• Bottled water (1 gallon per person per day)
• Food for 3 days (small packets such as tuna fish in soft pack)
• First Aid Kit
• Multi tool army knife
• Whistle
• Dust or filter mask
• Flashlight with extra batteries
• Moist Towelettes for sanitation
• Can opener
• Plastic sheeting and duct tape
• Garbage bag and plastic ties
• 3 days of prescription medication
• Money in small denominations
• Identification with picture such as driver’s license, copy of front page of passport etc.

• Build a communication plan before a crisis happens.
• Create a crisis team that can set in motion your emergency communication plan.
• Have names and contacts of all employees with multiple ways to contact them such as home and mobile numbers, work emails and text numbers, intranet access if available.
• When communicating use multiple methods to send messages such as mass texts messages, social media, intranet postings, manual phone calls or texts.
• Keep in mind text messaging often works even when phone lines are overloaded.
• After a crisis, learn what could be improved and implement into your plan.
• When communicating be empathetic. Try to put yourself in your “employee’s shoes”. They will be thinking about their pay if the business must shut down and their safety. Considering these points are important for company moral.
• Communicate often during a crisis.

Building an emergency action plan see link to www.ready.gov/business/implementation/emergency

Security awareness involves knowing the threats your network faces and the risks they pose. Usually, your end users or employees are the weakest link and the most likely area where a virus can be introduced.

Providing training in cyber security is a major step in preventing an attack.

Bad actors will look for the easiest way to access your system which is usually through the internet.

Phishing, a type of social engineering, that uses tactics to trick the user into clicking on a link containing malware which would pass to your main server giving the bad actor access. The bad actor may also try and extract information such as usernames, passwords, email address or money through made up stores.

An example would be an email from an executive of the company requesting to immediately wire money to a specified account. The recipient does not release the email address was slightly altered and believe they are talking to the executive. Another example might include an email indicating that your customers bank account has changed and to make your next payment to the new bank account.

By training your staff, they will be more aware of these types of deceptions reducing the chance that they will be fooled. There are several types of social engineering that users fall prey to. When building your security plan, the most common ones should be outlined with examples for your employees.
An Example of a letter you might send to your employees

Two factory identification gives you an additional level of security. An example would be, in addition to your username and password, you might be prompted to add a personal phone number of zip code.

If you want a more secure two factor identification you can get rotating 6 digit numbers that will display on your cell phone that change every minute and is tied this to your system, making it very difficult for a bad actor to break in by stealing a password.

• Suspicious mail or package might have and endorsements such as “personal or private”. This is important when the addressee does not normally receive personal mail at the office.
• The addressee’s name and/title might be inaccurate.
• Suspicious letters or packages might have distorted handwriting, or the name and address might be prepared with homemade labels or cut past lettering.
• Suspicious packages might have protruding wires, aluminum foil or oil stains visible and might emit an odor.
• Letter bombs might feel rigid or appear uneven or lopsided.
• Suspicious packages might be unprofessionally wrapped with several combinations of tape used to secure the package and might be endorsed “Fragile-handle with care” or “Rush – Do not Delay”.
• Suspicious packages might have an irregular shape, soft spots or bulges.
• Suspicious packages might have buzzing or ticking noise or sloshing sound.
• Pressure or resistance might be noted when removing contents from an envelope or parcel.

University of California -Merced

If mail or package a package is suspicious:

• Handle with care. Do not shake or bump.
• Do not open, smell, touch or taste.
• Isolate immediately.
• Call local law enforcement.
• Notify management immediately.

• Most News agencies will cover on TV, radio and newspapers potential and active Civil disturbances at the National and local level.
• There are several risk advisory websites that discuss potential civil disturbance threats along with advice on what to do.
• If international business travel is required, the U.S. Department of State will have advisories for potential and active violence abroad.
• FEMA will have advisories for civil disturbances. See FEMA website for Recommendations for Organization and operations during civil disturbance.

• The Department of Homeland Security’s (DHS) National Terrorism Advisory System(NTAS) informs the public and relevant government and private sector partners about potential or actual threats, indicating whether there is an “imminent” or “elevated” threat. … Threat Alerts will provide detail about the affected area.
• Receive mobile updates:
• NTAS alerts via Twitter
• NTAS Alerts via Facebook