Critical Actions that Every Local Employer Should Take Right Now
Critical Actions that Every Local Employer Should Take Right Now
Reduce Risk, Increase Resilience, and Ensure Business Continuity During Disasters
By Katie Loovis on September 1, 2021
It’s not if, but when your business will face a disruption. Manmade and natural disasters can cause prolonged interruptions to your internet, electricity, or water supply - critical infrastructure for your business operations and success.
Providers, including Duke Energy and Orange Water and Sewer Authority (OWASA), are making significant investments to improve the continuity of your business during disasters, but what are YOU doing?
Below are critical actions that every local employer should take right now to reduce risk, increase resilience, and ensure business continuity during disasters. This list is informed with input and feedback from expert guest speakers during The Chamber’s June 2021 Risk and Resilience Forum (watch the discussion).
The time to prepare is now, not once the disaster happens.
There’s no such thing as being too small. Chatham County Government suffered a prolonged cyber-attack and data breach last year, our community has already navigated two very real water disruptions with severe negative local business impact (2017, 2018), and we are in hurricane season (e.g., Hurricane Ida in New Orleans).
Get clear NOW on what you will do across several very likely scenarios, including a cyber-attack and prolonged water or power outages. An investment of time and resources now will save you money and headache in the long run.
Emergency Ready Plan
Fifty percent 50% of all businesses that experience a catastrophic loss such as major water damage, (i.e.) flood or fire never reopen. Having a plan is planning to succeed in the midst of adversity. SERVPRO of South Durham and Orange County offers an Emergency Ready Plan which compiles critical shut-offs such as electric, gas and water, along with key contacts and emergency services in a no cost app to aid business in times of crisis. The Emergency Ready Plan or (ERP) comes with a free site assessment to locate and photo document shut-offs and install the app on computers and mobile phones. This invaluable service allows businesses to respond quickly in the event of an emergency to minimize the economic impact and deploy needed help to get the business up and running as quick as possible. To schedule your ERP, call 919-596-1242.
For cyber, prevention is key. Steve Newton, Director of Emergency Management for Chatham County Government, provided a riveting first-hand account at our forum describing how he led the county’s response to a cyber-attack that involved encryption of data, ransom, and data breach in 2020 and lasted 77 days. (Watch Steve’s presentation, beginning at the 1:08:30-mark.)
Steve recommends every local business go through an exercise, called “RANP,” which is an acronym for a) Recognize, b) Alert, c) Notify, and d) Protect. You and your colleagues should ask yourselves:
- How will you recognize indictors of compromise (what system do you have in place so you will know when you are having a cyber-security incident)? Chatham County Government had devices that were monitoring traffic coming in and out of the network, which signaled a compromise.
- How will you be alerted, especially when it’s likely to take place at two in the morning?
- Who will you notify within your organization and across your network of vendors and work groups?
- What initial steps will you take to protect your network and ensure continuity of operations and mission-essential functions (like payroll). Note: unplugging everything may not be the correct answer.
Antwine Jackson, President of Enitech IT Support and Consulting, reinforced Steve’s point that hackers are smart. Antwine shared a story of a nonprofit that was compromised. The hacker lurked in the controller’s emails for 90 days before pouncing on a wire transfer process and intercepting $300,000.
Cyber security incidents are like car accidents, according to Antwine, and you’ll eventually be part of one. Five years ago, his advice would have been to have a good backup of your system. Now, that is insufficient. In addition to a backup system, the best defense is also proper employee awareness and training. Enitech recommends every employee should have:
- Password complexity,
- not use the same passwords on every platform, and
- Multifactor authentication.
Antwine also recommends organizations purchase cyber liability insurance. Our Chamber recommends you consider booking a consultation with Enitech or another IT provider for prevention support now. This is worth your time.
For water, you should know that OWASA has 400 miles of drinking water pipe with many risk factors to the supply, including aging infrastructure and potential contractor damage. According to Todd Taylor, Executive Director of OWASA, 30 years ago OWASA had approximately 50 breaks per 100 miles (or 200 breaks/year), but with strategic investments and improvements, OWASA has brought the break rate down to approximately 10 breaks per 100 miles (or 40 breaks/year). Ongoing improvements prioritize repairs for higher consequence potential breaks, but breaks are inevitable.
OWASA recommends local businesses scenario-plan for 4–6-hour periods of interrupted water supply and sewer service. Our Chamber recommends you also plan for multi-day interruptions, as happened in 2017 and 2018.
Victoria Hudson is the Environmental Health Director for Orange County Government and the Health Department is the authority that would issue a “do not drink,” “do not use,” and/or “boil” order in times of water disruption and compromise. While OWASA is working to improve their response time and isolate breaks to prevent prolonged scenarios, lengthy “do not drink” and “do not use order” were issued in 2017 and 2018, causing substantial community, healthcare, and business disruption. This worst-case scenario could happen again, and for that reason, our Chamber recommends businesses scenario plan for that as well.
The Health Department recommends local businesses establish formal variances and/or incident agreement plans with a known alternative water supply (i.e., a brewery with tanked water) to mitigate water disruptions and ensure business continuity.
For energy, you should know that the electric grid is one of the most complicated machines ever created, with millions of components that are being changed and fixed as we use it and managed often with smart technology.
Duke Energy generates the electricity from a variety of fuel sources, transmits the power to communities, and distributes it to your business (this is referred to as “end-to-end” responsibility of an integrated utility).
There are many threats to the reliability of your power, including weather, trees and animals, physical threats, and even the overall demand for energy (if it’s not properly managed). Duke Energy is investing to modernize the grid and make it more reliable. This is in line with a clarion call to improve our grid system nationwide (CNN Analysis: "It's time to pay serious attention to the power grid")
The Duke Energy director of government affairs, energy, and the environment, Mark McIntire, shared updates along with his colleague Jeff Brooks, power delivery and grid improvement communication manager. (Watch conversation with Mark and Jeff from Duke Energy, which begins at the 13:29-mark.)
If the power goes out, do you know what you will do to ensure the continuity of your business operations? As you consider emergency response items, such as a generator, you can and should also take advantage of energy saving resources. Schedule an energy saver assessment now.
Overall, the relationships you build and the action steps you take now can and will help preserve and protect your business when the disaster strikes. Chamber members like Enitech IT Support and Consulting and SERVPRO of South Durham and Orange County are well-equipped to help you prepare for and respond to disasters.