Blog

Category Archives: Backup & Disaster Recovery

How to Establish Your Business Continuity Plan

Business Continuity Planning

Why Every Company Needs a Business Continuity Plan

A Business Continuity Plan is a formal document that outlines how your business will continue to operate during an unforeseen emergency. This includes a wide variety of events, such as:

  • Natural disasters (such as fire, flood, or earthquake);
  • Power outages (which can cripple a healthcare facility or manufacturer);
  • Virus outbreaks (like COVID-19);
  • Long-term internet disruption;
  • Cyberattack (which can compromise entire networks and expose sensitive client data, patents, patient history, and customer bank accounts);
  • Cloud provider outage;
  • Critical vendors being compromised or going out of business; or
  • The sudden loss of an owner or other key player.

A Business Continuity Plan can keep your business up and running during the worst of circumstances. It can also help protect your brand and retain customers, safeguarding your company over the long-term.

It’s a bit like insurance. You invest in it and hope you never need it. But when you do, a well-written Business Continuity Plan can mean the difference between protecting your livelihood and losing your business.

What You Should Include in a Business Continuity Plan

A comprehensive Business Continuity Plan (BCP) should include contingencies for everything from business processes and technology to human assets and physical locations. Specifically, it should contain:

  • Disaster Recovery Plans for every conceivable emergency scenario, detailing how critical operations will be maintained during short-term and long-term outages;
  • An Information Technology (IT) Disaster Recovery Plan, covering data security and accessibility, as well as software, hardware, and equipment requirements;
  • A Crisis Communications Plan, detailing how the company will communicate its situation to customers, patients, vendors, shareholders, and the general public;
  • An Employee Assistance Plan, outlining what management expects of employees during the emergency, and how they will support employees during the disruption.

The Four Areas of a Business Continuity Plan

Business Impact Analysis

A business impact analysis (BIA) is a systematic process used to evaluate the potential effects of an interruption to critical business operations. During this risk assessment, operational and financial consequences should be considered for different loss scenarios, capturing the impact of a pandemic versus a cyberattack, for example.

Here are a few important things to consider in a BIA:

  • Identify all critical business functions and processes. Record how each task is performed, who performs it, and the impact on the business should it be interrupted. Consider the effect for a day, a week, a month, and so on.
  • Identify key contacts for every department and division and their responsibilities.
  • Record the company’s organizational structure and identify alternate points of contact, should the structure be disrupted (for example, if a team leader were to become incapacitated).
  • Consider all vendors the business relies on. How would a business interruption impact them? How would you be affected if they had a business interruption? Identify “Plan B” vendors if they are critical to your operations.

There are many tools available to help create and organize a BIA, including questionnaires, data flow diagrams, and BIA software that can help you gather the necessary data.

Recovery Strategies 

After identifying the critical components, you must prioritize them. Identify what resources you have in place currently to protect the company from a negative consequence. Then conduct a gap analysis to determine what additional support you require to get things running again in the event of an emergency.

Keep in mind that recovery strategies may vary along with the disaster that has occurred. For example, if your network is compromised, who knows how to stop the breach and restore your backups? If you have to evacuate your space suddenly, how would you replicate your working environment?

Plan Development

This is the stage when everything comes together in a formal document that will ultimately be shared with all relevant personnel.

  • Document a framework for how recovery will take place, organized by department and solutions.
  • Develop a recovery team that will be responsible for oversight and coordination. All members should have copies of the plan on a flash drive and printed inside a binder.
  • Identify relocation plans, should your physical space become compromised, or an evacuation becomes necessary.
  • Consider manual workarounds for all critical processes, should your technology or machinery become compromised or inaccessible. For example, can scheduling or reporting be completed in an old-fashioned way (paper and pencil)? Should schedules, appointments, or deliveries be printed daily, so customers and patients can be contacted in the event of an office disruption?

