SME Technology Briefing: Business Continuity Planning and Disaster Recovery
From something as small as a hacker stealing confidential customer data, to as large as a disaster that leaves your premises in ruins, disaster can strike at any time.
Many businesses have developed plans to prepare for any disasters, two of the most common being a Business Continuity Plan (BCP) and Disaster Recovery (DR).
The majority of plans comprise of activities that ensure maintenance, stability, and recoverability of services. Essentially, a plan on how to remain operational during and after a disaster.
In the event of a disaster, your ability to deliver to your customers may be hampered and as consquence there is a risk that your customers will simply go to another company.
Consequently, businesses implement business continuity and disaster recovery plan to ensure they are able to continue provide to their service or product to customers. As such, this will minimise or even negate the loss of customers and also valuable revenue, some of which may be needed to aid further recovery.
What exactly is Business continuity planning?
Essentially, business continuity planning involves identifying steps and actions which mitigate any anticipated problems may disrupt your business’ ability to operate as normal. Tyically, these problems fall into two categories:
1. Physical threats – like fire, flooding or theft or failure of key equipment.
2. Software threats – like viruses, malware, ransomware, and hackers.
It’s important to ensure your disaster planning measures cater for the fast recovery for key systems.
How do I plan for disasters?
Good continuity planning involves methodically examining the threats to your business:
Assess the threats – Consider what threats could pose a risk to your IT systems. For instance, a fire in your premises, a virus infection or the failure of your internet connection.
Determine the probability of each threat occuring – Some threats are much more probable than others. Get expert help to assess risk levels. Your IT supplier may be able to help.
Determine the potential damage – For instance, would the threat take your main customer database offline? Or would the impact be relatively minor?
You should prioritise the threats with the most probability of occuring and those with the potential to cause most damage to your business.
For example, if your business relies on an eCommerce site, can you affored for you site to be unavailable for 1 hour, 5 hours, or 24 hours? What is the impact to your business and customers if this occurs? What if your website hosting provider cannot recover your website from its backup?
Similarly, a power cut could take your server offline. Or, if your customer database is held in the cloud, losing your internet connection could leave you unable to check customer details.
It is therefore also important to identify and eliminate single points of failure.
In such cases, you might think about investing in a backup system, an uninterruptible power supply (UPS) which can keep your server running, and a seocndary cheap broadband service will provide redundant internet connection.
Your business recovery plan
Your plan should also state how your business will react in the event of a problem, identifiying actions and responsible individuals for those actions:
Establish procedures to follow in the event of a disaster – Ensure you have clear lines of communication to notify key people quickly.
Plan how to get your business back up and running – for example, could your staff work from home if your premises were out of action?
Consider short term contingency plans – If it will take time to fix your systems, how will your business cope in the interim?
It is important that you update and test your plan regularly to verify how your communications work in practice, and how long it takes you to get working again.
Business recovery plans are typically included when outsourcing to IT suppliers. Typically, they can provide faster response times and redundant and back up system in case important systems fail.
Most SMEs will include some type of backup system in their plan, to ensure that a safe copy of critical data is available. The factors will need to be considered when choosing a backup system:
1. How much data you need to backup.
2. How often you need to back up – daily, weekly or more/less frequently?
3. How long will you need to keep your backups – How long do you need to keep data? Several weeks, months, or longer? Do you need to keep any data for regulatory purposes? Or, is there any need for you to discard the data after a certain period to ensure compliance with regulations?
4. Where your data is stored – A central file store is typically easier to acces than files stored on lots of numerous systems.
5. Facilities and equipment – How will you access your backups? Who has access to these and who will be responsible for restoration of the data? Ensure contingency systems are compatible with your files.
Many business now use cloud backup service to ensure their data is safe rather than creating backup copies of their data locally. Typically, this entails a fee each month for a service that backsup your data over the internet. This offers many benefits, such as centralised data storage, accesible from anywhere, stored offsite and you only pay for what you use.