Risk comes in many forms. Some you’ll be able to prepare for, some you won’t.
So, where to start? Our guide to small business risk explains how to identify, understand, and prevent risk, and gives practical advice for getting your business back on its feet if the worst happens.
By failing to prepare, you're preparing to fail
It might be over 200 years since Benjamin Franklin said “By failing to prepare, you're preparing to fail”, but it’s just as true now as it was then. Small businesses that don’t dedicate time and resources to risk management are putting their livelihoods in jeopardy.
Think your business doesn’t need to bother with risk planning? Consider this:
Jake owns a startup that manages social media for other companies where he is the sole employee. He’s tech-savvy so it’s unlikely he'll make a mistake, and besides, he gets sign off from all of his clients before he posts anything. He usually works from his home office, but often works on the go thanks to his smartphone.
A lot of people would look at Jake’s business model and think it’s low risk. But...
Jake is out and about when he suddenly realises his smartphone is missing. When he gets back to the office to log in from his laptop, he finds that whoever picked up his phone has accessed all of his clients’ social media accounts. Whoever it is spent the afternoon posting saucy pictures to their feeds and being very rude to their customers!
Jake is now at risk of getting sued by every client on his books, which could cost him hundreds of thousands of dollars.
Risk doesn’t care how big or small your business is. And no matter how careful you are, sometimes, mishaps are unavoidable.
While the majority of SMB owners think setting up a business is high risk, according to our research, almost a third don’t. Having an ‘it will never happen to me’ mindset is putting thousands of small businesses at risk.
Risk planning might sound complicated, but with the right guidance and tools, it’s relatively straightforward.
Identifying and understanding the risks to your business
Small businesses face a number of risks, but not all of them are necessarily bad – it’s impossible to grow without taking at least some risks. It’s all about planning and managing those risks to make sure a business can survive if things don’t go as planned.
Don't let the name fool you. Compliance isn't just for big, faceless corporations. Every business of every size has rules or regulations they have to stick to. For example:
An employee has a cleaning chemical splashed in their eye by accident. They go to the first aid station but there’s no eyewash solution to treat the injury.
A deadline is fast approaching to get a new product to market. Rather than delay the launch, the product is rushed out without passing proper quality control. After a consumer is injured, the product is found to have failed required safety standards.
Wanting to get a landscaping project completed quickly, work begins as soon as the sun rises and carries on until nightfall. Lawn care equipment is not permitted to be used before 8am and neighbours lodge a noise complaint.
Operational risk is classed as anything that affects the day-to-day running of a business. For example:
A burst pipe floods the basement of a busy family-run restaurant. Until the water damage is fixed and stock can be replenished, the business will remain closed.
The web hosting of an e-commerce company goes down. The business loses half a day in sales while waiting for their web host to get its website back online.
Flu has spread around the office of a mail order gift company, reducing staff numbers by 50% during the busiest time of the year.
Financial risk is one of the biggest liabilities facing small businesses – and it's their biggest worry too. When it's your life savings and personal assets on the line, it’s important to do everything possible to protect them.
A contract with a huge customer is suddenly terminated. New staff were brought in to manage the extra workload and it is now no longer financially viable to employ them if a replacement client can’t be found quickly.
A business bought new equipment on credit, intending to pay it off when a late-paying customer settled their invoice. At the final due date, the customer reveals they’ve gone bankrupt and can’t pay.
A high-spec computer essential to a design agency is damaged beyond repair. High interest-rate credit is used to buy a new one as the business has no cash reserves.
Reputational risk is about the effect on a business if it loses the trust of its customers or investors.
An employee’s laptop containing sensitive customer data is stolen. Customers’ credit card information wasn’t password protected and is sold on the black market to cybercriminals.
A diner leaves a negative review of a restaurant on social media. Rather than responding calmly to the comments, the owner accuses the diner of making false claims and gets into a heated argument for all of his potential customers to see.
In a bar after work, a business owner vents to a friend about a difficult client and is overheard saying some very rude things by one of their employees. The employee films the discussion on a mobile phone and the next week a slander lawsuit is filed against the business owner.
Strategic risk is about a business owner weighing up the pros and cons of taking a company to the next level.
A business is close to outgrowing its current premises. It's important to stay in the same neighborhood and property rarely becomes available. A lot comes up but it’s larger than is really needed. Should the business risk moving now with the hope of growth continuing or hold on until something smaller comes up?
The hottest new kitchen appliance is being pushed heavily by a supplier to a homeware store. If the store purchases more than 50 units they can get a great discount. But what if they bulk buy, and the stock doesn’t sell as well as expected?
An artisan jewelry business is contacted by a retailer asking to sell its products in the UK. The cost of putting logistics in place is high, but there is potential for huge return. Is it worth expanding the business to serve this market?
Preparing for the worst-case scenario
There are many different types of business risk, and they won’t always fit neatly into a single risk type. Avoiding risks altogether is best, but not always possible. ‘Mitigating risk’ is the term given to putting measures in place to reduce risks or manage them as effectively as possible. It’s the next-best solution when risks can’t be avoided.
When preparing for the worst, the first step is to come up with a complete list of scenarios that could damage your business.
There are obvious risks you should protect your business from, like property or damaged or stolen vehicles. But there are hidden risks to be aware of, too.
