What Is A Business Continuity Plan?

Can Your Business Afford Downtime?

To what extent are you willing to risk your data and your staff’s time? 

If you and your team couldn’t access your data for an hour, a day, a week - what would you do?  What would the consequences be for your business?

Can you answer these questions comfortably?

More and more, everything is connected to the internet, it’s no longer just email. Very often, phone systems, cloud based software (Sharepoint etc.), cloud based data storage and back ups are all accessed via an internet connection.  For this reason, any interruption to the internet can spell disaster for productivity.

In the event your internet connection is lost, how prepared are you and your team to set in action a plan that would ensure you could carry on working until the issue is resolved?  What level of productivity is acceptable during the response phase to ensure reaching the recovery phase? How will you generate that level of productivity when faced with a disruptive event? 

If the internet goes off or you have a power cut, it will become immediately clear that it’s very difficult to continue your business without some sort of contingency plan.

Common names for this plan include:

The name of the plan is far less important than its existence. Even having the most simple plan in place is better than no plan.

Disaster Recovery Training

Most important of all is that everyone in your team is familiar with the contents and has been trained on what to do should the need arise.

By way of example, it has been well documented that airline passengers who pay attention to the pre-flight safety briefing have a greater chance of survival.  A recent article entitled “Airplane accidents are 95% survivable. Here are seven ways to increase those odds even more”  lists number five as:

  • Pay attention to the safety presentation

This bullet point references the infamous 2009 Hudson River US Airways flight, captained by Sully Sullenberger, where only about 30% of the passengers had watched the briefing. It states “After the impact, only 10 out of the 150 people on board grabbed their life vests and evacuated with them.  The most cited reason for ignoring the briefing? Frequent fliers thought they were already familiar with the equipment on board.”

Is there a plan in place for your team to familiarise themselves with? If so, what percentage of your team have ‘watched the briefing’? 

flight safety

Business Continuity Plans

A lot of businesses have business continuity strategies already available to them; crucially, however, they are missing an action plan. As the events of 2020 have illustrated so clearly, business continuity is a much bigger subject than simply accessing backed up data. Think about the things your business really depends on and how long could it function without them, and then decide what you could do to mitigate the ensuing issues.

Here are some suggestions:

  • Back up your data regularly and test that you can retrieve the data at any time
  • Ensure your entire cyber security stack is protected: look at the route the internet takes into and out of your business. The internet is effectively the gateway to your business and you require protection from viruses, phishing attacks, malicious links etc. Have a good firewall in place that runs its own antivirus)

Back Up Your Data

Cloud based data services promise that your data is protected by your cloud provider. However, it is important to know that this is not a backup of your data, rather they aim to provide continuity of service. Whether you use G Suite, Microsoft 365 or iCloud, if your data is lost, recovering that data becomes very expensive and can take a long time, if at all – you are therefore responsible for ensuring your data is backed up.

Consider all the locations where your data is stored. In the event that you couldn’t access it – what then?  Popular accounting software Xero is a good example of a third party cloud based service that states that your data is backed up and protected online so that it’s always available to access when you log in. They further state that each business is responsible for keeping records of data sent into Xero, and recommend regularly performing your own back ups. For example, if you were blocked from logging in you would still be able to retrieve your transactions. 

Cyber Security

Cyber crime has evolved into a highly organised and sophisticated industry. Cyber criminals will exploit any weaknesses they can find in order to sequester funds. Now a trillion dollar global industry, there has been an estimated £13 billion cost to UK businesses in 2019 alone.

Protecting the continuity of your business therefore requires preventative cyber security measures including protecting your users against the most common cyber threats which include:

  • hacking of email and social media passwords
  • phishing scams via bogus emails requesting sensitive data
  • malicious links/software (malware/viruses) through which criminals can hijack files and hold them to ransom (ransomware).   

The recent high profile ransomware attack on Garmin of 2020 - where they paid a reported multimillion dollar ransom to restore scrambled data – highlights the fact that no business is immune to this activity.

cyber safety

Protect Your Whole System

Have you considered all the components of your network and not just the laptops and PCs your team use? As the internet is the gateway to your data, holistic protection will require the implementation of security measures across the entire Cyber security stack:

  • Application level
  • Network level
  • Endpoint level (eg. Laptop/PC)
  • Cloud level

Map out all the components of your tech infrastructure and detail what protections are in place. This can be as simple as having a good firewall in place that runs antivirus itself. However, having firewalls in place on devices and servers is not enough. In addition, if it’s an office location, source the device that manages the internet traffic going in and out of the business and ensure that it has antivirus protections in place.  

Many businesses are now replacing their on-premises data storage (in the form of a physical server) in favour of a cloud based ‘serverless office’ solution.  If an issue arises with the internet connection in one location, people external to that internet connection can still access the data in the cloud.  During the first lockdown of 2020, businesses that were prepared for such an event were able to have their businesses continue because they could relocate their staff to work from home with relative ease.

When it comes to business continuity, flexibility is key.

Business Continuity Checklist

If this article has heightened your awareness around the importance of creating and sharing a business continuity plan with your team, these are some next steps you can action:

  1. Detail the various locations your data is stored and any applications used to access it
  2. Map your network infrastructure and current levels of cyber security.  Detail every link and device in the chain, including the companies supplying your power and internet connection
  3. Identify any weaknesses and employ additional measures to optimise your security (you may wish to consult an IT security expert)
  4. Create a business continuity plan – this may be as simple as engaging a wireless back up plan (eg. Hotspotting from mobile phones)
  5. Train your team to familiarise themselves with the plan
  6. Organise a test event – turn off the power and/or internet for a test window and use the resulting experience to improve your plan