Fast-Tracking Your Digital Transformation Series: Part 1
Backup and Business Continuity
Every organization needs a plan for backup and business continuity.
If this wasn’t already evident, then the unfortunate circumstances that companies across the world now find themselves in have shown just how important it is to prepare for the worst.
When an unforeseen crisis strikes, it’s up to your business to have the appropriate measures in place in order to counter it.
What’s concerning, however, is the number of businesses that are wholly vulnerable because of two principle factors:
Undeveloped continuity plan
Many organizations simply do not have a plan for when trouble strikes, leaving them unable to perform vital tasks.
73% of businesses are not doing enough to insulate themselves from disaster and ensure business continuity at all times
Cybersecurity defense
Small and midsize businesses are preyed on by cybercriminals more than ever before, leaving them susceptible to data breaches at a time when companies possess large amounts of sensitive data.
43% of all cyberattacks target SMBs: if you think you’re too small to be attacked; think again
Related Post: Coronavirus Scams: Q&A With Impact’s Director of MIT Security Services
What You Need to Succeed Right Now
With all that’s going on, it’s apparent that decision makers and business leaders need to reconsider whether their plans are good enough.
For businesses that have no mitigation plans at all, it’s playing with fire, to put it mildly.
It’s important to note that for the vast majority of organizations, being hit by with a data breach is a matter of when, not if.
60% of small and midsize businesses don’t have any kind of incident response plan for breaches
SMBs can’t afford not to have a backup plan.
Let’s take a look at the most vital considerations you should make when fast-tracking your backup and business continuity plan.
Impact Analysis
An impact analysis helps you understand which processes in your business will be the most affected and which are in most need of immediate attention in the event of a disaster.
This is where you’ll be asking yourself how long you can survive without certain business functions and what costs you can afford to incur.
This analysis will give you a clear outlining of what your core essentials are and how much disruption will be caused.
Note that this is not a disaster recovery plan in itself, but rather a “What if?” scenario to give you an insight into how the core of your business will be affected.
An impact analysis give you the ability to determine the revenue costs of a disaster and effects on profit, while also showing you other aspects—such as how customers will be affected, damage to the company’s reputation, and whether you can adequately fulfill orders and maintain your relationship with suppliers.
What Do Your Staff Need?
Part of what makes a continuity plan is ensuring that your staff can continue to do their work when disaster occurs.
Many crises, like the current outbreak, force workers to leave the office and instead work remotely.
This is not the first time this has happened, and it will not be the last.
Do your employees have everything they need in order to stay productive while at home?
Staff requirements must be considered when drawing up a business continuity plan, you should think about the following examples of what they might need:
What hardware do they need?
Professionals that rely on intensive software, like data scientists, engineers, and videographers, will often be unable to perform their jobs effectively on their personal devices. This goes for any kind of equipment that employees might need to perform their work.
Do they have access to the software they need?
Many businesses have legacy applications installed on-site on work computers or use software license dongles. Can employees use the apps they need to while out of the office, or will other arrangements have to be considered?
Do they have access to a VPN?
If your organization handles sensitive data that is usually kept within the confines of your internal networks, then workers accessing that data from outside the network should be a major concern. If they need a VPN to protect that data as it travels to and from your network, make sure it’s ready for them.
Keep Good Communication
With a backup and business continuity plan, it can be easy to spend all your time focusing on the tech side of things, but communication is equally important.
A company that can communicate effectively with its staff and its customers has an enormous advantage over those that can’t.
When something goes awry, you must have a strategy in place to explain to customers and employees what has happened and what steps you’re taking to solve the problem.
Most importantly; be honest and transparent, and give stakeholders a reason to have confidence that you have the situation under control.
Identify your crisis communication team
Your CEO should be leading the team, with your most senior public relations employee (or agency) acting as the chief advisor. The senior executives of each department should understand what their role is and what message to disseminate to employees under them.
Identify stakeholders
Who are your stakeholders?
Identify them and draw up a database of stakeholders that you can use to determine what message you want to send and to whom.
Be sure no one is left behind and keep maintaining this database for the future.
Consider your communications channels
How will you convey your message to customers and employees?
- Have scripts written for your service or help desk and maintain a consistent message
- Greet visitors to your website with a message detailing what’s happening
- Pin posts to your social media channels which outline your response to the incident
What Are Your Plans for Recovery?
For the vast majority of modern organizations, a loss of data is unacceptable and must be mitigated at all costs.
12% of companies that experience a disaster could not recover their data
Businesses that find themselves unprepared for a disaster are the ones who lose the most.
Losing data from a disaster not only sets back your business processes, it also has calamitous effects on the viability of the organization as a whole.
80% of customers in developed nations will defect from a business if their information is compromised in a security breach
And this isn’t even accounting for the litigation and other financial costs that arise from breaches—this will increase as data privacy laws continue to be legislated and enacted.
While large enterprises can afford to shoulder the burden of a breach, that is simply not the case for SMBs.
Businesses simply must have a bulletproof plan for immediate recovery with data backed up in quality data centers.
Related Post: Why You Need a Tier IV Data Center
You should be able to identify two things:
Recovery point objective (RPO)
The company’s tolerance for data loss: how much can be lost before significant damage is caused to the business.
The RPO is a time measurement that goes back to when your data was last usable—typically your last backup.
It determines how far back you need to go to get your data back and how much data you can potentially lose in the event of an outage.
Recovery time objective (RTO)
Your RTO is a specified amount of time after a disaster by which a process must be restored before inflicting lasting damage.
Some processes can be down for days without causing harm, others only seconds.
The RTO will help inform IT of their recovery plans and the steps they must take in order to prioritize your essential functions.
Test Your Continuity Plans
23% of companies never test their disaster recovery plan
Once you have a plan put in place, don’t sit back—be proactive about your recovery.
Unfortunately, as nice as it would be to have a one size fits all backup and business continuity plan, that’s just not the reality.
In the same way that every organization needs a unique plan with their own objectives, companies themselves see huge changes in their processes and even their models of doing business.
The technology you use, staff you employee, offices you work in, and many other things are constantly fluctuating.
While a well-thought-out plan may have accommodated you last year, it could well be insufficient this year.
It’s absolutely crucial that you test, test, and test again to ensure that the measures you have put in place and the metrics you used to get them are still relevant.
A dry run will also give you an opportunity to assess the preparedness of your different departments to react to a breach, so you can refine and improve your strategy to the best of your ability.
Cloud data centers are extremely scalable and secure environments for protecting business data from harm and recovering it in the event of a breach.
Find out more about how the cloud can ensure watertight protection for even the most sensitive data by downloading our eBook, “Which Cloud Option Is Right For Your Business?”