Protecting Your Business from Disaster
There are many things that can go wrong when you are in business. Broadly speaking, these fall into three main categories: reputational damage, financial problems, and technological issues. However, the three are not mutually exclusive, and an issue in one area can rapidly lead to other problems. For example, a problem with your cashflow can lead to an inability to pay a bill, which may give you a reputation as a poor financial risk. This in turn can affect your ability to get loans or find investors.
You cannot protect yourself or your business from every risk. However, with good planning, you can take action to prevent some and manage others. This page discusses the nature of these problems, and provides some ideas for business owners and managers to help them protect their business against a disaster.
Three Types of Problems
There are three main types of problems that can arise in business:
- Reputational problems are anything that may damage or affect your company’s reputation. They include customer complaints, especially if poorly handled, and doing something wrong on social media.
- Financial issues are anything that affects your company’s ability to continue to trade in financial terms. This includes issues like cashflow, or non-payment of bills. However, there may also be much bigger problems if, for example, you are the victim of fraud by an employee, customer or supplier, or you are sued for negligence.
- Technological problems include anything related to technology and computers. In this day and age, this is most likely to be cyberthreats such as viruses or ransomware.
The key to managing all these types of problems is good risk analysis and management. This relies on identifying all the possible risks, assessing their likelihood and impact, and then addressing them.
Managing and Mitigating Risks in Business
There are some general strategies for risk management, but there are also specific strategies for each of the three types of problems.
Four Approaches to Risk Management
There are four main ways in which risks can be managed and mitigated:
Acceptance means that you accept the risk, and take no action to manage it.
Avoidance means that you go out of your way to ensure that the risk does not happen.
Limitation means that you take action to limit the impact of the event on your business.
Transference means that you transfer the risk to someone else, such as an insurance company.
Managing Reputational Risks
One of the biggest risks to any company’s reputation is social media.
It is both public and free for your customers to access. It is also designed to allow content to spread rapidly. This means that customer complaints can be shared all around the world before you have even noticed them. A mistake by one of your employees—a tone-deaf comment, for example—can also spread rapidly.
To protect yourself:
- Have a proactive approach to social media.
Monitor social media for any mention of your company, respond quickly to comments, and take any negative comments or complaints offline as quickly as you can (by asking the person concerned to message you).
- Train all your staff in social media
Encourage them to take responsibility for their posts, and particularly to know when and how to apologise.
- Have a crisis communication plan
This may sound excessive for many small businesses, but crises can blow up out of nowhere. If you already have a crisis communication plan in place, you won’t have to think about what to do when something goes wrong.
Our page on Crisis Communications provides more ideas for how to react when something has gone wrong, including ideas about when to hold a press conference.
Managing Financial Risks
There are many financial risks to small businesses, especially in the early years of operation. Cashflow—the balance between cash in and cash out—is perhaps the biggest problem for any business, and there is no substitute for good budgeting and financial management.
To avoid losing all your personal assets in the event of bankruptcy or a claim against you for negligence, you should also consider a legal separation between you and the business, for example, by incorporating the business as a limited company.
- You may find it helpful to read our pages on Legal and Financial Aspects of starting a business and Avoiding Common Financial Mistakes in Business
However, there are also some potentially catastrophic risks that need to be managed. For example, you may fall victim to fraud—and employee, customer and supplier fraud are all far more common than many people imagine. It is good practice to carry out background checks for all new employees and suppliers, and many companies now use analytical software to screen all transactions for any signs of fraud, or to detect unusual activity.
The other potential concern is being sued for negligence by a customer. This means the customer taking you to court for damages resulting from the service you provided or its consequences. Any business providing a service is potentially liable to this, including lawyers, accountants, doctors, and any other professional advisor. Many businesses manage this by taking out a professional liability policy against the risk.
The Best Way to Avoid Complaints or Claims
Ultimately, the best way to avoid customer complaints or claims for negligence is to be very good at what you do.
However, even that cannot always protect you, and insurance is a good idea.
Managing Technological Risks
The main technological risks are around cyberthreats such as cyberattacks, viruses, malware and ransomware.
Small businesses are unlikely to be deliberately targeted by a specific attack, but may be affected by more general problems such as a new virus. The best way to protect yourself against these issues is twofold.
First, pay for good anti-malware (including anti-virus) software, and install it on all your machines.
Make sure that you keep the software up-to-date, and that it is working at all times.
Second, train your employees in cybersecurity.
Around the world, businesses agree that the biggest risk to cybersecurity is from people. Ensure that your staff know about the importance of not clicking on links in emails without first checking that they are what they appear, and remind them regularly about cybersecurity issues.
You cannot avoid every risk to your business.
However, good awareness and analysis of risks, and a sensible risk management plan will help your business to weather any crisis.