Maintaining business continuity is getting tough. Just one area of risk, ransomware attacks, saw a 41% increase in attacks in 2019. Being prepared isn’t just for boy scouts.
Are you wondering what a business continuity plan is? Do you need one? Read on learn what a business continuity plan is and why you definitely need one!
Your business can experience a disruption to operations or service as a result of innumerable causes. Disruption can be the result of natural events such as floods or extreme weather events. Others are more sinister such as cyber-attack by criminals, intent on extortion or to disrupt your business.
These events may result in minor inconvenience. Others can cost huge amounts of money to resolve or impact your business performance. They can even put the continued existence of your business in doubt.
A business continuity plan sets out the procedures you will follow if you are faced with such an event. It can include a disaster recovery plan that is focused on recovering the IT infrastructure. It also includes a wider plan to keep the whole business operating.
Business continuity means keeping sales, marketing, HR and finance functioning effectively. Any aspect of the business operation that needs to function for the business to continue to be commercially successful is included.
Underpinning many businesses is the IT infrastructure. It is key to maintaining business continuity and so has a central role in a business continuity plan.
The crisis may start with an IT issue such as cyber-attack. Equally, it may be unrelated to IT such as a tornado striking the corporate headquarters. In both cases, IT is likely to part of the solution and so features heavily in any business continuity plan.
Why is business continuity planning important? Is it an investment in resources and time you can do without? After all, how likely is it that your business continuity will be put at risk?
Natural disasters are expensive. They cost the United States $91 billion in 2018. These huge costs relate to just 14 natural disasters and include the economic consequences to businesses like yours.
On a smaller scale for the country, an IT infrastructure outage that costs you several days business can lose you customers, sales, and money. Don’t think that this is just an issue for government or big business. Cybersecurity affects small businesses too.
Worse still a cyberattack might compromise the security of your customer data. There are legal, regulatory and reputational implications to this. You need a plan to protect you from reputational risk and even from losing licenses to operate.
Where can you get help with business continuity planning?
Many businesses lack in-house IT capability. They may be able to support the run of the mill, day to day operations but that’s their limit. Developing a suitable disaster recovery plan or business continuity plan is beyond their capability.
Even if there is capability in-house there might not be the capacity to take on this extra task. Everybody has a lot on their plates. Finding time to develop a business continuity plan is difficult especially when the risk doesn’t seem to be immediate.
Perhaps developing a business continuity plan has been on your “to-do” list for a long time. It never seems to get to the top of the list.
You know that one day, a disaster will hit your business and you’ll wish you had given this task more priority. Your phone is ringing, you have unanswered emails and customers want your attention. Somehow the planning never gets done.
The United States government does support businesses with information and research on this issue. For example, the National Institute of Standards and Technology, part of the Department of Commerce, provides small businesses with free resources. The information and guidance may be helpful but you still have to do the work.
You may need more specific help, applied to your business and its context. If you don’t have the in-house expertise or spare resources, outsourced IT services may be right for you. As well as providing IT maintenance, software solutions and IT support, they can help with disaster recovery and business continuity planning.
Your business continuity plan is likely to have several components. It starts with a scoping activity. This determines what is included and what is not included in the plan.
The key business areas are defined. An analysis of these business areas is completed and critical functions identified. The relationships including dependencies between each function are mapped.
The plan then details how operations in each of these functions will be maintained. These plans can include arrangements for supplies, facilities, IT equipment, data storage, and backup.
A key element of the plan is the establishment of a business continuity team. This plan includes who the members of this team are, how they will be trained and how they will operate. It’s important to anticipate issues like governance of the team, communication processes and what their goals are.
It’s not sufficient to have a plan. You need confidence in the plan. That can only be established with some testing or rehearsal.
This process is partly a quality control process and partly a learning process. Practicing for disasters helps the business continuity team to learn their roles in a safe environment. It also helps to refine the plan with constructive reviews after rehearsals.
Over time, regular practice and review will improve the plan. It also helps update the plan as circumstances change making parts of the plan redundant or ineffective.
New technology brings new opportunities and new threats. Business changes like re-location, new markets, and new organizational structures all bring with them implications for your business continuity plan. Keep the plan under review.
Talk about getting expert help here.