheduling?

Your staff becomes bogged down taking calls that last up to 20 minutes each. This makes manual scheduling a potential nightmare. It’s bad enough in an office environment, but for providers that rely on a call center, agents end up wasting a lot of time referring to spreadsheets to optimize the provider’s calendar. Also, they have to memorize or look up various scheduling rules that would work better in an automated system.

In a manual call center environment, many incoming calls aren’t scheduled due to poor turnaround times. This often means that patients have a poor experience and may go to competitors with a better process in place.

What Are the Main Problems With a Manual Scheduling Process?

Some providers have patient liaisons and schedulers who focus on new patients. Agents using cumbersome methods to link providers and patients have to access several provider schedules to determine the closest appointment that fits the patient’s schedule. This method can compromise access to care for the patient and revenue for providers. With manual scheduling, closer appointments are often missed. Patients may be scheduled out months in advance, and providers often end up with less than 10 appointments a day.

How Can IT Scheduling Tools Change This?

Providers who implement automated scheduling IT enjoy real-time integration that maximizes the number of appointments set up. Agents see available appointments in one interface and enter basic information to schedule appointments in another — which makes the scheduling process go faster.

Scheduling IT tools let you tailor the presentation for each provider. It designates what time slots can be filled with what type of appointment. Also, scheduling IT can do so for many providers at the same time. This leads to a streamlined process that improves the experiences of agents, patients and doctors.

What Applications Are Available on the Market?

Providers and call centers can choose from a number of patient scheduling systems. Popular vendors include

• BookSteam
• Ability
• Atlas Business Solutions
• CareCloud
• DocMeIn
• SimplyBook.me
• DrChrono Medical Scheduling
• Luma Health
• QGenda
• DoctorConnect

Information about these programs is available online and many vendors are happy to schedule a demo.

What Difference Do These Systems Make?

Before implementing a patient scheduling system, agents had to manually look through online calendars for each provider and verify insurance on another website, all while trying to determine which physicians were accepting new patients.

After implementing integrated IT scheduling systems, agents are available to view available appointments in real time, which lets them identify the most convenient appointment based on the patient’s preferences and needs.

How Does a Patient Scheduling System Improve the Process?

Comprehensive scheduling software improves not only the scheduling process but the entire care outcome. Here are some of the main improvements:

• Average call handling time can be cut in half
• Fewer booking agents are needed and more appointments are set up
• Agents efficiently book appointments and have an easier time complying with the rules of the provider and needs of the patient
• Providers get a consistently full schedule that enables them to plot out their day in advance
• Call centers and booking liaisons can maximize the capacity of providers to reduce the wait times for appointments
• Significant cost reductions enable providers to invest in other areas

What’s the Bottom Line on IT Scheduling Systems?

IT scheduling software balances the needs of the patient, scheduling agents and providers for a better overall experience. Automated systems are better equipped to evolve with the practice of each provider. Lean technology organizations benefit the most from the efficient booking process. They can leverage digital systems to improve existing workflows.

IT teams have been talking about the dangers of instant messaging since the early 2000s, but that doesn’t stop business professionals from utilizing this quick n’ dirty form of communication on a regular basis. Tools for business communication have come a long way in the last decade, but there are still some significant security — and human resources — concerns. While staff members love that they can leverage a business-approved way to get immediate answers to their questions, HR teams often cringe when they think about the informal nature of this type of communication. Employees tend to share information more freely over direct text message or instant messaging, saying things that they would never state directly in an email. It’s all too easy to forget that instant messaging apps and text messages can be saved, copied and re-distributed just as easily as email communication. When you also consider that employees are using instant messaging programs that are less-than-secure, you have a perfect storm that can cause security breaches . . . and HR nightmares.

Not All Instant Communication Platforms Are the Same

Some instant messaging applications were specifically created for business users as a secure method of communication, but others are simply an outlet to an unknown individual on the other side of a mobile phone or computer screen. WhatsApp is a prime example of a non-secure method of business messaging, but one that is used in millions of organizations throughout the world. While fast and efficient at putting team members in contact with each other, there are serious privacy and security risks — not to mention the lack of oversight and administration from a corporate level. WhatsApp is particularly troubling as a choice, simply because it is owned by Facebook. Unfortunately, WhatsApp is also one of the most-used business messaging applications with over one billion global users, far outstripping enterprise-scale solutions such as Slack and Microsoft Teams.

Lack of Security in Text Messaging

With all of the concern around cybersecurity, it’s no surprise that technology professionals are looking for ways to protect the information that is being shared throughout an organization. Whether you’re sending a quick text asking for a project update or confidentially requesting an employee’s information from your HR department, text messages simply aren’t a secure method of business communication. Not only is it possible for someone to intercept the message, but it’s also too easy to accidentally send a message to the wrong person. While sometimes this could simply mean you ask a co-worker to pick up milk on the way home (a message that was meant for a family member), you could also be in a rush and send a highly personal text or picture message to someone from work. Experts recommend utilizing a secure email or instant messaging app instead of simply sending a quick text to co-workers — and always be aware of what you’re sending and where it is going. While there are a few secure ways to send text messages within your organization such as Apple’s verified iMessage platform, there’s still the risk of a misdirected text message.

