SOS: Business risks that aren't on your radar but should be

July 8, 2016 | SOS: Business risks that aren't on your radar but should be Emily Schettler, Iowa Association of Business and Industry, eschettler@iowaabi.org

Bruce Kelley, President & CEO, EMC

One key component to running a successful business is identifying potential risks and finding ways in which to manage them.

Many risks can be mitigated with vigilance on the part of employers and employees.

Preparation also is important, especially for those challenges that have become nearly inevitable, such as a data breach, or those out of an employer’s control, like a natural disaster.

“These are things you want to prepare for ahead of time,” said Dutch Geisinger, executive director of the Safeguard Iowa Partnership, which provides resources and training for businesses on safety and emergency preparedness. “You don’t want to be trying to figure it out as you go during a disaster.”

As demands on employers’ time and resources continue to grow, some of these risks fly under the radar but could pose serious challenges to companies should an issue arise. Among them are emergency preparedness and employee theft.

EMERGENCY PREPAREDNESS

EMC Insurance Companies knows all too well the importance of having an emergency plan in place. In March 2014, a three-alarm fire at the historic Younkers building in downtown Des Moines significantly damaged two of EMC’s buildings. Thanks in large part to the company’s emergency response team and disaster plan, EMC was able to avoid an interruption to its business.

“Our ability to continue to operate in the days immediately following that catastrophe, as well as recover from the damage, reinforces the message EMC has communicated to our policyholders for years—it is critical to devote time and attention to business continuity planning,” said EMC President and CEO Bruce Kelley. “Being prepared for the unexpected is the best way for a business to mitigate a disaster, avoid or limit extra expenses, and protect revenues.”

Large businesses, such as EMC, typically understand the significant risk and cost associated with an emergency and have people dedicated to addressing those concerns, said Jerry Loghry, manager of EMC’s loss prevention information team.

However, small and medium-sized businesses don’t always recognize the threat a natural disaster or other emergency poses to their operation.

“The local banker, manufacturer, flower shop—your normal main street businesses—may not fully understand how much more it costs to recover if there is not a plan in place,” Loghry said.

Creating a plan is an important first step to preparing for an emergency, but many businesses aren’t sure where to start, said Dutch Geisinger, executive director of the Safeguard Iowa Partnership.

“I think the fear of ‘How do I begin?’ is usually one of the biggest barriers,” Geisinger said. “However, we know that between 40 and 60 percent of businesses fail if they are impacted by a disaster and do not have a plan. That terrifying fact should be enough to get you to push past that fear.”

Small businesses lose an average of $3,000 per day when they have to shut down their operations, Geisinger said. Identifying appropriate partners and redundancies can help keep a company up and running in the wake of a disaster.

The Safeguard Iowa Partnership was established nearly 10 years ago to strengthen the state’s capacity to prevent, prepare for, respond to and recover from disasters through collaboration between public and private entities.

Organizations such as Safeguard Iowa, FEMA, the Red Cross and even other companies can offer templates and strategies to help kick-start the planning process. Samples can be helpful, but it’s important for businesses to customize plans to their specific needs.

“Don’t stick your name on a sample and say you have a plan,” Loghry said. “You need to go through a process and identify the hazards that may affect you, right down to the specific procedures and policies for addressing those hazards. They will be different for each company.”

In Iowa, there are approximately 30 to 50 common hazards that occur frequently that businesses should be prepared for, from tornadoes and flooding to snowstorms and gas leaks, Loghry said. Entities that serve food, such as schools, restaurants and nursing homes, have additional hazards to consider.

Preparing an emergency plan can also shed light on ways to mitigate certain hazards and hopefully prevent a dangerous situation altogether. For example, while developing an emergency plan, a company might identify a gas meter that is at risk of being run into by a vehicle and install bollards to protect it.

Local public safety agencies can also provide assistance, from guidance on fire evacuation to active shooter training.

Once a plan has been implemented, it is important that it be communicated to the proper people and be practiced. The entire plan should be shared with top management and owners, and it’s important that additional copies are available. In addition to having a copy at their workstation or office, those tasked with implementing the plan should keep a copy in their car trunk or at home.

Components such as how to evacuate in the case of a fire and get emergency responders to their location should be shared with all employees and practiced on a regular basis. The plan itself should be reviewed at least once a year.

“If you’re changing the batteries in your smoke detectors, you should be reviewing your emergency response plan, too,” Geisinger said.

EMPLOYEE THEFT

Alert staff members can be the first line of defense when mitigating certain risks, but those who don’t have the company’s best interests in mind can also cause significant problems.

In fact, the U.S. Chamber of Commerce estimates that 75 percent of all employees steal at least once, and half of those steal repeatedly. Employee theft costs American businesses more than $50 billion annually.

Employee theft is a challenge and risk for companies in all industries, even nonprofits.

“They are especially at risk,” said Frank Harty, an attorney at the Nyemaster Goode Law Firm. “Everyone involved presumes that, like themselves, volunteers and employees are well-intentioned.”

Small and medium-sized businesses are also at risk because they don’t have the security in place to protect against losses, said Mike McKeown of Arthur J. Gallagher, a risk management and employee benefits administration company.

  • Some of the most common forms of employee theft include larceny or embezzlement, skimming, stealing business opportunities and fraudulent disbursements. There are several ways for companies to protect themselves against theft:
  • Perform tougher background checks during the hiring process.
  • Establish a hotline or another way for employees to anonymously provide information on potential thefts.
  • In retail settings, have multiple employees working at once and have refunds or voids witnessed by a second employee or manager.
  • Implement clear anti-theft policies, and educate employees on them during regular meetings. “This shows employees that your company takes this very seriously,” McKeown said.
  • Audit employee practices to ensure nothing out of the ordinary is occurring.

When employee theft is suspected, Harty said there are two things that should occur right away in most cases. First, an employer should check the company’s insurance coverage to see what protection the company might have against employee dishonesty or theft.

In most cases it is also prudent to contact law enforcement. “They have the ability to do certain things with impunity that many employers do not,” Harty said.

One difficult decision employers must make is whether to pursue charges if an employee theft claim is founded. Oftentimes, the associated costs can be more than the money a company can recover from the employee.

One particular form of employee theft companies should be on the lookout for is that of intellectual property, Harty said.

Those thefts could include everything from client lists to source code or trade secrets.

Studies show that such crime is on the rise, but businesses do not view preventing insider fraud as a top priority.

“There are two types of employers — those that have had trade secrets stolen and those who are going to have trade secrets stolen,” Harty said.

An important first step for a company to protect itself against intellectual property theft is to audit its employee agreements and independent contractor agreements to make sure they have the fullest protection under state and federal law.

Harty says there is some good news. Legislation offers employers a greater level of recourse than they’ve had in the past.

For instance, the federal Defend Trade Secrets Act of 2016 makes stealing trade secrets a federal crime and gives employers the ability to seize stolen property in some cases. The Computer Fraud and Abuse Act offers protection if an employee hacks into an employer’s network or exceeds his or her electronic authorization.