Why most existing business continuity plans are no longer fit for purpose in a digital era

In Blog, Knowledge, Services on

Factor in reliance on technology, data and communications, with the risk of hacking in this digital era, and most existing business continuity plans are no longer fit for purpose.

Say the words “disaster recovery” to most business managers and they recoil in horror. Images of fire, explosions and floods clearly rushing to the front of their minds with the resultant damage to their companies flashing up not far behind. Factor in reliance on technology, data and communications, with the risk of hacking in this digital era, and most existing business continuity plans are no longer fit for purpose. Yet, it doesn’t have to be like that. You should not be loosing sleep at night worrying about where to start. A structured approach is on hand.

Stuff happens, we all know that, and while it’s the responsibility of all of us to take the appropriate precautions to minimise the risk of something catastrophic taking place, sometimes it just does. Rivers overflow. Buildings catch fire. Hurricanes happen. Digital threat is upon us.

And while we can’t control everything, it’s the smart business operators who recognise this in advance and take steps to ensure that if it does, they can get their business up and running again – with the minimum impact on customer service. One which takes account of technological and data compliance requirements.

And let’s be clear, while you won’t be blamed by your clients for the force 10 gale that blew the roof off, their loyalty will soon be tested when the interruption to your service starts to impact on them! The resultant damage to your reputation can be critical too.

So what can you do?

Business Continuity Planning – or BCP as this snappy title is often shortened to – is essentially the process of making sure you are prepared for when the worst happens. Prepared enough to make sure you can get your business back up and running again with the minimum impact on your all-important customers.

And it’s a pretty logical process too – but one that with the help of teams like ours at Net-Defence, who have helped countless companies with their BCP, can be undertaken with the minimum of fuss or expense. Business Continuity Planning fit for purpose in a digital era.

Firstly it’s very important to get buy-in at all levels of your business – from the board room to the shop floor. It’s amazing how many people in companies bury their heads on this issue or manage to convince themselves that “it’ll never happen to us”.

The next step is to assess the risks that your business faces – what are the things that could happen and, perhaps more importantly, the risks that you haven’t thought about – that’s where we come in.

  • Could your server room be moved from the basement to an upper floor if there’s a threat of flooding at your location?
  • Do your teams have laptops with which they could work remotely if your office became inaccessible?
  • Is remote access set up with security in place?
  • Do you have the right systems and training in place to reduce your susceptibility to an online attack?
This risk assessment helps you to understand if you are taking the right precautions or if you should take further steps to minimise these risks.

Once you know what could happen, you need to put in place the processes and procedures should one of these events take place. Very often that means putting in place a gold, silver and bronze team who would be mobilised  in the event of the worst happening. Appointing a BCP co-ordinator with the mandate and the authority to take decisions is a good step to take at this point too. Most important is to identify the roles and responsibilities of everyone involved, ensuring that they are part of this process and that they fully understand what would be expected of them. These are the teams that would focus on getting your business up and running again in, say, the first 48 hours after your “disaster” has taken place, so they need to be focused on your:

  • IT function
  • finance team
  • HR team
  • operations people
  • facilities team
  • and don’t forget your communications team – whether they’re internal or external – so that you can keep up a dialogue with all the people that are important to your business

Then, with the temporary accommodation secured; or your teams instructed to work from home; or the basement pumped clear of its flood water, you need to come up with the solution that will help you return to “business as usual” at the earliest opportunity. So the plans you put in place now need to take on board not just your immediate needs in the aftermath of an incident, but the longer term needs of the business too.

‘Fire drills’ for BCP

Most importantly, you need to test your plan to ensure that it’s fit for purpose – and not just once; diary to test it at least once a year to ensure that whatever changes have taken place in the business in that time are accommodated. Compare it to how you run your fire drill.

There is an increasing focus on this type of preparedness – particularly with supply chain and public sector tenders – so even if you never need to put your business continuity plan into action, just having gone through the process can give you an edge over your competitors in some instances.

If your company Twitter account was hacked would you know what t do? This and many more scenarios can be planned for that make your existing business continuity plan fit for a digital era.

As specialists in BCP, Net-Defence has the expertise, the experience, the templates and the checklists that you need to carry out this planning activity before the worst happens.

So prepare for the disaster that might never happen. Sleep easily at night knowing that you’re prepared for it if it does. And you might even gain some competitive advantage in the process.

Contact us for a quote for a no obligation BCP discovery meeting