Your Business Continuity Field Guide
BAM! The worst-case scenario just happened to your business and you need to act fast!
Maybe that means you’ve been hacked and now you’re locked out of your entire system.
Maybe it means you’re the victim of double-extortion ransomware that is holding your data for ransom and threatening to leak it out to the public.
Maybe it means your servers crashed overnight, or your Head of Accounting is experiencing equipment failure – on payday (it’s happened).
Or maybe it just means that your all-knowing, irreplaceable IT guy just quit on you, and you have no idea how you’re going to replace him (or what he did day in and day out that kept things running so smoothly).
Whatever the situation might be, the important question to ask yourself in that moment is, “What do I do now?”
Fortunately, you’re reading this now, and that means your future self will be equipped with a clear plan. Consider this your field guide to chart the best path and ensure Business Continuity through any crisis that may arise. It may be worth saving this article to your favorites so you can quickly reference it later.
Your 3 Step Action Plan for Business Continuity
Step 1: Risk Assessment
Identify the scope of the problem and the ensuing costs of loss + downtime.
RISK = CONSEQUENCE + LIKELIHOOD. As we’ve mentioned previously, instances of cyber-crime have ransomware attacks alone have increased 435% since 2019, with a huge spike in the last 6-12 months – that’s not even counting the increase in other malware attacks. When it comes to Cyber Crime, the likelihood is HIGH and the consequences can be DIRE.
But cyber-attacks are not the only threat. Hardware failure, personnel changes and other environmental factors – like a work-from-home employee losing internet access – also need to be considered. How likely is equipment failure? There are a variety of factors (like do you allow food and beverages near your computer, and do you have small children – or an overly-excitable pet?)
With that framework, consequence + likelihood = risk, you can evaluate the risks which may compromise your business continuity, and prioritize a plan of action.
Here are a few questions to ask yourself now and keep in mind during the worst-case scenario:
- What impact does [RISK] directly have on my business?
- If [RISK] happens, can my employees continue working?
- How long can operations endure without the usual stream of income?
- What secondary losses or problems might occur in a chain reaction of events?
- HARDWARE: Do we have redundancy or replacement hardware for our servers, computers, and devices?
- PERSONNEL: What happens if [ROLE, say IT Manager] leaves the company? Do we have up-to-date hand-over documentation? Do we have in-house staff who can step into the role, or do we have to hire a new staff member, and what is the timeframe?
By taking the time to review the situation and potential loss or damages, you not only have better insight into the amount of time and resources you have to work with, but you also gain clarity on what is a top priority to focus on versus what actions can be taken at a later date (which you schedule during your Recovery Plan).
Step 2: Refer to your Recovery Plan
Your Recovery Plan must be prepared well in advance and be meticulously and regularly maintained.
“But I don’t have a Recovery Plan yet,” you may be thinking. Now is the time to fix that. Here are some quick wins that we highly recommend:
- Make backups of your backups of your backups – Have your backups stored in a variety of ways, such as on the Cloud and in external hard drives. Also, create a schedule that you’ll stick to for when you should create, inspect or clean up backups.A quick note, if you don’t already have a backup or backup strategy in place, please let us sort that out for you. If something goes wrong, backing up from a recent archive can save thousands in man hours, assets and damages as you attempt to retrieve your data – if it’s possible at all.
- Build and maintain your firewalls – both technological and human. Yes, having a robust firewall on your network is important, and that should definitely be implemented and maintained regularly; however, the weakest link in any security chain tends to be the people involved. Make sure your employees are routinely trained and tested in being both security conscious and security competent. Specifically – make sure they all use STRONG passwords, and update them regularly. We also recommend implementing Multi-Factor Authentication.
- Chart out every aspect of your IT system’s security – EVERY solution needs to have a regularly-updated strategy in place which anticipates any and every problem that could arise. Your Recovery Plan must include every key element of your business, so that when the unexpected happens, you have a response ready to go. Remember, a security system that’s a mile deep but an inch wide is a bit like a Castle without a wall, you may lock the doors to the Keep and protect the throne room, but the surrounding village that provides all the food is still at risk.
By doing the hard work of preparing your Recovery Plan before the worst-case scenario hits, you not only increase your chances of avoiding potential disasters and attacks, but when an emergency does pop up, you will have the solutions you need, when you need them, so that you’re not running for the nearest sandpile to stick your head in.
To help you on your way, we’ve created a Recovery Plan Checklist that you can download an enact to ensure your company is in the best positioned for Business Continuity.
Step 3: Evaluate your current Solutions and take action to fill gaps.
What are your current Business Continuity plans, and how have they measured up when it mattered most? Out of necessity, in the past 18 months many businesses rapidly migrated to Hybrid Work situations and adopted a pragmatic approach to data storage and collaboration with services such as:
- Secure Cloud Services (webhosting and eMail and VPN).
- Backup and Recovery solutions which include both the Cloud and external physical drives.
- Zero Trust firewalls and antivirus programs that block malware, ransomware, and phishing attempts. You can find out more about Zero Trust in this article.
These are good individual links in the chain, but how well do disparate solutions coordinate to optimize the overall effectiveness of your security efforts? Chances are, if you’re picking Essential #1 from this provider and Essential #2 from that provider, there’s no communication going on between the two parts of the whole. Each one might have merit on its own, but there’s no centralized System that they’re contributing to, which leaves your system vulnerable.
The Holistic Approach to Business Continuity
Individual pieces of a security setup do not always turn out to be greater than the sum of their parts.
Now is the perfect time to evaluate your Business Continuity and IT Security measures, and develop a more integrated, holistic solution for your business’ protection and growth.
Movaci provides best-in-class solutions for all of your IT security needs, thereby creating a security management service that is greater than a sum of its parts. Not only that, but we provide Managed IT solutions which are tailored to your business goals and needs. This means you receive the best protection for your business, and our variable billing model ensures that you only pay for what you need, when you need it.
See for yourself – schedule a FREE 30-minute consult with one of Movaci’s Solution Engineers, who will show you how our IT solutions achieve a cohesive set of services with compounding benefits.
At the very least, take your first step toward ensuring business continuity by ticking off one item on your checklist – back up now with Movaci’s Managed Online Backup, one of our entry-level services, and ensure your first step toward full Business Continuity.