Expect the unexpected - How to prepare your business for anything
How to create a plan to ensure your business can survive in the face adversity
Imagine a situation where an unforeseen incident meant you couldn’t enter your business premises for day - how would you continue? The security risk landscape is changing and businesses need plan and think differently.
For you as a business owner, it is like your child. Your business is at the heart of everything you do and you’ve invested time and effort into seeing it grow and flourish.
As with anything else in life, the unexpected can always happen. We saw this recently with the British Airways outage. The result of a power surge leading to a global IT system failure, hundreds of flights were grounded and around 75,0000 passengers were unable to fulfil travel plans.
Whether it be a systems failure or, instead, the ever-increasing risk of a cyber-attack, extreme weather, natural disaster or catastrophic health and safety breach, the event of a major incident could severely threaten the operation of your business. Having a plan in place is fundamental to maintaining a level of continuity and ensuring your business can keep running.
This is commonly known as business continuity planning (BCP) and is what will help key elements of your business to remain viable. Disaster recovery plans (DRP) focus on the different elements individually, so if a server goes down for example, or an entire site is taken out of operation, there is a plan to handle it. A BCP will therefore consist of several DRPs.
The International Organisation for Standardisation (ISO) was established with the aim of setting and maintaining global standards across all products, systems and services. From child car seat regulations to how public services respond to a major emergency, it’s there to ensure quality, safety and efficiency, benefiting both businesses and consumers all over the world.
As part of its remit, ISO 22301 – or the business continuity standard sets out the requirements for business continuity management programs – to help businesses ensure everything is covered in plans.
A 2014 KPMG study found that 80% of businesses with a well-planned business continuity plan were more likely to survive a major business interruption incident. 20% of businesses weren’t aware of the financial impact a five-day disruption could result and despite the fact the cyber threats have significantly increased in recent years, 36% of businesses stated that cyber terrorism was not mentioned in their BCPs.*
These are just some of the risks faced by businesses today and many companies aren’t fully aware of the threats they face. As a small business owner with a lot of resource, time and money invested in your venture, it’s important to get a plan together if you don’t have one already. According to an article by entrepreneur.com, there are 7 fundamentals to creating a robust BCP:
- Home working – by working from home, you’ll be able to assess how much (or little you’re able to do remotely, without office or site access. This is more relevant to some types of business than others but it is a good indication of how ready you’d be in the event of something happening.
- Compile a list of essentials – what are the most important services you’d need to keep your business running after a disaster? Plan for the worst-case scenario and think about everything that you would need to keep things going.
- Leadership – if your business has employees, appoint people to be responsible for certain areas should disaster strike
- Develop a communications plan – ensure you have a way to notify your staff, customers and clients of an emergency. Clear communication is everything. List who you need to communicate to and how. Remember, these plans might not be easily accessible should disaster strike, so keep print outs ready at home!
- Cloud storage – Make It Cheaper’s IT Director Terry Rose says: “Don’t be scared of ‘the cloud’. It can be your best friend in the event of an incident. Avoid using locally hosted servers and technology as that can be a single point of failure to your business.”
- Alternative sites – again, this is only relevant to certain types of business but if you can, arrange a backup site where you can operate from if something were to happen at your main location. Make sure you test the feasibility of this alternative, to ensure it works in reality!
- Staff and personal safety – finally, and perhaps most importantly for certain types of disaster, be sure to think about and plan for what you and your employees may require in case of emergency, to ensure everyone is kept safe.**
It’s not just about creating a BCP and DRP’s, it’s also important that they are regularly reviewed and updated in line with any changes or developments in your business. For example, as your business grows, you’ll need to make sure that your plans are adequate and flexible enough to cope.
Having a strong and well tested Business Continuity Plan can ultimately result in the survival of your business during a major incident. British Airways is a prime example of a plan executed badly. Theory is everything but People, Processes and Technology must be regularly tested to ensure the plan works. – Terry Rose – IT Director, Make It Cheaper.
Find out more about disaster recovery planning with the below resources.