Response to disasters is what gets all the press, and the attention of the people most affected.  Response is important, but we have seen that in the past government response can leave a lot to be desired.  In fairness, government is directed to assist but it does not necessarily have responsibility.  The chain of government responsibility, the laws that affect it, and just what they can do is a topic to be covered later.

The key for businesses and families is to know what they can do.  Vulnerability can be lessened with preventive measures and impacted with mitigation.

Keeping with our small business example, we look at cyber attack as their main risk.  Prevention can be made more probable with education of workers about the various threats and their role ensuring they do not happen.  Additionally, improved processes to ensure updates of software and hardware to handle evolving threats can prevent this hazard.

Efforts to mitigate the impact of a cyber attack not necessarily hiring high priced consultants.  A tested process to communicate with clients and employees, and appropriate business continuity measures will lessen an impact.  Please know that business continuity is not a purely information technology function.  What is done to ensure customers are served and employees supported will not happen just because data is backed up offsite.

Once you establish a risk profile, and have a priority based on hazard, vulnerability and impact, use that to plan to prevent and mitigate.

The simple examples above of risk, prevention and mitigation are just that – simple.  Preparedness requires both more detail and planning.

We will start working a detailed example, focusing on a family in suburban Connecticut.  The process will work anywhere.  Hazards, vulnerability and impact will vary with the family or business, where they are located, and what resources they have available to them.