Have you ever had something go really wrong with the IT at a business you own or run? Something like a data breach, a server failure or a hack?
If so, perhaps you take disaster recovery and business continuity seriously. Unfortunately, for many, the impact of such an event doesn’t become clear until it happens. And, needless to say, by then it’s too late to do much about it.
It’s not as if the statistics don’t speak for themselves; A recent survey showed that 55% of businesses had experienced a cyber attack in the previous 12 months, and 50% had experienced a data breach. They’re not great odds with which to cross one’s fingers and hope.
What to do?
Despite a reality where the modern world dictates that many of the threats facing businesses are IT-related, awareness of what to do about it seems worryingly low. A large-scale UK government survey recently revealed a low level of “business awareness of cyber security initiatives.” (While the numbers were particularly poor among smaller businesses, it is fair to mention that only 57% of representatives from “large firms” were aware of ISO 27001, arguably the most well-known information security standard.)
In practical terms, an ongoing process of business continuity planning needn’t be absurdly complicated. It’s more that the planning actually needs to be done – even though it involves an investment in time and money that’s not going to add anything to the “bottom line.” Thinking about it on the most basic level, business continuity planning is about analysing the possible threats to a business, working out what can be done to mitigate them, and planning and testing how recovery is dealt with should the worst happen.
The process is valid even for a “one-man-band” freelance business. Say, for example, you are a freelance writer with daily deadlines, working from a laptop in a home office. What happens if the laptop’s hard drive fails? Assuming you have (reliable and tested) backups, how quickly can you source a new drive, restore that backup and regain your level of productivity?
If the answer to the question suggests you’re likely to miss deadlines and upset clients, then there are shortcomings in your business continuity plan. A plan to mitigate such an event could include having a spare hard drive readily available to swap out, keeping copies of essential data in the cloud, or having a substitute computer ready to cover all eventualities.
This is obviously a highly simplified scenario, but it gets to the heart of what business continuity is all about. Businesses of all sizes need to consider all their possible “disaster” scenarios, ranging from a fire or flood to loss of access to business premises due to a terrorist attack. They then need to work out how they would deal with the events and put the plans to the test.
Whether your business continuity plan involves failover servers, load-balancing and dedicated substitute offices, or merely requires you to have a backup laptop on hand, the principle is really no different. The important part is that you have a plan in the first place!