The modern workplace is unpredictable. Our reliance on technology and our presence online has presented more opportunities for cyber criminality. Unfortunately, too many of us behave as we wish when navigating our online spaces (like websites and Emails) – this is what offers those opportunities to that criminal community.
It is for this reason that a business continuity plan (BCP) is so important, along with the obvious risks of a business defining real world disaster like a flood or a fire. Whatever the circumstances, you and your team must be prepared, you must know what the procedures are that you must follow in the eventuality of an attack – ask yourself, “What is my job if a disaster does strike?”.
There are occasions when we have a small amount of warning of an impending disaster, but, predominantly, we have no idea when they are going to occur. Every disaster is different and each one has its own set of ramifications that reside in its wake.
You need to give your business the best possible chance and the only way of doing this is through a carefully constructed plan for your team to follow in their daily tasks. The consequences of not having one could be severe.
What is business continuity?
Business continuity is the process of quickly resuming business functions in the eventuality of a serious disruption. The disruption could be anything from a flood or fire to cyber criminality.
Your Business Continuity Plan will outline the exact procedures and instructions you must follow in the eventuality of such a disaster. It – if constructed and implemented correctly – covers all parts of your business; therefore, everyone must be familiar with the procedure for their own department and their role in that plan.
Many think that both a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP) are the same thing, but there are small differences. A DRP is constructed with the restoration of infrastructure in mind. They are both designed with the intention of keeping things running in extreme circumstances, but a Business Continuity Plan looks at the continuity of the entire organisation and not just its infrastructure.
It is important you ask yourself some difficult questions, and even more important that you answer them honestly; can you get the ‘key’ parts of your business (manufacturing, sales, and support) up and running immediately so that the company can continue operating? Picture this scenario: your customer service team experience severe technical issues due to a leaking pipe in the wall of the office. Where will they work? Who will handle customer calls? Can this be done from home? Can they work from home and still conduct customer care to the same capacity? Your Business Continuity Plan must clearly address these questions with precise answers.
One part of the BCP that is often overlooked is the Business Impact Analysis section (BIA). The BIA section clearly outlines just how large – or small – the impact of a sudden loss of functions will have on your business as a whole. Your BIA section inadvertently breaks your business down into its value proposition, allowing you to begin prioritising certain parts of it over others.
Why Business Continuity Planning Matters
Business is brutal, customers are fickle, and your competitors are looking for any opportunity to steal them away – it is essential that you hold onto your customer base and grow that base wherever possible. It is all well and good to profess the quality of your business – like we all do – but there is no better way to prove it than in your handling of a disaster. You can show your client base – and those watching on from afar – that you can provide the service you promise to, regardless of the circumstances.
Anatomy of a Business Continuity Plan
If you are starting from scratch then don’t worry, because this isn’t a bad thing, and in this way you will know that everything is covered along the way. You must begin by assessing your business processes and determining which areas of those processes are vulnerable; after doing this, you then need to assess what your potential losses would be if those processes go down for different time periods.
The next step is to develop a plan. This involves five general steps:
• The first stage is to identify the scope of the plan – You can be as detailed or as lazy as you like with how far you are going to go. Of course, it goes without saying that your BCP should be as comprehensive as possible, as there is no point spending valuable time and
money choosing an area of the business to concentrate on when, later down the line, another part of your business effects that plan and forces you to change it anyway.
• Identify the areas of your business that are key – Look for what we call ‘cross over points’ in particular; these are the points where two departments overlap (Sales and Manufacturing, for example).
• Identify critical functions. Strip your business back to its bare bones and discover which processes are essential to the operation of your business. It can be hard to do this because if you didn’t regard them as essential then you wouldn’t have these departments, but the
reality is that some are more important than others. And it is worth knowing which.
• Unfortunately, Downtime can rarely be avoided completely – instead, work out acceptable downtime for each part of the business. This being said, some, of course, will be practically zero because no downtime is acceptable, but there will be components that can be lived
without for days.
