Cyber threats account for some of the most serious and prolific risks against SMEs, many of which can cripple a company that isn’t sufficiently protected. For many companies, it’s worth asking: can our IT department protect us? And if not, are we prepared in the event of an unexpected disaster that prevents us operating as normal?
However, cyber attack is not the only risk to business continuity. Power outages, adverse weather, terrorism and a host of other unforeseeable incidents can result in IT systems being unavailable, or inaccessible.
Preparing for the unexpected is something every business should do at least once a year (or more frequently, if you operate a high-risk business and the HSE recommends greater precautions are taken).
Business continuity planning
Business continuity planning is defined as: “A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.”
Without continuity planning, companies can go out of business. Over 40% of those affected by the 1996 IRA Manchester bombing went under, never to return.
Maintaining IT systems in the event of a disaster is mission-critical. Without phone lines, email, computers – ways for the team to communicate and keep in contact with customers – a shutdown could cause prolonged damage to a business.
Are your IT systems resilient enough?
Business continuity planning is a different exercise for companies with on-site IT systems. When your servers, phone lines and core systems are on premises, you are running a much higher risk than companies that operate in the cloud.
Not only are on-site systems easier to cripple when a cyber attack happens, but without backup, anything that happens in the office – such as a fire or flood – could potentially destroy vital records, customer data, and everything you need to run the company. It is hard to ignore how much we store in digital files and how important they are to most businesses. Anything that damages your head office could have serious ramifications for years to come.
When weighing up the risks to vital IT systems, it’s recommended that you go through the following 5 step process:
- Analyse the business – what do you rely on? How/where does it operate and how soon could you get back to ‘business as usual’?
- Assess the risks – what risks are likely, what should you plan for? And how do you prevent them? If that isn’t possible: How soon would your IT team be able to get everything back online so your team can get back to work (even if that meant moving office or staff working remotely for a while)?
- Develop your strategy around an operational goal of getting back to work as soon as possible.
- Work out the details so that plan can be implemented
- Rehearse that plan. Make sure you’re confident it can be implemented in the event of a disaster scenario actually occurring. Unless your IT team can handle a trial run, you can’t know how they would manage a real emergency.
As part of this plan, ask your IT team the following questions:
- In the event of anything from a power cut to a fire, do we have a cloud-based backup of everything on our systems?
- How quickly can we restore vital operational systems and are we clear which need restoring with backups in place in the first 24 to 72 hours after a disaster?
- During a rehearsed disaster plan, how soon until – as far as clients are concerned – will the business be operating as closely to normal as possible?
From a planning perspective, if there is uncertainty on any of these points, you may need to rethink your business continuity planning. Putting the right steps in place to recover from anything unexpected is the best way to ensure you are prepared in the event of an emergency. Making sure vital systems are backed-up or running from public cloud and cloud-based platforms; one of the most effective ways to maintain business continuity if the unimaginable should happen.
Note: Business continuity planning is not just for the major incidents that have an effect on the entire business or departments. It’s also for more ‘minor’ incidents where individuals may be unable to continue with their work. This can have a significant impact on productivity and effect the bottom line.
Many of these incidents can be resolved by your IT support team or service desk, but it’s important that they know how to prioritise support tickets to ensure that mission-critical and other important functions don’t suffer from unnecessary downtime. Speak to your IT service provider about this to ensure that the processes are in place to identify the incidents that impact business continuity most severely, and that these are prioritised accordingly.
Download our article on ‘how to drive IT service desk efficiencies’ for advice on how to make your IT service desk more efficient…