The risk of business disruptions

If you can’t get into your premises or use your computers, or your business is disrupted in any other way, you risk losing customers, your reputation and perhaps even the business itself.

Here are six simple steps that may help minimise the damage and quickly get your business back on track.

Step 1: Prioritise critical processes         

In planning to recover your business quickly, separate your business-critical processes from those that can wait. Consider how long your business could survive without performing critical processes and, ideally, establish a time-based target for restoring them.

Servicing your customers by focusing on their needs will drive priority and give you a clear idea of what you have to do, in what order, and how long you have to do it.

Step 2: Identify all the resources you need to run your business

Many businesses depend on a number of resources to provide their products or services, including:

  • staff
  • technology, both data and voice systems
  • resource suppliers or service providers
  • property and infrastructure, including stock, supplies and equipment
  • vital business records such as customer data.

Step 3: Consider the effects of disruptions to these resources

What would happen to your processes if you didn’t have access to any of these resources?

The actual cause of the disruption is less important than its effect on your resources and the impact this has on your ability to continue providing products or services.

For example, a flood, telecommunications outage or cyber-attack could leave you without access to your technology. And, in some cases, one event can impact more than one resource you depend on.

A fire or flood, for example, could destroy your technology systems, business records, stock and supplies if they’re all in the same premises. Or, by closing schools and childcare centres, an extreme weather event could prevent some staff from coming to work.

Step 4: Develop a Business Continuity Plan

Your Business Continuity Plan sets out what actions you need to take and what everyone needs to do in a range of scenarios. While the details will depend on the nature of your business and how much you’re able to invest in managing risk, the aim is always to have your business-critical processes up and running in the shortest possible time to minimise impact on customers and staff.

Your plan should be straightforward and easy to follow. Everyone in the company needs to know about it and to understand their own role and responsibilities. They should also be familiar with the chain of command if key people are away when the disruption happens.

 Brainstorming with key personnel can help you identify possible scenarios and the most realistic and effective responses.

For example, you might decide to keep your stock in two different warehouses, to build a relationship with a second supplier or invest in remote access capabilities that would enable your people to work off-site if they couldn’t get into the office. You could also cross-skill staff to cover important roles or introduce flexi-time or job sharing, which fosters employee goodwill as well as providing another level of business resilience.

Step 5: Be sure the plan works

The only way you can be sure your plan will work is to test it, and this could involve anything from a desk-based run-through to a real-time simulation and rehearsal of a particular scenario.

You can’t plan for every eventuality so, when you’re running a test, you might want to throw in something slightly different from the plan. This will encourage your team to be flexible and think on their feet.

Step 6: Regularly review and refine your plan

A Business Continuity Plan isn’t something you can set and forget. You should review and update it regularly, when there’s a change to your business operations or if you identify a new or emerging threat.

A Business Continuity Plan is not just your key to recovery, it’s a practical way of maintaining your competitive edge and building resilience. Minimising the impact of disruption on your customers and other stakeholders will help to protect your reputation and keep your business safe.

Next steps

If your business has been impacted by a ransomware attack, the next steps you take will be crucial. Learn more about these kinds of attacks at don’t let your business be held to ransom.

The Australian Cyber Security Centre (ACSC) Ransomware Emergency Response Guide, opens in new window also provides guidance for businesses impacted by ransomware which includes:

  • Record important details as quickly as possible. Take a photo of the ransom note or any new file extensions you may have noticed.
  • Turn off the infected device by holding down the power button and/or unplugging it from the wall. This is the best way to stop ransomware from spreading.
  • Disconnect your other devices which may be on the same network.
  • Change your important passwords for your online accounts.
  • Visit the ACSC website, opens in new window for their Ransomware Emergency Response Guide and more information.
  • It is important to report the incident to the ACSC at ReportCyber, opens in new window
  • If you’re a business, depending on the severity of the ransomware compromise, you may have to notify your customers of the attack. The Office of the Australian Information Commissioner, opens in new window can provide advice on your obligations.

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts


IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Related articles

Important information