• Create a plan to maintain operations. This can be hard, when business owners are always on the hunt for more, more, more, and they want bigger better and stronger tools in the organisation. This is completely understandable, but the point of a BCP is to keep the wheels turning and nothing more. What procedures do you need in place in order to continue in business?
You need a checklist – this checklist needs to contain:
• Where the plan is.
• Who is going to be holding onto it.
• The location of data backups – either on premise or on the cloud.
• Contact info for emergency responders and key personnel who can help.
As part of your BCP you need to make a Disaster Recovery Plan. You likely already have something in place but it is time to review it, because you need to be able to guarantee restoration times and be sure that it, as a whole, is aligned with the business.
This isn’t a solo venture. Always use your team of skilled workers, talk to them, find out about them, learn the key elements of the business and what their specific needs, cares, and attentions are. This often works like the domino effect; get them started and they can’t stop – some will guide you down a history of their experiences, the times they went wrong, and the times they fixed them – in time this insight could be invaluable.
One of the key elements to a BCP is testing it. Like everything, it is best to give it a few test runs first, because the survival of your business could be at stake – you need to know you are ready.
A test – in controlled circumstances – offers the opportunity to learn about how the plan will work. Doing so will allow you to immediately notice and rectify and gaps and problems.
It is – as ludicrous as it sounds – advised to try and break your plan. Of course, make the test possible but also an extreme scenario; this is advised because what is the good in your plan being ‘just okay?’. Depending on the severity of the disaster, this plan could be the only chance for your business to survive, so confidence in its ability to take a beating is essential.
The majority of organisations conduct tests on average three times a year, but the frequency is completely up to you and dependent on what is going on at the time. Different tests include structured walk throughs of scenarios and tabletop exercises (when your team breaks down the plan ensuring that their department is adequately represented).
It may not be part of your plan but it is highly recommended that you conduct an evacuation drill to prepare for the eventuality of a disaster. You must know – for safety and legal purposes – if someone needs special arrangements to get to safety.
This can sound tedious and, in fact, a little embarrassing, but it is recommended that you role play the disaster. Create an artificial environment that simulates that of a disaster, involve all equipment and personnel that would normally be there and see first hand whether you and your team can continue operations in the event of a disaster. Don’t get us wrong – this isn’t a test for your team, to try and catch them out, but to point out mistakes where necessary and make them work together better.
Review and Improve Your Business Continuity Plan
Upon making it this far it is fair to say that you have put a lot of effort into creating and initially testing a Business Continuity Plan. Don’t make one of the most common mistakes made by business owners; let the plan sit there waiting for a disaster whilst spending extra time on more critical tasks. Of course it makes sense, but it is not the best way of doing things – this will allow plans to go ‘out of date’ alongside the changes in your business and become of no use when they are needed.
Alongside the ever-changing technological landscape of the world – and in turn your business – your Continuity Plan needs to change too. Bring together the right members of your team that will help you to build a BCP so your team knows their role in the event of a disaster.
Tech is constantly evolving and your team changes just as much so the Business Continuity Plan needs to be updated too. New key members of staff need to be introduced to your BCP to replace perhaps the then less relevant ones and everyone needs to be reminded of its importance on a regular basis. Bring the key members of your team together, be sure there is a system in place that ensures no one is left behind. We understand that this is a lot to take onboard, so if you need any help please don’t hesitate to get in contact with our expert team and let us help you to make a Business Continuity Plan that works for you.
An Operational Business No Matter the Circumstances
We’re in the business of helping businesses. We provide IT solutions and support to facilitate and encourage growth. Our team of experts offer effective comprehensive cyber solutions that protect your data. We centre our efforts around reducing the risks your business faces and offering improved levels of communication, collaboration, and productivity in your everyday business processes. If you and your team want to get the most possible from IT in the most secure way, please don’t hesitate to get in touch.