Most small businesses would welcome a big client with open arms. Sign the contract and wait for the dollars to pour in, right?
Doing so without considering the risks could cause serious consequences further down the line. Let's look at an example:
A large number of software licenses are purchased
Software needs to meet each client’s security measures and regulations
Additional servers may be needed to host software as users increase
New security features to be added to product
Employ more staff to manage client expectations/reputation/develop new features
Diversify client portfolio to protect income if a large client leaves
Raise capital quickly to hire more staff and cover the cost of new servers, development of security features – lending terms are not expected to be good
If a large company leaves, revenue will be severely impacted
If service delivery terms are not met, financial penalties apply
Potential for negative online reviews and social media comments
If service delivery terms are not met, a lawsuit may be filed against the business
Losing a big client could be seen as a negative by potential customers
Hiring a large number of staff and having to later let them go may put off talent in future
In this scenario none of the risks identified are that far-fetched. Yet most of them have the potential to bring your business to its knees.
Once you’ve identified business risks, the next step is mapping out the probability of them happening and calculating their likely impact.
Risks may be:
- Very likely to happen
- Some chance of happening
- Small chance of happening
- Very little chance of happening
And the impact may be:
- Low – little to no effect on business
- Medium – effects are felt but do not seriously harm business
- High – causes major disruption to the business
- Extreme – business may not recover
Using a risk assessment matrix template to help map this out is a great way to get started.
What is recovery planning?
A business continuity plan documents all the tasks or processes that need to be completed if and when something disrupts a business. Its purpose is to keep things running as smoothly as possible. The plan can include anything from what to do if there’s a short power outage, to recovering from premises being completely destroyed.
It helps to have a thought-through process to follow. For example, here's a typical step-by-step plan to help your business cope with a cyber attack:
Planning for the worst-case scenario puts your business in the best possible position to cope after a disaster. Recovery planning is the final piece of the risk planning puzzle. A disaster recovery plan provides detailed strategies on the steps that employees should follow during, and immediately after, a disaster.
The US Small Business Administration reports that approximately 25% of businesses affected by disaster fail to reopen. How many of these could’ve been saved if better recovery plans were in place?
Worryingly, 75% of small businesses have no disaster recovery plan in place. That’s a lot of companies left scrabbling around with no process to follow. Or worse, not being able to recover at all.
Download cheat sheet
Laying the foundations with a solid business structure
Deciding on a business structure has to be done when forming an organization. For startups and one-man-bands, sole proprietorship is usually the best choice. But there are pros and cons to each type of business structure.
Broadly, your choices are:
- Sole proprietorship
- Limited Liability Company (LLC)
As a company grows, it’s likely it’ll need to change its legal structure. Sole proprietors are putting their assets at risk if they’re sued or get into debt, whereas an LLC business structure reduces personal liability. Being a corporation takes it one step further by limiting liability for the company’s owners and protecting their personal assets from creditors.
When forming a partnership, LLC or corporation it’s important to weigh up the pros and cons of each type of business structure when it comes to liability. Personal liability may be reduced but the assets of the business still need to be protected.
There is a fair amount of legal paperwork to be completed when changing business structure. Certain requirements need to be maintained to keep things legitimate. For example, a business operating as an LLC must file an annual report. Failure to do so may result in harsh penalties from the state.
Regulations, licenses and permits
Once you’ve laid your business foundations, it’s tempting to rush ahead with building it up. But there are several important legal matters to take care of before getting started.
It’s crucial you have the right permits and business licenses in place before you actually do any business. For compliance, licenses and permits should be reviewed as you grow and each time you offer new products or services. Some licenses and permits expire after a set period of time and will need to be renewed.
It’s important not to leave any gaps. Here's why:
Samuel’s run his Illinois gardening business for three years. When he set up his company, he filed all the correct licenses and permits needed to be compliant with local and federal laws and regulations.
Some of Samuel’s customers had complained about creepy crawlies destroying their lawns. Pest control wasn’t a service Samuel offered, but he bought some pesticides to treat their yards anyway.
It was all going fine until runoff from the treated lawns ended up in a nearby creek, killing all the aquatic wildlife in the area. Someone lodged a complaint saying they saw Samuel applying the treatment to nearby gardens. The Illinois Department of Agriculture traced the pesticide application back to Samuel, where they discovered he wasn’t licensed.
As you can imagine, Samuel and his business are now in big trouble.
Why is it important to have the correct permits and licenses?
Didn’t get the right permits? Didn’t check whether you needed licenses at a federal and state level? Forgot to renew a license?
Your business could be at risk of:
- Financial penalties
- Suspension of the business until it becomes compliant
- Closure of the business if it doesn’t comply with licensing requirements
- Loss of access to business premises
- Possibility of lawsuits
- Reputational damage
- Loss of income
Sign on the dotted line
Contracts can be complicated. It’s tempting to seal the deal with a handshake and get down to work.
Paperwork is a chore, and technically, verbal contracts are legal. So why bother drawing up contracts at all?
Well, a verbal contract can be appropriate in some circumstances, but it's never as robust as a paper contract. Yes, it might be legally binding, but it’s very difficult to enforce if you do end up in court. It becomes a case of ‘he said, she said’.