In addition to the above, you will need a comprehensive IT Disaster Recovery Plan that addresses the company’s data, software, and hardware needs, as well as accessibility. For example, in the event of a cyberattack, how will you stop the breach, recover your data, and keep operations running in the process? Should your office be inaccessible for any reason, which employees can work from home, and how will they do so? You’ll need to consider remote access, security protocols, software and hardware needs, and much more.

Testing and Training 

Every aspect of a business continuity plan must be tested and proven. Everyone must know what is expected.

  • Begin by simulating different types of disasters. Ask yourself: what worked, what could have gone better, and what was forgotten?
  • Update the plans according to your findings, and test again.
  • Train staff on all relevant aspects of the plan, and ensure the processes are documented so new employees can quickly be brought up to speed (you never know if a disaster can happen during an employee’s first week).
  • Ensure there are multiple copies of the plans, on-site as well as off-site, in print as well as digital.
  • Update the plans as needed to account for new technologies, infrastructure, processes, team members, etc.

Failing to Prepare is Preparing to Fail

Businesses fall into three categories when it comes to business continuity planning:

  • Those with a formal plan are quickly able to resurrect their operations in the event of an emergency. It is likely these businesses already planned for work-from-home scenarios, and in the current pandemic, experienced minimal downtime.
  • Businesses with drafts of untested plans and loose guidelines may or may not be able to mitigate their losses. In the case of COVID, most companies had time to fill the gaps in their planning and get their teams operational. Had the emergency been an immediate shutdown due to a natural disaster or cyberattack, this group may have suffered more.
  • Businesses who have placed business continuity planning on the back burner, hoping never to have to deal with it, suffer the most. These companies are left exposed to business interruption, data loss, revenue loss, as well as eroding customer trust, long-term lost business, and a jeopardized brand.

Emergencies capable of crippling a business can happen at any time, to a business of any size. Don’t get caught unprepared. Feel free to contact us if you would like to discuss your Business Continuity Plan.


How Confident Are You With Your Existing Backup Solution?

How reliable is your current backup system?
Would your business survive a technical disaster?
When was the last time you tested your backup system?
 

These are some of the questions business owners should be asking themselves on a regular basis. Here are some of the answers we’ve heard through the years:

I just bought my server; it’s new so I’m protected.
All my data is in the cloud so I don’t need to back anything up.
I have mirrored drives in my server so I’m sure I’m ok.
Or our favorite…
My IT guy says we’re backing up. So I guess we’re good. 

The fact of the matter is that most business owners do not take data backups and disaster recovery nearly as seriously as they should. IT Web suggests the total cost of data breaches will be more than $2.1 trillion by 2019. In fact, currently the number one threat to business data is Ransomware. Although anti-malware solutions provide some protection, the only guaranteed protection against Ransomware and similar threats is a well-planned and maintained backup strategy.

Backup devices come in many sizes and flavors.  The key to choosing the right backup solution comes down to your expectations.  What is your acceptable level of downtime?  The client who answers that question with “one hour or less” will find themselves with a different solution than the client who answers “a day or two.”  Of course, everything comes with a price and the lower your threshold for acceptable downtime, the higher your cost is likely to be. 

Choosing the right type of backup system for your organization can be tricky.  Some only backup locally, some go off to the cloud, while others do a combination of both.  And then there is the data retention period – how far back do you need to keep the data?  The answers to these questions may be different for companies of different sizes, industries, and needs. And thus the solutions must match these criteria.

So, what happens when your most important server crashes at the worst possible time?  Some of the appliance-based backup systems will actually let you boot up the last backup and run it right off the appliance itself.  This way, no productivity is lost while the server is being fixed.  This functionality is a life saver when you need it.

Finally, disaster recovery testing is always a forgotten step in the backup strategy. Periodic testing of your backup plan is vital to its overall success.  This is the only true way to test the system and make sure the solution is adequate for business continuity.  Too many business owners discover their backup solution has failed when they are already in the middle of a crisis, at which time it’s too late to do anything about it.

Now is the perfect time to assess your backup and disaster recovery solutions, before you need it. Let us help you identify the solution that is most appropriate for your business. Contact us today to learn more.