The best way to prepare is to create a strategic contingency plan that will keep your business operating, even if only on a reduced basis, until the damage can be repaired or the business otherwise restored. Such a contingency plan need not be very complicated or involved.

The plan should answer certain key questions:

What are the most important elements to keeping this business operating?
For some businesses, like food or hardware stores, it is a matter of having inventory available as quickly as possible. For other businesses, like professional service firms, it is a matter of being able to get the professionals together to service clients. Whatever the most important elements are for your business, figure out what you would do if a natural disaster interrupted operations. Talk to your suppliers about what they would do, and with your key employees for their car phone numbers or addresses of close relatives.

• Where would we operate?

If your store or office were damaged, you need another place to set up operations. This might be in the owner’s house, or it could be in a warehouse the company owns. The important thing here is to consider the options, and prioritize them if you have more than one choice.

• How would we communicate with each other?

In a natural disaster, especially, electricity and even telephone communications can be knocked out. Make sure you know everyone’s home phone number and all employees’ current addresses. Involve several people in the company in drawing up the contingency plan so that they are alert to the importance of communicating information about new location and hours of operation during an emergency.

• Do we have backup copies of important records?

In order for the business to be able to carry on in an alternative location, it should have access to its records. Consider what would happen if the records were destroyed or damaged by fire or flood. In today’s age of computers, it is reasonably easy to have backup records of customer and supplier lists, provided someone is charged with regularly updating files. Old paper records should be regularly moved to an offsite location; this increases the odds they will be available in an emergency.

• Do we have all the insurance we require?

As just one example, you may want to be sure you have insurance covering you for loss of business time. This could provide critical cash to enable you to re-start operations.

The key issue in putting together such a strategic plan is anticipation. The key questions raised boil down to this:

What do you need to continue operations, and how would you ensure that what you need is readily available?

First off, they send me an urgent notice which is a PDF attachment. This means that I need to open an attachment with no way to verify the sender. Well that violates my concepts of first line of defense against malware. The notice was about my past due bill (7 days late) and advising of termination. I submitted a response on the Sprint website pointing out that the bill I received stated my account was set for auto-pay. That should have been the end of it as I went ahead and manually paid the bill since it was clear their accounting system is a bit wacky and was not going to process the auto-pay.

A couple of days later I get a call from Sprint. They said they were calling about my complaint, but that they needed to verify my identity before they could talk to me about it. They asked for my PIN. I advised that security requires that I never give this information to somebody who initiates contact. The caller suggested I could take his employee ID, but he had no way for me to verify the number until after the call. He then asked for my date of birth. I gave the same response. He then asked for my secret question. Huh?

Now most companies are very explicit that they say they will never contact you and ask you for this type of information. Sprint on the other hand asked for 3 different pieces of this information. When I would not provide it, the rep then played the game of trying to put words in my mouth by saying “So, you’re refusing to provide the information I am requesting?” I advised that he was violating all security rules by calling and asking the questions and that Sprint was making their customers very susceptible to identity theft by getting them used to answering these questions on the phone.

Imagine what happens when the Sprint customer who is used to this behavior by Sprint gets a similar call from a bad guy. The bad guy says he is from Sprint and that there is an issue on the account. He then asks for this private information. The customer who is used to,when dealing with Sprint, going against all common sense in regards to security ends up giving out his PIN, date of birth and answer to the secret question to an unknown caller.

Sprint should be ashamed that encourage such sloppy security. Rather than try to force me to give the information, they should have listened to my response and reconsidered the security hole they are creating for each of their customers.