Home Professionalisms Vulnerability Assessments: Poke Holes Beforehand So Nothing Falls Through

Vulnerability Assessments: Poke Holes Beforehand So Nothing Falls Through


by StormGeo Senior Meteorologist Dave Gorham

Smart security

Unexpected events have a way of shining a bright light on a business’s greatest deficiency. Which begs the question: Why don’t some companies pinpoint those flaws before chunks of revenue fall by the wayside?

That’s where a vulnerability assessment comes into play. The objective of this process — which should be a goal of any broad business continuity plan — is to establish a connection between safety and the continuation of your business, as well as your company’s bottom line.

According to the Harvard Business Review, small businesses susceptibility to shutdowns is due, in part, to limited resources, which hinders them from investing in risk management. For instance, take weather and how weather events can affect small businesses. Data in the “Climate Change Preparedness and the Small Business Sector” notes that only 43 percent of small businesses have disaster-relief plans, and only 25 percent of those companies are able to reopen following a major storm.

In business strategy, there’s a pervasive assumption that the only way you can approach weather is to simply hope for the best. However, problems commonly occur when businesses don’t have protocols in place for severe weather events or disasters. And even if there is a plan, the need to use it may be so infrequent that a company becomes complacent and doesn’t rehearse — or drill — the plan, leaving the execution lacking when an actual emergency materializes.

Vulnerability assessments quantify an organization’s overall exposure to weather risks, both obvious and unforeseen. Furthermore, it allows a business to take the next step and address each risk in terms of preparation and probability.

Put the Assessment Into Action.

Enacting a vulnerability assessment starts with a look at the big picture. Planning this examination means defining its scope, gathering supporting and conflicting data, and defining individual (or team) roles and responsibilities during a weather event.

From there, review any appropriate procedures or policies currently in place, and interview any relevant system administrators. Review any data gathered during the assessment phase and identify issues and exposures that need to be addressed. Securing that information also allows for review later, which gives organizations the capacity to analyze risks and trends over time.

Vulnerability assessments, hopefully, resolve any existing soft spots by determining if exposure source is necessary to the organization’s operation. If it isn’t found to be critical, it may be disabled. If it is determined necessary, then it should be upgraded to eliminate the risk.

In situations where an upgrade isn’t possible, relevant personnel and management are made aware of the risk the system presents before the consequence manifests itself in a disaster or weather event.

What Not to Overlook.

These assessments and their findings are unique to the businesses that perform them. That said, there are some factors that are universal to all types of companies and industries. When putting an analysis together, these are a few areas that should always be accounted for:

1. How to get people there. 

One of the first systems threatened in severe weather events will generally be the transportation of your employees to and from the workplace. Uncovering likely and unlikely risks — such as snow or ice in areas that don’t normally expect it, or even flooding or downed trees in areas that do expect it — allows your business to form a response prior to the event that will keep your organization functioning while mitigating the risk

2. How to keep people talking. 

If your business relies on commercial phone systems, a simple power outage could bring functionality, and therefore communications, to a grinding halt. Build a system that uses multiple forms of communications, from cell phones to two-way radios to third-party mass notification systems.

When the office is closed, everyone knows; when it’s open for business, they’ll be ready to go. Additionally, keeping communication lines open to vendors in the midst of a weather crisis will help mitigate issues within the supply chain, while clients can be kept appraised of slows — or, just as importantly, no slows – in product or service.

Functioning communications will keep the gears of your business turning under a myriad of adverse weather conditions and outages, and in cases where supply chain natural disasters take their toll, your business should be able to act on them quickly and efficiently.

3. How this information was assembled. 

An assessment’s value depends largely on viewing results through an individual business’ scope and factoring in its needs and capacities. By viewing risks from a severity and likelihood standpoint, a vulnerability assessment can help dictate a strategy so business leaders can minimize the company’s exposure to risk.

These strategies are often a small part of a broader risk-management service, which can be extremely extensive. They may include a 24/7 control center, satellite communications, aviation services for airlifts and evacuations, alternate work or production facilities, and construction of systems to generate power in case of outages. Even professional weather forecasting services can be retained to not only provide top-level forecast accuracy and timeliness, but to also ensure proper preparation and response to diverse events as the more common hurricanes or ice storms, but also more unique or infrequent events like limited visibility brought about by prolonged dense fog.

While high-end services may be outside of a small business’s operating budget, a smaller-scale assessment can prove invaluable in pointing out risks and addressing weak areas you may have never considered. After all, you don’t want the very continuation of your business and the safety of your employees to fall through the cracks.


dave gorham

StormGeo Senior Meteorologist Dave Gorham is a former U.S. Air Force meteorologist with expertise in aviation meteorology and severe weather. Dave is one of the few servicemen to directly support both Air Force One and Marine One, stationed at Andrews Air Force Base and Camp David, respectively. Now, Dave manages StormGeo’s video production studio, hosts StormGeo’s popular weather webinar series, and presents the Employee Hurricane Preparedness Presentation, among other duties.



Comments are closed.