Workers Are Seemingly Unconcerned About Security

Without ongoing conversations around security from IT and HR departments, it’s unlikely that your staff will even consider that their behavior is risky. A recent Symphony Workplace Confidential survey showed that workers overwhelmingly trust their technology so much that they (mistakenly!) believe their messages are completely safe from prying eyes. They even believe that their technology department is unable to monitor their messaging platforms, and 29% of those surveyed in the U.S. and UK are perfectly comfortable sharing their personal or business details over personal email or a messaging application on a regular basis. More than 25% of these individuals admit to sharing personal details and even talking about their bosses on chat applications or via text messages. While these tools may indeed improve communication and collaboration, it’s crucial that human resources professionals partner with IT leaders to ensure that there are adequate training opportunities and policies in place to protect both the organization and the individual.

Many teams adopt these instant communication platforms in an effort to cut through the clutter in their inbox, never realizing that they are potentially at risk. While text messaging and instant messaging platforms such as Slack and WhatsApp may make your HR professionals cringe, it’s important to realize that they are a part of modern business. If you’re not providing a secure, trusted corporate messaging program, it’s likely that your staff members will simply adopt something on their own. It’s worth the investigation to determine if there’s a platform that will work for your business needs and staff members to help reduce the possibility of data loss or damaging and embarrassing communication dilemmas.

Disaster can come from external factors, such as wildfires, floods and storms, as well as internal events, such as a toxic chemical spill or boiler failure in your facility. It’s crucial to have a plan to recover from these events and to provide a framework to return to work as quickly as possible.

Developing a business continuity plan can reduce recovery costs, safeguard your company’s reputation and may even save lives.

What’s the Difference Between Disaster Recovery and Business Continuity?

Business continuity planning creates a back-up plan that documents how your business will operate if it’s is crippled by unforeseen events. Examples include natural disasters, terrorist attacks, strikes and arson. A disaster recovery plan (DRP) is a subset of the BCP; it documents detailed instructions on how to respond to these unforeseen events.

Before fabricating a detailed plan, your organization should conduct a risk analysis and a business impact analysis that establish recovery objectives and time frames.

What’s the Percentage of Businesses that Close After a Disaster?

The Federal Emergency Management Agency (FEMA) reports that 40% of small businesses close following a disaster, according to CNBC’s hurricane preparedness report. Many small business owners don’t consider disasters among their business risks when making contingency plans or purchasing insurance coverage. It’s a mistake that could threaten your company’s very existence.

How Do You Decide Which Systems Are Essential in an Emergency?

Most BCPs consider how to keep essential functions running throughout a disaster and to shorten the recovery period. BCPs are essential for organizations of all sizes, but it may not be feasible to have complete backups for all your business systems. That’s why it’s important to prioritize essential systems, such as customer relationship management tools and compliance and reporting systems.

Many experts agree that once systems are prioritized the recovery budget should be allocated accordingly. Failovers systems should be initiated to ensure crucial components can be restored in case of cyber attacks, terrorism and other catastrophic events.

What Are the Components of a Business Continuity Plan?

The Components of a Business Continuity Plan:

Disaster Preparedness – Recognize the types of events that might compromise your business, assess the threats facing your company and identify steps to eliminate or minimize the impact of those threats.

Emergency Response – Develop procedures that enable you to respond when a disaster occurs or is forecast to occur. Continue with the plan until everyone is safe and there is no further threat of property damage or bodily injury.

Business Recovery – Identify your company’s critical business functions and define procedures that will facilitate restoration of sales, production and operations to pre-disaster levels.

How Do You Create a Business Continuity Plan?

There are five steps to creating a BCP:

1. Build Your Team. Use a top-down approach to build your plan. That means getting the buy-in of the C-suite, including sign-offs by senior management. One point person should own the process, supported by a core team with representatives from every business department.

2. Assess Risk. List out and rank all the hazards that could threaten your company. Examples include: climate, cybersecurity, supply chain, fire protection, facility construction, staffing and utilities.

3. Analyze Business. Create a business impact analysis (BIA) to rank the risks on your list. The idea is to strategize which systems need to come back online first after an emergency. The appropriate business units should be responsible for suggesting recovery strategies to get up and running within a recovery time objective. For example, backup data files need to be stored offsite and available within a few hours of a disaster, and your IT vendor may be able to expedite the shipment of replacement equipment following a catastrophic event.

4. Document the Plan. Documentation needs to include step-by-step procedures. This doesn’t have to be fancy — most plans are written using word-processing programs.

5. Test the Plan. To verify your recovery strategies, testing is essential. These tests vary in complexity from a discussion of the steps needed to respond to a disaster to comprehensive testing of your backup and recovery of core files and systems. Keep in mind that, business continuity planning should be continually reviewed since your systems and business relationships are static.

How Do You Plan for Personnel Disruptions?

Be sure to have a website or number that employees can call to check in. Services may be disrupted for several days, but most employees should be able to check in within 48 hours. Having a documented plan with one website and number makes it easy for everyone to stay in touch. Social media sites are another great way to let everyone post their status or ability to return to work.

Personnel disruptions. The BCP is often mainly operational, dealing with physical infrastructure. However, a business also needs its people to function. A potential disaster can affect your employees’ lives in various ways, including:

• Employees may live in a disaster zone, even if your company is in a safe location.
• The commute may be compromised.
• Nearby disasters affect attendance and productivity.
• When food, water and other necessities are scarce, it’s hard for employees to concentrate on work.

Who Should You Contact First After Checking on Personnel?

Consider your customers. During a disaster, your first calls may be to insurers and vendors. Don’t forget to keep your customers in the loop. Remember, customers want their regular services and are ready to go elsewhere to get it.

Consider vendor stability. If core services are provided by third-party vendors, double-check to make sure continued service is available during a disaster. Vendors may have an issue delivering goods to your business in a disaster area; vendors in other regions impacted by a disaster may not be able to make deliveries.