Other issues with relying on verbal contracts:
- It’s easy to forget what was agreed
- It’s easier to lie about what was agreed
- It’s easier to misunderstand what was agreed
- It’s against the law not to have a written contract in place in some states
Sayaka owns a web development business creating websites. Her clients are mostly mom and pop stores that need simple websites, so she’s never bothered with a written contract.
A large local retailer was impressed with her portfolio and commissioned Sayaka to build them an e-commerce website. After a few teleconferences to outline their requirements, she was given a deadline for the new site to go live. When she sent over creative and wireframes, they jumped on a call to give feedback and signed off her ideas.
Everything was running smoothly until a week before the deadline. The site was nearly completed, but the client demanded lots of new functionality and features. Knowing that she wouldn’t be able to meet the deadline, Sayaka asked for an extension.
The client insisted the site must be ready for the date they agreed - a lot is at stake with a huge brand relaunch planned - which cost tens of thousands of dollars. Even worse, they claimed that she promised all of the functionality and features would be included during one of their many calls. Did she forget, or is the client trying their luck?
With no written contract to check the details, Sayaka can either risk being sued for not meeting the deadline, or prepare to pull some all-nighters to get the site finished in time.
Always get it in writing
To minimize risk, a written contract signed by all parties is the way to go. A contract between a business and its client needs to outline the responsibilities and deliverables agreed upon to protect its interests in the event of a dispute. Contracts don’t have to be hundreds of pages long or full of legal jargon, however.
Paying for a lawyer to draft contracts can be expensive, so it’s no wonder many businesses turn to free, online contract and agreement forms. The problem with these templates is understanding the legal terminology within them, or knowing when important information is missing.
Generic contracts and agreements are not a one-size-fits-all solution. This means there‘s a good chance terms and conditions that should be in place to protect you will be left out.
A home-care business delivers a completely different service to a real estate agent. The risks are completely different. So how could the contracts possibly be the same?
Yes, it can be expensive to hire an attorney to draw up a contract. But how would your business cope if the piece of paper you’ve signed doesn’t turn out to be legally binding when it matters most?
Check the small print
Signing contracts comes with big risks too.
When entering into agreements with new clients, partners, or suppliers, there’s a good chance they’ll present their own contracts and terms and conditions to be signed. Breezing through them in the same way you do when accepting the T&Cs on a software update is simply not an option.
Jared’s company was hired to create an app for a ride sharing business. His team wrote all of the code, and began building the app, when the contract was suddenly terminated. A lot of work had gone into the design and build, and Jared doesn’t want to hand over his hard work for someone else to get the credit.
The sudden termination was bad enough. But sure enough, when he checked the contract, Jared found that there was nothing preventing the client from dropping him without notice. And then, buried in the small print, it stated that everything Jared created while contracted by the company becomes its intellectual property (IP). Jared has effectively signed away his IP by accepting the terms of the contract.
Bigger business, bigger risk?
As your business grows, it’s likely to need new contracts drawn up. Perhaps a spouse wants to become a business partner? Or work needs to be outsourced to fulfil a major project? Maybe it’s time to hire a marketing company to take care of managing social media?
All these scenarios increase risk:
- A business owner may put their company at risk if they separate or divorce without signing a partnership agreement. Without it, how can you prove who owns what?
- A business hires an IT consultant. When they accidentally delete a customer database, it turns out they do not have business liability insurance coverage. The business assumed they did. An independent contractor agreement would have explained that having liability insurance was a requirement.
- A marketing company does not sign a non-disclosure agreement (NDA) with the business and reveals details about its financial performance to a friend who is a journalist. The story gets picked up, resulting in investors threatening to pull out.
If in doubt, have an attorney check it out
No matter how careful and thorough you are, when it comes to drawing up contracts and agreements, only a legal expert will be able to confirm how well it would hold up in court.
Download cheat sheet
Taxes can be taxing
Unless as an individual you’ve generated a gross income of less than $5 in the last 12 months, we’re afraid you’re going to have to file taxes. Filing as an individual can be challenging, but small business owners are likely to find it even more difficult, especially as taxes have changed considerably due to the Tax Cuts and Jobs Act (TCJA). As the biggest tax reform in decades, filing taxes just got a lot more complex for almost everybody.
Different tax rules apply depending on business structure. There have been changes to deductions, deprecations, and expensing. New provisions have been added. And for high-tax states, the amount that can be written off of state and local taxes has been capped, meaning they end up with much smaller refunds.
Common reasons the IRS charges penalties:
Getting it wrong can result in big fines. And overlooking deductions can result in a much smaller refund. We strongly advise hiring a professional tax preparer.
Keeping the cash flowing
SMBs’ biggest concern is financial risk. As well as economic uncertainty, financing issues are keeping a lot of business owners awake at night.
Cash flow can be unpredictable. All it takes is a couple of late payers or unexpectedly having to replace expensive equipment to find yourself in serious trouble.
Getting funds from traditional lenders has become more difficult, with long and inflexible repayment terms for those who do secure funding.
Fortunately, there are options for small businesses wanting to minimize the risk of cash flow problems.
Safeguard your finances
Vetting the finances of customers, partners, and suppliers before entering into a business relationship with them is an essential step in minimizing credit risk.
Cover your back by running a credit report on a potential customer or partner before you sign a contract to assess their creditworthiness and past payment behaviour. If a business is already making late payments to creditors, or isn’t meeting agreed invoicing settlement terms, there’s a chance you’ll find yourself in the same situation if you work with them.
