Every business needs a business continuity plan.
FEMA estimates that as many as 25% of businesses do not reopen after a natural disaster.
Most companies lacking business continuity plans are small-to-midsize businesses.
Although natural disasters like floods and fires are more physically harmful, cyber disasters like emotet, data breaches, or any other type of threatware are equally devastating. Creating a business continuity plan that accounts for both types of disasters is mandatory.
These facts are the reason that cyber liability insurance providers are increasingly requiring businesses to provide some form of business continuity plan as a part of their due diligence procedures. Even the United States Homeland Security Presidential Directive (HSPD-5), the Management of Domestic Incidents has developed business continuity plans for the nation.
A cyber attack can be more disruptive for businesses than a snowstorm that sends employees to work from home. Likewise, loss of data is more substantial than loss of hardware. Since data is more important than hardware that can always be replaced, it is important that data be backed up, protected, and retrievable as needed.
What is a business continuity plan?
If you are caught off guard and fall victim to a breach or other threat, business will be interrupted. Customers will be displeased. And your reputation might take a hit. Ultimately, profits will be negatively affected (and possibly brought to zero if your business goes under).
In short, a business continuity plan is just a business’s strategy to respond to recognized threats and risks to continue providing clients services despite disruptions.
What is the primary goal of business continuity planning?
The goal of a business continuity plan is to carry on essential business functions in times of disaster. Essential functions are to be continued until all other business functions return. A business continuity plan aids in returning peripheral business functions as quickly as possible. This all requires well thought out planning which includes prioritizing functions and assessing the essential ones. For this reason, business continuity plans should include step-by-step procedures, checklists, and flowcharts to be relentlessly systematic.
What goes into a business continuity plan?
Data backup and disaster recovery are the backbone of a business continuity plan.
Business continuity plans should be systematic and written down, but it is important to recognize that if you store your plans on a server that goes down or an office that cannot be accessed, then they are useless. Each business must have a team of people familiar with the business continuity plans. Better yet, having a third-party company protect you against things like technology failing or being uncooperative helps in a pinch.
Most problems can be avoided with simple contingency planning. Some solutions are easier than others: it could be using a mobile phone in the event that a desk phone won’t work, having a physical system if a digital process fails, or having a certified managed service provider to cover your managed IT. Business continuity plans are really all about preventing recognized threats from inhibiting your business.
Although not immediately considered when thinking about business continuity strategy, it is important to establish good, working relationships with vendors to help prevent or mitigate a crisis (or recover from a crisis after the fact). For example, having a company to call to replace computers or recover data can expedite recovery time.
Vincent Micheli
Sagiss, LLC: April 17, 2024 at 10:48 AM
