Your office administrator just received a ransomware notice on their workstation and all business data is scrambled, what do they do next? An ice storm is forecast to make roads impassable tomorrow. How do you handle business when no one can make it to the office?
These are scenarios that can either cost a business thousands of dollars in losses or simply cause a slight inconvenience as they pivot to adjust their operations. The difference between the two is whether a company has a business continuity plan or not.
Business continuity is all about risk management and mitigation. It includes identifying anything that could go wrong, evaluating your options, and creating plans to deal with each threat to your company’s wellbeing.
Some of the actions taken to ensure your business can continue running in the event of a catastrophe or outage include putting backup and recovery systems in place and strategic use of cloud applications that can be accessed from any alternate location.
Putting all those risks down on paper and formulating an action plan are at the heart of business continuity planning, but the process can be intimidating for many business owners.
Simplifying the Planning Process for Business Continuity
Lack of budget and resources are two reasons companies give for putting off business continuity planning, but not planning for catastrophic events can cost a company dearly. A full 60% of small businesses end up closing their doors for good within 6 months of a cyberattack because they’re not prepared.
A good sign is that many businesses understand how crucial it is to have a business continuity plan and most of them planned to keep their teams the same size or increase them last year.
92.4% of surveyed businesses said their business continuity teams would either stay the same or increase in 2019.
So, how can you get started easily with a business continuity plan that can protect your business in the event of any number of different risks? Here are four steps to help simplify the process.
Do a Business Impact Analysis
Your first step will be to identify all the things that could impact your business operations, either temporarily or for a longer period of time. By identifying risks, you can then take steps to avoid or mitigate damage from those risks.
Some of the threats that can impact a company include:
- Natural or manmade disasters
- Extended power outages
- Ransomware or other malware attack
- Data breach that exposes sensitive customer data
- Data loss through hard drive crash, accidental deletion, etc.
- Extended cloud services outage
- Loss of a computer or other device
- Inclement weather that impacts your team
Steps for conducting a thorough business impact analysis (BIA) include:
- Creating a BIA questionnaire for your team
- Conducting team workshops to discuss BIA and how to complete the surveys for each department/division
- Receive and analyze BIA questionnaires
- Conduct follow ups to get additional details to fill any gaps in the information
Review Current Operations & Gaps in Resiliency
Now that you’ve identified risks, you’ll want to see what systems you already have in place to address them and where gaps in your business resilience may be.
For example, you may already be backing up all the data on your computers and servers, but not in your Office 365 application. In which case the backup of your cloud services would be considered a gap that could leave you at risk and that you’d want to incorporate into a business continuity plan.
The following will help you through this step of the process:
- Identify and document resource requirements based upon your BIAs
- Determine gaps between current capabilities and recovery requirements
- Explore your recovery options (such as moving to VoIP phones to allow your team to answer your business lines from anywhere)
- Select and then implement the recovery methods you’ve chosen
Develop and Document Your Plan
This step includes putting it all down on paper and developing your plan framework. You want to make sure that everyone knows what your business continuity plan entails, including detailed steps that employees should take when certain threat events happen.
During the plan development step, do the following:
- Organize your business recovery teams
- Develop any needed temporary relocation plans
- Document your business continuity and disaster recovery procedures
- Assign responsibility for each step of your procedures
- Review your documentation and get staff input
- Finalize and print your plan
Ongoing Testing & Updating as Needed
It’s important to regularly drill your employees on disaster recovery procedures, otherwise the first time they go through them will be when there’s an actual disaster, and that’s not a great recipe for success.
Training on procedures will both ensure employees are completely familiar with the steps to take should any threat event occur, and it will also help you find any glitches in the plan and update accordingly.
A good business continuity plan is a living document, meaning that it’s continually updated as needed to address any changes in your organization, your technology infrastructure, or your experience going through an actual disaster recovery event.
Get Help Formulating a Strong Business Continuity Plan
Genuine Technology Group can work alongside you through each step of your business continuity planning to ensure you’re protected and can bounce back no matter what type of threat event may occur.
Contact us today to get started on your business continuity and disaster recovery plan. Call 971-288-0880 or reach us online.