If you take on customers and partners with a history of bad credit, you’re putting your business at huge financial risk. If payments are late, fail, or the company files for bankruptcy, you can also suffer. Entering into risky financial relationships can have a knock-on effect and damage your cash flow – and your creditworthiness.
Tempting as it may be to sign up new clients and partners to quickly build up business, ultimately it really doesn’t pay to work with those that can’t pay.
If you can, try to keep an eye on the credit profiles of existing clients and vendors to monitor whether credit risk needs to be updated. Some organizations start off paying invoices on time but can suddenly stop without warning. Chasing for late payments that’ll never come takes time – and is entirely preventable by taking a proactive attitude to credit risk.
Saving for a rainy day
Life is full of surprises. No matter how careful you are, there’s a high chance you’ll experience hard times and need a quick cash injection.
Lots of small businesses use a cash buffer to mitigate risk, yet calculating how much to put aside is usually based on pure guesswork. Many simply rely on whatever’s in the bank, rather than seeking expert advice. Instead, take the time to work out how much replacing essential equipment or staff would cost, and then use that figure as a starting point for building an emergency fund.
A cash reserve isn’t just for a major emergency. Entrepreneurs and sole proprietors who can’t work due to sick days can be hit hard, even if you’re only out of action for a short time.
Putting money aside can seem difficult at first, especially if things are already tight, but even saving 1% of your total business income per month can help build a fund. As circumstances change, you can always reassess and increase what you’re saving, depending on how business is going.
There are business savings accounts available with low minimum opening balances. Any cash you put away will generate a better yield than a simple checking account, thanks to higher interest rates.
As a company employs more people, risk increases. Employees can take legal action against the business, and the more staff there are, the more chance there is of something going wrong.
There are a huge number of employment laws you need to familiarise yourself with before making your first hire, as well as a ton of paperwork.
Laws apply at federal and state level, so it's a good idea to find a local legal expert to check everything has been completed correctly before bringing on new team members.
As a general rule, before hiring your first employee, you’ll need to:
- Have an EIN (Employer Identification Number)
- Make sure the employee is eligible to work in the U.S.
- Complete all tax paperwork (W-4, W-2, and state taxes)
On top of this, in most states, businesses have to buy workers’ compensation insurance to protect employees against workplace injuries. This policy means that if one of your employees gets hurt while at work, medical bills, lost wages and legal expenses can be covered. Without it, you could face significant penalties if one of your team is injured.
Keeping things above board
As your business grows, it may benefit from bringing in new people to offer their experience, expertise, or financial support as a director or officer.
Picking people to become directors and officers is a decision not be taken lightly. Do they have a track record of acting ethically? What should their role be? How much control should they have? Do they have any conflicts of interest which may disrupt the running or profitability of the company? What benefits does their appointment bring?
Appointing somebody who makes poor decisions or acts in their own interest rather than that of the company, its employees, or shareholders, can devastate your business. Plus, once they’re in, it can be tricky to remove them from the board, and by the time you do, the damage might already be done.
Here's an example:
In the last three years, Leighton has seen her flower arranging business blossom. She decides to appoint a well-known local entrepreneur with retail experience as a director after leasing a store downtown. With their knowledge and connections, she hopes to one day reach her goal of becoming the number one florist in the city.
Things are going well until she discovers the director is in financial difficulty due to a gambling addiction. Leighton is concerned that the director has access to the business’ financial information, but she also worries it puts her reputation and chances of securing future funding at risk.
When Leighton attempts to remove them as a director citing concerns about their personal finances, they decide to sue her. With no formal agreement in place outlining the reasons a director can be terminated, Leighton is now in a difficult situation.
Whether they are employing one person, or one hundred, a business owner still runs the risk of being sued as an individual - even if they have reduced personal liability by structuring the company as an LLC or corporation. And if there are directors on the board, their personal assets may be at risk from claims of wrongdoing.
Example claims may include:
- Lack of, or poor, governance
- Mismanagement of company funds
- Underperformance (of stock, or the company)
- Breach of duty, care, or company law
- Failing to comply with rules and regulations
- Making decisions without the right authority
- Poor employment practices
Fortunately, when it comes to defending claims of wrongdoing, a directors’ and officers’ insurance policy offers protection for directors and their personal assets, and those belonging to the business. Directors’ and officers’ insurance is not just for big corporations with a board of directors. With the cost of a lawsuit against an individual coming in at six or seven figures, most SMBs would not survive without it.
Hiring and firing
Hiring an employee for the first time can be nerve-racking. While it’s important to ask lots of questions to find the right person for the job, there are a number of things it’s illegal to ask during an interview.
Even questions that appear innocent, like ‘how old are your children?’ can be seen as discriminatory.
Preparing a list of interview questions – and sticking to them – is the best way to avoid asking anything inappropriate. Don’t just assume that if the question doesn’t offend you personally it’s fine to ask. If in doubt, use pre-approved sample interview questions.
Once a candidate has made it past the interview stage, they’ll need to pass a background check before putting your offer on the table. Pre-employment screening has become an important part of the recruitment process, and for good reason – 85% of employers found applicants to be lying on their resume or application form.
