When it comes to keeping your business in business, it’s important that you have plans in place to deal with both the good and the bad times ahead. Business continuity plans and disaster recovery plans are great way of ensuring that you protect your organisation, however, the two often get mixed up. Many people think that because they have a business continuity plan (BCP) they don’t need a disaster recovery plan (DRP), and vice versa.
They are, of course, very closely linked but with BCPs taking a more proactive approach to avoid and minimise the risk of downtime, and DRPs focusing on recovering from a disaster – they do what they say on the tin! In this post, we’re going to look specifically at the business continuity plan and why you should have one.
Nobody enjoys paperwork, and it’s understandable that many business owners will view a business continuity plan as just another laborious task to complete and that will probably go unused; so here are a few compelling facts which highlight just how important it is to prioritise a BCP.
– On average, a medium-sized data centre will experience over three downtime events each year, with the average power cut lasting over 3.5 hours. Source: Eaton UK
– Some 77 per cent of UK organisations (approximately 4.2 million) experienced connectivity failures in 2016. On average, UK organisations were also found to have suffered 4-5 outages each during 2016 and a wait of six hours every time for service to be restored. Source: ISP Review
– Just over half (54 per cent) of UK companies have been hit by ransomware attacks resulting in variable amounts of downtime (58 per cent of UK companies pay up to get access to data and systems again.) Source: Malwarebytes
– Almost all (97 per cent) of network professionals in a survey by Veriflow agree that ‘human error’ is the most common reason for network outages. Source: Network World
– The average cost of downtime for an enterprise is $5,600 per minute. Source: Gartner
If you’re questioning that last statistic, it’s worth nothing that Gartner’s data was collected from extremely large companies – not SMEs – however, downtime also costs small businesses heavily. Downtime not only results in lost revenue but also in wasted employee time (you’re still paying them even when they can’t work). As well as loss of productivity you may also be paying for services you can’t use such as SaaS solutions that are redundant if your employees are unable to get online. Then there is the cost of getting back to business, such as overtime to catch up on, lost time, missed targets etc.
Depending on your company, losing key business systems can ultimately cost you customers, as your existing customers may choose to go elsewhere. Furthermore, the damage to your reputation and the lack of credibility your business will look to have if there is no disaster recovery plan in place could be extremely costly!
Hopefully the above has convinced you of the importance of having a business continuity plan so that in the event of connectivity issues, a power cut, network outage or cyber attack your organisation can weather the storm and get back to business as quickly as possible.
If you’re under the impression that a business disaster is unlikely to happen to your organisation, you could be mistaken. It could be as simple as one member of staff keeping an eye on an absent colleagues emails whilst they’re on annual leave and accidentally opening a cleverly presented, yet malicious, email. If the email contains ransomware such as ‘Zepto’, it could take seconds for all files on the computer and everything else connected to it – namely the server – to be encrypted.
Before you know it, network systems are unavailable, employees are unable to work, and a disaster recovery plan is essential. In addition to downtime, failing to have a business continuity plan in place can cost an organisation severe reputational damage, and it could even raise compliance issues.
When you’re running a small business, it can be easy to forget that you’re a prime target for cyber criminals, and many people have made the mistake of assuming that hackers are more interested in going after bigger organisations. But, the fact is that when you’re an SME, your cyber defences are easier to breach, as the chances are you won’t have the same budget available to you to spend on cybersecurity as a larger company, and attacking a small business carries a much lower risk than attempting to infiltrate a larger organisation, as the criminals are less likely to be caught.
Furthermore, hackers know that as a small business you’re probably more likely to pay a ransom to have files decrypted quickly, so that business can run as normal and downtime can be minimised. That’s why it’s more important than ever that you have a robust Business Continuity Plan in place, so that these situations can be avoided as far as is possible, and can be dealt with swiftly should they arise. Below, I outline the key aspects you should take into consideration when creating a BCP.
Key considerations for a business continuity plan
The following points will help you understand what needs to be part of your BCP so that you put processes in place to reduce the risk of disruption and recover quickly.
– Critical business functions – what’s going to cost your business most if they are affected by an IT outage or system downtime? These areas need to be prioritised.
– Minimise risk – what can be done to avoid these critical business functions being impacted by downtime, i.e. preventative solutions such as networking monitoring, staff education and awareness about cyber threats and risks etc.
– Improve recovery times – what can you do to reduce the time it takes to get critical business functions operational again? Perhaps by increasing the frequency of back-ups for critical data.
– Failover plans – what can you do to get critical business functions operating during an incident? For example, if your HQ suffers a power cut could staff work from another site?
Need help answering these questions? These free online business continuity tools can help: Click on this link to get started.
Bruce Penson is managing director of Pro Drive IT.