Businesses urged to be prepared for disaster

09/24/2006
By Paula Burkes Erickson
Business Writer, The Oklahoman

Syndicated career columnist Penelope Trunk was at the World Trade Center when it fell.

It sounded like a huge bomb and felt like a snowstorm of dirt, Trunk said. Blinded by debris and buried under a pile of people, she could barely breathe; her mouth was full of dust.

Trunk thought she would die. But somehow she managed to find her way and pull herself into a dimly lit window of a building where she gulped air and a toilet bowl of water, and walked 10 miles to a stranger's apartment.

On the fifth anniversary of 9/11, Trunk's utmost advice to workers about future disasters is take warnings seriously. Many of the 70 employees who worked at her software company two blocks from the towers stood and watched them burn, she said.

"People were screaming and papers were flying everywhere, but we walked toward the site to look around," Trunk said.

As early as the next day, some customers were sending her company e-mails saying, "Sorry, we can't deal with you."

Though employees used laptops to work from home and www.conferencecall.com for meetings, the firm three weeks later filed for bankruptcy and laid off most of its workers, including Trunk.

During September's National Preparedness Month, the Department of Homeland Security is encouraging businesses to develop emergency response plans, including data protection and recovery, telecommuting and contingencies for continued operations.

According to the Federal Emergency Management Agency, some 40 percent of small businesses never reopen after major disasters.

"Disasters don't have to be terrorist attacks; they can be tornadoes and other natural events," said Randall Nason, manager of the security consulting group with C.H. Guernsey & Co., an architecture and engineering firm in Oklahoma City. "The management and recovery are nearly identical."

Business leaders need to think through what kind of effect a disaster would have on their operations and put a plan in place now, he said.

C.H. Guernsey has managed numerous security projects worldwide for such clients as the U.S. Army Corps of Engineers, Lucent Technologies and the United Nations. Following the 1993 attack on the World Trade Center by a vehicle bomb in the basement, the firm served as a third-party reviewer of the company that developed security updates, including vehicle barriers, cameras and electronic security devices.

Most businesses aren't prepared for disasters, Nason said. Each needs to analyze potential threats, develop a disaster plan, train managers to the plan and be able to execute it, he said.

C.H. Guernsey did as much for 1,000 electric cooperatives nationwide. Consultants developed a long list of contingency suppliers, everything from manufacturers of utility poles to local restaurateurs who could provide hot meals to long-working employees. For some items, the firm even developed written contracts, including quantities and costs.

Along with computers, paper and other supplies, companies in their disaster plans should consider establishing a ready line of credit and cash reserves, Nason said.

They also need to consider perception management, or how to let their clients know they plan to continue business as usual, said David Cid, a retired FBI agent and deputy director of the Oklahoma City-based National Memorial Institute for the Prevention of Terrorism.

The institute recently has started developing business contingency plans for companies, including how to identify and mitigate threats.

Smaller companies can start with free template plans available on the Internet at www.ready.gov, Cid said. But those with $1 million or more in gross sales should consider contracting outside security consultants, he said.

"They can't afford not to," Nason said. Plans can cost $10,000 or more.

John Pinard, co-founder of Partners Human Resources in Oklahoma City, encourages larger companies of 500 or more workers to conduct annual background checks on employees. Using a Houston product named Trak 1, his firm for $15 a person offers a one-minute check of the criminal backgrounds in the 44 states with automated records. That compares with an Oklahoma State Bureau of Investigation background check that can take two weeks. "Things change and you need to find out who you live with," he said.

Frank Mong, senior director of product management for the California-based Symantec software security and storage provider, stresses data protection, backup and recovery. Depending on their volume of sensitive information in e-mails and other files, companies should back up files weekly or monthly to a hard disk, transfer to tape and store tapes with a third party located off-site, Mong said.

Companies shouldn't forget about securing and backing up PDAs (personal digital assistants such as Blackberries), smart phones and other remote devices, and look for companies whose products can recover onto entirely different systems, such as from a Dell server to a Hewlett-Packard server. Such packaged services can cost $3,000 to $4,000 a year, he said.

Trunk -- now a Madison, Wis.-based 39-year-old mother of two boys -- believes companies can better spend their resources talking to their employees about how they feel about working with the organization and what can make the company better.

"Disaster preparedness isn't about how thick your walls are," Trunk said, "but about how solid and loyal your customers and employees are. Good companies survive. Bad companies don't."