By making a hiring decision without proper vetting, you could find yourself recruiting again sooner than you think – and that’s after going through the process of letting an unsuitable employee go.
Once you’ve offered a candidate a position you’ve agree the terms of the role, it’s essential you have an employment contract signed by both parties making it official.
When it comes to firing a member of staff, this can generally be done without notice as long as there is a legitimate reason for doing so. This could include:
- Issues with performance or productivity (e.g. turning up late, not meeting targets)
- Unprofessionalism (e.g. using cell phone at work, making comments about the company on social media, ignoring dress code)
- General layoffs
- Gross misconduct (e.g. theft, fraud, drug or alcohol use, offensive behaviour)
With the exception of gross misconduct, firing someone should be seen as a last resort. Often, disciplinary action or coaching is a successful alternative to having to let someone go.
Even with a signed contract, and documented disciplinary action, there still needs to be a legal reason to terminate an employee. This protects a business against being accused of unfair dismissal. It is illegal to fire someone because of their gender, race, religion, marital status, or age, and in a number of states, their sexual orientation and gender identity. A business can’t decide to fire someone for personal reasons without the threat of a wrongful termination lawsuit.
Employee rights (and righting wrongs)
Employers want what’s best for their staff. When people are happy at work, they’re more productive, and more likely to be loyal to the company for a long time.
Beyond being a good boss, you must be aware of the federal laws protecting employees' rights. These laws apply to employees in all states, unless state employment laws provide a higher level of protection to employees.
Some federal employment laws are only applicable once a business reaches a certain number of employees. Title VII, for example, which prohibits employers from discriminating in the hiring process based on race, religion, sex, color, or national origin only applies to employers with 15 or more employees. But that doesn’t mean that there isn’t a state law that overrides this rule, too. If in doubt, check.
Dealing with disgruntled employees
At some point, an employee could raise a complaint or want to discuss concerns about their workplace environment. Right from the off, it’s crucial you manage and document these discussions.
Common grievances include:
- Unfair pay
- Lack of communication
- Feeling under appreciated
- Being discriminated against
- Overbearing managers
- Accusations made against another employee
You can deal with many of these issues by taking the time to empathise with the employee and setting out what will be done to address their concerns in a clear and concise way. But, some issues will escalate and some employees might need support through difficult periods.
If an employee makes accusations of unfair treatment by the company relating to their job itself specifically, referring to employment contracts could prevent a flare up. This valuable document will confirm whether the employee’s complaints are valid or not.
Human error is one of the biggest risks faced by businesses. While it’s impossible to prevent every single mistake or accident, staff training can go a long way when it comes to reducing risk.
Training employees goes beyond making sure they can perform their job to a satisfactory standard.
Here are three basics to start with:
Training should be reviewed frequently. Guidebooks and training manuals should be refreshed each time a new task or change that affects employees is made – no matter how minor it may seem.
Whether your business is based at home, in an office or in a warehouse, keeping things secure from criminals and other opportunists should be high on your priority list. Yet so many small business owners are failing to implement a security strategy that covers all the bases.
For example, it’s not just the cost of replacing what’s been taken after a break-in that you should be worried about. A stolen laptop can be easily replaced, but how about the data stored on it? Client billing information. Legal documents. Access to social media profiles.
Replacing the stolen laptop quickly becomes the least of your worries.
One of the most obvious places to start improving your business security is where you work.
Thieves are less likely to target you if they can see the physical break-in will take them a long time, if they spot a CCTV set up, or if good lighting is in place to increase the risk of them being seen. Hiding valuable equipment away so it is out of sight may also put them off.
It’s not necessary to take physical security to Fort Knox levels. But the basics should be covered, with the best quality security systems the company can afford.
Hackers gonna hack
Think small businesses are at less risk of being targeted by cyber criminals? Think again.
Cybercrime is on the up, and 85% of attacks are on small businesses. On top of that, SMBs are more likely to be unprepared to deal with the fallout from an incident.
As more and more companies ditch paper documents in favor of digital, cyber insurance is becoming an essential policy. If your business stores data electronically, operates its own website or uses email, this cover is a good idea. While it can’t prevent an attack from happening, it can cover:
- The cost of investigating a cyber incident
- The cost of telling customers a breach has occured
- Legal fees and compensation payouts if sued for losing someone’s data
- Defense costs if facing legal action by local or federal authorities
- Payments of regulatory penalties or fines
- The costs of restoring IT systems, data, and websites
- Income lost and extra expenses if a cyber attack prevents the business from operating
- Credit monitoring for victims of identity theft
- The cost of reputation management and customer support
The total cost of an SMB data breach frequently runs into hundreds of thousands of dollars. Whether it's one file compromised, or one million, the cost of recovering from a cyber-attack can be astronomical.
Protecting your intellectual property
There are four different types of intellectual property (IP) that can be protected: trademarks, patents, trade secrets, and copyright.
Understanding the differences between these types of intellectual property is important because it will determine how best to protect your business ideas and creations.
Trade secrets are ideas or concepts containing information that’s not publicly known and purposefully kept secret by the owner. The information must have economic value. This could include the ingredients in a hot sauce recipe, plans to manufacture a new type of drone, or a fabric pattern designed for a range of children's clothes.
