When it comes to keeping your business running, it’s important to have plans in place to deal with both good and bad times ahead.
Business continuity plans and disaster recovery plans are an excellent way to ensure the protection of your organisation, however, it’s easy to get the two mixed up. Many people assume that because they have implemented a business continuity plan (BCP) they do not require a disaster recovery plan (DRP), and vice versa.
It is true to say they are very closely linked, but to briefly explain; BCP’s take a more proactive approach to minimise and avoid the risk of downtime, whilst DRP’s focus on recovering from the disaster.
In this article we will look specifically at the business continuity plan, why it’s a good idea and why you should have one.
Generally people do not enjoy paperwork, and business owners understandably will see a business continuity plan as just another tedious task to complete that will probably go unused; so here are a few interesting facts which could highlight the importance of a BCP.
On average, a medium-sized data centre will experience over three downtime events each year, with the average power cut lasting over 3.5 hours. Source: Eaton UK
Some 77 per cent of UK organisations (approximately 4.2 million) experienced connectivity failures in 2016. On average, UK organisations were also found to have suffered 4-5 outages each during 2016 and a wait of six hours every time for service to be restored. Source: ISP Review
Just over half (54 per cent) of UK companies have been hit by ransomware attacks resulting in variable amounts of downtime (58 per cent of UK companies pay up to get access to data and systems again.) Source: Malwarebytes
Almost all (97 per cent) of network professionals in a survey by Veriflow agree that ‘human error’ is the most common reason for network outages. Source: Network World
Depending on your company’s area, losing vital business systems could ultimately cost you customers, because your existing customers could choose to go elsewhere. In addition to this the damage to your reputation and the lack of credibility if there is no BCP in place could be extremely costly!
Hopefully the above has persuaded you to think about the importance of having a business continuity plan so in the event of a power cut, connectivity issues, network outage or cyber-attack your business can ride the storm and get back to business as soon as possible.
If you’re under the impression that a disaster is unlikely to happen to your business, you might be mistaken. It could be something as simple as a staff member keeping watch of an absent colleagues emails whilst they’re on holiday and accidentally opening a cleverly presented, yet malicious, email. If that email contained ransomware, and the attack was successful, it would only take a few seconds for all the files on the computer and everything else connected to it – namely the server – to be encrypted.
Before you know it, your network is unavailable, staff are unable to work, and a disaster recovery plan is vital. In addition to downtime, failing to have a business continuity plan in place could cost a business severe reputational damage, and it could even raise certain compliance issues.
When you’re busy running a business, it could be easy to forget that you are a prime target for cyber hackers, and many have made the mistake of assuming that these hackers are only interested in going after bigger organisations. But, the fact is that when you’re an SME, your cyber defences are easier to hack, reason being you will not have the same budget available to you to spend on cybersecurity as a larger business, and attacking a small company carries a much lower risk than attempting to infiltrate a larger organisation, as the cyber criminals are less likely to be caught.
Not to mention, hackers know that a small business is more likely to pay a ransom to have files decrypted quickly, so that business can get back to normal and downtime can be minimised. That’s why it’s essential that you have a robust Business Continuity Plan in place, so you can avoid these situations, and deal with them swiftly should the need arise. Below, I outline the key aspects you should take into consideration when creating a BCP.
Key considerations for a Business Continuity Plan
- Key business functions – what is going to cost your business the most if they are affected by an IT outage or system downtime?
- Minimise the risk – what could be done to avoid critical business functions being affected by downtime, implement preventative solutions such as cyber awareness on risks/threats, staff education and network monitoring,
- Recovery times – what could you do to reduce the time taken to get critical business functions operational again? As a suggestion, increase the frequency of backups for critical data.
- Failover plans – what could you do to get important business functions operating during an incident? For example, if your head office suffered a power cut could staff work from another location?