Over the last year and a half, accounting firms and businesses around the world – as well as nearly everyone else – were faced with unprecedented challenges. But although the pandemic certainly wreaked havoc on businesses and workflow models, and threatened their stability, it was never a disaster in the sense of risked loss of essential data.
When we think of more traditional disasters (at least as the pre-covid term would be used), it generally would refer to events such as hurricanes, tornadoes, earthquakes, fires, and catastrophic flooding. These events, as well as server crashes, hacking events or ransomware attacks, could cause more than disruption of practices, downturns in clients and loss of revenue. They could cause total loss of client data and computer systems that would render a firm incapable of providing service.
The pandemic has forced most firms to adopt some of the techniques for getting through such a natural or data disaster, but for the most part, firms were able to quickly move to a remote model with little loss of time and no loss of data. It was a major disruption to firm operations to be sure, and many practices did suffer the loss of some of their team members. But to be prepared for a data disaster, firms need to proactively prepare.
The Federal Emergency Management Agency (FEMA) has some very general business tips that was developed following hurricane Maria in 2017 at https://www.fema.gov/press-release/20210318/stay-business-after-disaster-planning-ahead.
But for accounting firms serving multiple clients, the need to ensure business continuity and preserve client data is critical, and so additional guidance is necessary.
Some steps in the recovery process may be different, depending on the type of event. For the Covid pandemic, for instance, the biggest challenges were in getting remotely-working staff to be able to securely access firm systems and data, and to enable secure online collaboration with clients. For these other types of disasters, its necessary to assess their particular risks.
Hurricanes, tornadoes, flooding, fires and earthquakes may result in the destruction of offices or homes of those working remotely, as well as to firm servers and computing equipment. The following steps can be useful in returning to engaging work:
- Determine the safety of staff and keep them updated frequently on the status of the firm’s recovery process.
- Determine the scale of damage to firm offices (are they safe to return to the office, or should staff work from home). Or is an alternate office location available to be quickly leased?
- Determine severity of damage to firm technology (do you need to rapidly purchase new computers, laptops, monitors, printers, other equipment?)
- If the firm is using primarily or all-cloud systems, does the person leading IT (or the firm’s outside IT consultant) have the ability to quickly help set up new computers with access to these systems?
- Ensure that firm administrative staff also have the ability to get up and running, including the internal accounting and payroll departments.
- If the firm still maintains paper-based records in the office, can these be salvaged? (Another reason for 100% digitization of documents with cloud storage.)
- If the firm is using servers for some data and systems, do proper (off-site/cloud) backups exist, and can they be quickly restored to new servers?
- Contact the firm’s insurance provider. An initial emergency coverage check, even partial, can assist in quickly obtaining new equipment and returning to operations, either from the office or remotely.
- Give firm clients frequent updates on the firm’s status and when operations are expected to resume, as well as each client’s primary point of contact with the firm.
- If the disaster was widespread, clients may be in need of disaster assistance, as well. If the firm is able to resume operations quickly, it can assist clients in obtaining emergency funding, loans or other assistance.
- In the case of long-term power or internet outages as the result of severe storms, if the firm has a remote staff member outside the impacted area, that person should be responsible for keeping clients and staff informed as best as possible.
Other Potential Disasters
Crashed servers, data breaches and ransomware events can also cause painful disruptions or cessation of firm workflow.
- Crashed servers will likely cause the inability to access critical firm programs or some data, but not likely all systems or all data, and communications will hopefully not be impacted. If the firm has a reliable off-site data backup system in place, it should not be terribly difficult to restore systems and data.
- Data breaches may be more severe, especially during the initial detection, when the extent of the breach may not be known. The firm has an obligation to notify clients whose data may have been exposed, and should work with an IT consultant to evaluate the extent of the compromise. The firm should also notify the police or appropriate authorities.
- Ransomware can shut your firm down until the data is restored. The problem is that, if the firm does not have strong anti-virus protections and off-site backup, the data may remain encrypted and unusable. Vigilant IT security practices and policies can help prevent ransomware attacks, as can strong off-site backups and cloud-based firm management and client service programs. (Link to ransomware blog article, June 2021, by Isaac.)
You can use the above steps to develop a checklist to guide you through such an emergency, and ensure that it is remotely accessible.