Trade secrets should only be shared with other parties with a non-disclosure agreement (NDA) in place. This agreement prevents others from stealing ideas. Because trade secret law offers protection against misappropriation of trade secret information, it only applies if someone acquires it wrongfully. It is also not a long-term solution as it only lasts until the information is no longer of interest, or is no longer a secret - either revealed by the owner, created by someone else, or discovered through reverse engineering.
Examples of when trade secrets would not be protected are when:
- An inventor of a new type of garden hose pitches his invention to a manufacturer but doesn’t sign an NDA
- An app is no longer considered to be valuable because the device it was created for is no longer available
- An idea for a new marketing platform is shared while networking at a conference, giving up the trade secret voluntarily
- A chef works out the secret ingredients in a hot sauce recipe and recreates it
Patents protect new inventions once they are in the public domain. It stops anyone else using it without the inventor’s permission. There are two types: utility, which protects the function; and design, which protects aesthetics. Some inventions will need one, and some will need both.
To get patent protection, an invention needs to be registered with the United States Patent and Trademark Office (USPTO).
But you can’t just slap patent protection on anything. To meet the registration requirements, it must:
- Have a useful purpose
- Meet the legal definition of “novel”
- Be something that could easily be invented by anyone
- Be a patentable item
Patent protection can be expensive and complicated. But consider this: if a competitor copied your product, business strategy, or formula, and you weren’t able to stop them, how would it impact your business?
Trademarks protect a brand. Once trademarked, a business can use ™, or ® once a federal trademark registration from the US Patent and Trademark Office has been obtained to protect it.
Things that can be trademarked include:
- Company name
- Product name
While its important to protect your own trademark, always check before registering or using anything that could be trademarked already or you might find yourself in trouble for trademark infringement.
Copyright protects original creative, including content (written, audio, video), designs, plans, and software. To be protected, it must be in a ‘tangible medium of expression’, which simply means written down or saved in an electronic format.
Creative industries are most at risk of having their copyrighted material used without permission. Artists, photographers, musicians, and designers are particularly at risk. But architects plans and software programmers code could be reproduced, too.
To stop others from stealing your intellectual property, you should register a copyright, and use a copyright notice (© with details of who owns the work and when it was published). You can also use watermarks on images and videos, and Copyscape to warn people not to copy your content online.
Copyright infringement can land you in hot water. Types of infringement may include:
- Using images in an advertisement without the photographers permission
- Stealing content from a competitor's website for use on your own
- Copying a design by an artist and printing it on t-shirts
- Playing a band’s music in a promotional video
Penalties for copyright infringement range from $200 to $150,000 for each work infringed. If in doubt about whether something can be used commercially, it's better not to risk it and seek out royalty free alternatives instead.
Ensure your business is insured
Insurance is essential for all businesses, no matter how big or small.
There are lots of policies out there, and the types of insurance you might need could be very different to the next business.
General liability insurance
Accidents can, and do, happen. General liability insurance covers claims made by third parties against your business for accidents resulting in injuries, or damage to their property. It also protects a business from personal injury claims.
If your business visits clients, or they visit you, general liability insurance is a must.
You run a catering company. An employee calls to tell you they’ve dropped a bottle of red wine all over the venue’s silk curtains, and they expect you to pick up the tab for cleaning or replacement.
You run a window cleaning business. A ladder slips from its footing and goes straight through the client’s window.
You’re a web designer. Your client visits your home office to take a look at how their new website build is coming along. He trips over a power cable, breaks his wrist, and sues you for his medical bills.
You’re a wedding planner. After a heated argument with a local florist, you decide to vent about them on social media. The things you say about them and their business are defamatory, unkind, and untrue. They decide to sue for slander after a mutual connection forwards them your post.
This type of cover is sometimes bundled with commercial property insurance under a business owner’s policy.
Business personal property insurance (BPP)
Business personal property insurance (BPP) protects the moveable things in your work premises, including furniture, tech, and tools. As an added bonus, BPP also protects your essential equipment when you’re out and about. This means if items are lost, damaged, or stolen, you’re covered.
Errors and omissions insurance
Errors and omissions (E&O) insurance, AKA professional liability insurance, this protects your business against claims made when you, or someone you employ, makes a mistake.
This type of insurance pays for legal defense and damages, so if a client claims you’ve made a mistake which has cost them, your business is protected. This protection still applies even if the claim is nothing more than an accusation, and you actually did nothing wrong.
Directors’ and officers’ insurance
Board members are responsible for making sure your business is well run, both morally and legally. Directors’ and officers’ insurance protects the people who run your business against claims they haven’t. Possible areas for dispute include investigations into how the company’s money is spent or invested, health and safety failures, or regulations not being properly followed.
Workers’ compensation insurance
Aside from facing penalties by not insuring employees, workers’ compensation insurance protects your business by covering the costs incurred as a result of workplace injuries.
A workers’ compensation policy covers:
- Compensation for employees who are injured, including repetitive motion injuries
- Payment of hospital and medical bills
- Disability benefits
- Rehabilitation costs
- Loss of wages while an employee is unable to work
- Death, and related costs
- Injured employee lawsuits
Workers’ compensation requirements vary from state to state, so it’s best to check before buying a policy.
Even if you have robust IT security in place, you should get cyber liability insurance. If a cyber-attack or data breach happens, the cost of dealing with the fallout and getting back to business can wipe you out.
A cyber policy can cover the cost of:
- Replacing hardware and software
- Lost earnings if the business is unable to operate
- Hiring an IT security expert to investigate
- Legal fees that arise from customers who file a lawsuit if their data is compromised
- More staff to provide support and advice to customers
- A PR company to take care of reputation management
- Fines and penalties
- Hiring a legal expert to help deal with all of the above
Commercial property insurance
Commercial property insurance protects your workplace from natural disasters, fires, flooding, and theft. How much a policy costs depends very much on risk factors.
These factors are assessed by looking at:
- The type of business
- Business location
- Building construction
- Preventative measures taken against fire and theft
Commercial property insurance policies vary from carrier to carrier, so it’s a good idea to look for an insurer that offers flexible cover tailored to your business. It may be included under a business owner’s policy, coupled with general liability insurance.
Business interruption insurance
If you can’t operate after a disaster, business interruption insurance can cover loss of income until it is back on your feet. Some policies also cover the costs of moving to a temporary location, employee wages, loans, and taxes.
It’s not just fire or flood that could bring you to your knees. Even a power outage that knocks out a server for a few hours could devastate you if you rely solely on your website to generate revenue.
This policy is not offered as a standalone product, and instead is bundled with commercial property insurance, or a business owner’s policy.
If you or your staff use vehicles for work, you’ll need a commercial auto liability policy.
Auto accidents can be very costly, and could result in large claims against your business. Insurance requirements differ by state, so if your vehicles travel beyond the state in which you’re based, that’ll need to be accounted for when choosing minimum coverage limits.
Product liability insurance
Product liability insurance protects against injury or damage lawsuits that may occur due to faulty or defective products that are made, or sold by you. So, even if your business didn’t manufacturer the product, without this insurance policy, you could still be sued for damages just for selling it.
When it comes to protecting your business against risk, having the right insurance is key.
Accidents, accusations, errors. No matter how careful you are, it’s impossible to avoid them completely.
As much as a business does to avoid risk, it is inevitable that disaster will strike at some point. So when bad things do happen that are out of your control, what steps can be taken to minimize the impact, and what can be learned to prevent it from happening in the future?
The worst has happened. What now?
Whether it’s a flood, a cyber attack, or a terrible review, getting your business back on its feet as quickly as possible is paramount.
Referring to a recovery plan and/or a business continuity plan should be the first step you take when dealing with an issue that impacts your day-to-day operations.
If you have the right insurance, your insurer can manage much of the recovery process, freeing up time and resources. For example, if there's a fire at your premises, your insurance company covers the cost of the renovation under a commercial property insurance policy, and loss of revenue under a business interruption policy. Insurers arrange for the damage to be assessed, appoint contractors to handle the rebuild, source equipment to replace what was damaged, and take care of any lost income and wages.
You got served
If and when legal action is taken against your business, it can be difficult not to panic. Getting emotional will only make a situation worse. Ignoring it, and hoping it goes away is also not an option. If the case goes to court, and you’re not there to defend yourself, the judge is likely to make a decision in your absence based on the evidence the other party presents. If the judge rules in their favor, expect a collection agency to come knocking for the damages awarded to them.
Take time to assess what the complaint is, and how best to tackle it. This doesn’t mean making attempts to cover your tracks by tampering with or destroying evidence. The same goes for fabricating information in an effort to hide the truth.
Hotheads can create a hot mess
A complaint doesn’t need to end in a lawsuit to cause damage to your business.
Responding in the heat of the moment is often the first mistake SMB owners make. There’s nothing wrong with defending your company, but it’s important to do so without being rude or dismissive.
There is clearly a right way and a wrong way to respond to negative feedback and complaints. Think of these criticisms as a chance to rectify problems, and make improvements, rather than a personal attack on you or your business.
It’s also worth remembering if your business badmouths or insults a client or competitor, you can be sued for defamation, slander or libel. Venting about a bad day at work might seem like something everyone does to let off steam. But imagine your harsh words getting back to the person who’s made you mad. Put yourself in their shoes. Would you be upset or angry if they said it about you?
Don’t expect it to blow over
Even big brands sometimes don’t fully recover after a major PR faux pas. Burying your head in the sand and hoping a PR disaster will blow over is just as bad as blowing up about it.
Negative comments and reviews are part and parcel of running a business. It’s crucial to monitor what your customers are saying about your company online so that any bad press or misrepresentations can be nipped in the bud. Set up Google Alerts to keep tabs on news and articles about your brand, monitor social media mentions, and check review sites regularly so that it’s possible to respond quickly.
In the event of a crisis, a timely, well-crafted response makes all the difference. Transparency and tone is key. People will see through a lukewarm apology. If you’re sorry, say it like you mean it, and offer solutions that ensure a positive outcome. Doing so can even increase brand loyalty.
If the situation is really dire, it may be necessary to seek help from a PR or reputation management company. The cash spent on paying a firm to help is likely to far outweigh the financial impact of doing nothing at all (or digging a bigger hole by missing the mark with your apology). Bad PR can destroy a small business overnight.
On the road to recovery
Once a situation is under control – no matter how major or minor it was – take time to review what went wrong. Part of the recovery process involves learning from past mistakes and reassessing risk.
Preventing a problem from rearing its ugly head again – or knowing what to do if it does – saves time, money and resources that could be better spent on more important tasks.
There’s always a chance your business will find itself in a situation you’re completely unprepared for.
But some risks are avoidable, and prevention is always better than cure
Don’t be fooled into thinking that risk planning is a one-time job. As your business evolves and grows, so must your risk plan.
Keep up to date
Ever-changing laws and regulations can have a significant impact on your business. Whether it’s applying for new permits, or finding the money for employees’ health insurance once your business reaches fifty people, staying on top of these changes – and planning for them – is crucial.
Keep tabs on what’s changing in your industry by regularly checking in with relevant publications and industry bodies. Remember to review small business regulations when anything in your business changes. For example, if you begin offering a new service, open an office in another state, or want to bring an intern on board.
Health and safety
Maintaining strict rules around health and safety in the workplace keeps your employees, customers and your business safe. Failure to do so could mean an Occupational Safety and Health Act violation.
Regular assessments should be carried out to make sure staff understand how to protect themselves and others.
Protective clothing and equipment must be maintained and first aid kits fully stocked. If there’s an accident, it needs to be recorded with a detailed account of how the injury happened.
Warnings must be clearly displayed – wet floor signs and correctly labelled harmful chemicals, for example. These are cheap but effective ways of protecting your business from potential personal injury claims against you.
Communication with customers is key.
Many customers’ frustrations begin when support or information is needed, and the response is slow, or worse, non-existent. First impressions count, and customers who don’t feel cared about will often take their business elsewhere.
Think about the channels your customers use to reach you. Set realistic targets for how quickly you’ll respond. Adjust your tone of voice and language to fit the situation – an angry customer is unlikely to respond well to being called ‘buddy’.
If your business is large enough to have a dedicated customer service team, make sure it has the latest changes to products or services available. That’s the only way your people can provide the best possible support to customers with questions or concerns. If it’s difficult for your team to stay on top of support queries, consider investing in helpdesk software or ticketing systems to help manage workflow more efficiently.
When a complaint is made, how it’s managed can defuse a situation and prevent things from being taken further. An effective customer service strategy can reduce risk. Even if something does go wrong, it’s possible to turn a negative customer experience into a positive one.
Ask your customers for feedback on a regular basis, either through a simple rating system or survey to identify areas that could be improved.
It feels great to win a client or make a customer happy. It’s good to go above and beyond when you can. But never, ever promise something you can’t deliver.
Bert guarantees that 100 Instagram influencers will share content that promotes his new client’s cosmetics line. When influencers say they don’t like the products or the brand – or want to charge astronomical fees that Bert and his client can’t afford – he quickly realises that he’s going to fall way short of the exposure he promised.
To give the launch a boost, he convinces the client to promote a giveaway. As long as they share the post and tag a friend, people will receive one item of their choice from the line. The problem is the terms and conditions were not clearly defined, and now hundreds of people that entered the giveaway all want the Luxury Party Palette for free - a product that costs $75.
Bert has now breached the agreement with his client by not meeting his target. He’s also damaged his client’s reputation with poorly worded terms and conditions. Now they have to contact giveaway winners telling them they have to choose a less expensive product.
Set expectations from day one. Make sure you have a robust service level agreement or terms and conditions in place. If you work in a performance-based industry where targets must be met, make sure they’re realistic. This prevents you from letting down a client, or working yourself into the ground to deliver.
It can be tempting to free up space by shredding old documents, or deleting them from a hard drive. But what would you do if months later a client said a delivery had been missed? Or that they’d paid an invoice when you were sure they hadn’t?
Disputes of this nature are easy to resolve when you can refer back to documents as evidence. Not only should important documents be kept in a safe and secure place, but they should be easily accessible. Have digital copies of records, which are also backed up, so they can be recovered if lost, stolen, or damaged.
If laws or regulations come into force that impact the business, update your records immediately. If an accident occurs, make sure a detailed account of the incident is documented. Review files on a monthly basis and set reminders so that important deadlines, such as permit renewals, aren’t missed.
Rinse and repeat – why you need to review risks on a regular basis
Economic and political landscapes change – sometimes drastically. What’s popular now may fall out of favour in a few years time. Even something that may seem insignificant, like a spell of bad weather, can have disastrous effects on a business that’s not prepared.
Small businesses are more agile, giving them the upper hand over their corporate counterparts when it comes to dealing with change. But they need to be able to evolve and adapt to minimize the impact of factors beyond their control. Risk planning needs to evolve and adapt, too.
Sally owns a deli a few minutes walk away from an auto plant. For the past five years, she has sold thousands of sandwiches, bagels, and snacks every week to the workers. Business is booming.
Sally considered hiring a new member of staff and getting an online ordering system to deliver lunch to office workers in the city, but given things have been going so well, why change anything?
Bad news comes one day for everyone at the auto plant. The factory is being closed down. A few employees will be relocated, but most of them are losing their jobs.
This is terrible news for them, but it's also terrible news for Sally. Without the workers from the auto plant, she will have virtually no customers, as her store is based in a location with low footfall once the plant shuts down for good.
If Sally had taken the time to expand her business and reduce her reliance on the custom from one large employer, she would have significantly increased the chances of her deli being able to weather the storm.
Business may be good, or even great, but all that can change overnight. Don’t be complacent. Risk planning is not a one-time job. And always remember – by failing to prepare, you are preparing to fail.