15 Business Continuity Tips You Need to Know
40 percent of small businesses never reopen their doors after a disaster. Today, we look at 15 simple, effective business continuity tips to help ensure your company can survive a catastrophic event.
Whether you’re an IT administrator, a small business owner or a decision-maker for the company, it’s critical to plan for every possible worst-case scenario. Nobody knows what tomorrow will bring, but by having a comprehensive disaster recovery plan in place, you can significantly improve your business’s odds of survival.
On any given day, a wide range of disasters threaten your operations:
- Ransomware infection
- Viruses and malware
- Power failure
- Telecommunications failure
- Infrastructure failure
- Human error
The list goes on and on. And if you’re unprepared for any of these scenarios, your operations could come grinding to halt.
Don’t assume that the disaster alone will destroy the company. It’s the operational downtime following the disaster where the devastation can really add up. In a ransomware attack, for example, small businesses lose an average of $8,500 per hour in lost productivity and expenses. The longer the downtime, the worse your chances of recovery.
Use this checklist of business continuity tips to make sure you’re doing everything possible to mitigate risk and get back up and running again after a major event.
Business Continuity Tips
- Create a business continuity plan.
Your business continuity plan (BCP) is the foundation of your disaster preparedness. It’s a written document that outlines your continuity strategy, identifies risks and provides detailed steps on what to do following each type of disaster scenario. In fact, virtually all the business continuity tips below are steps you’ll need to include as part of your BCP.
Here’s a basic example of what your BCP might look like.
- Form your disaster recovery team.
Your disaster recovery team is a group of individuals who will be responsible for managing all aspects of your continuity planning and activating your BCP in an actual disaster. Since you will probably need the cooperation of several departments when creating your BCP, it’s a good idea to include personnel from across the organization on your recovery ream. This will improve communication and ensure faster collection of information for your BCP.
- Identify your continuity objectives.
Why is business continuity important? You may already know the answer, but others in the organization might not. Identifying the fundamental objectives for your continuity planning will ensure that everyone is on the same page about company risks, technology requirements and action steps. You’ll want to explain the importance of this planning and state exactly what it aims to achieve.
- Assess risks.
Perform a thorough risk assessment to determine the company’s vulnerabilities. In this vital step, you’ll identify all the possible disaster scenarios that would have a negative impact on operations. While certain types of disasters, such as a power outage, will apply to almost every business, the actual risks are unique to each company.
For example, an office building located right on the coast will probably have a greater risk of flooding. A power outage could have far more serious consequences for an emergency healthcare facility than for a PR firm.
Your job is to identify all the events and situations that pose a legitimate risk to the company and its bottom line.
- Prioritize by the likelihood and the business impact of those risks.
The likelihood of various disasters also will be unique to your business, especially when you factor in any existing preventative measures. For example, if you have triple redundant telecommunications lines running into your building, your risk of losing access might be relatively minimal. But that doesn’t mean the threat can be ignored either.
This is why it’s equally important to also identify the business impact of each possible disaster. How would a prolonged power outage affect the company? What would be the real cost of each hour without power, especially when considering things like idle employees and lost revenue? Determining this business impact will help to prioritize the preventive measures that must be taken, as well as the steps needed for a swift recovery.
- Create instructions to be followed in a disaster.
A burst pipe has just flooded the server room and destroyed a business-critical server. What steps need to be taken immediately, and by whom? You must provide clear, specific steps for your recovery teams and other personnel to follow in each disaster situation, as part of your business continuity plan. These instructions will guide the recovery process and eliminate confusion.
- Evaluate existing technologies and protocols.
Review the technologies, services and procedures that are currently in place to mitigate the risk of disaster. This can include everything from your anti-malware software to your fire suppression systems. By evaluating your current implementations, you’ll ensure they are up to date and functioning properly.
- Fill any gaps.
Now that you’ve identified the risks, business impact and existing precautions, it’s time to eliminate any remaining weaknesses. Data backup technologies, cloud services, infrastructure upgrades – wherever you’ve found gaps in your continuity preparedness, you’ll want to fill them with the appropriate solutions as soon as possible.
- List your emergency contacts and communication methods.
Who needs to be contacted immediately after a disaster? Who’s in charge? Although your recovery team will be in charge of activating your BCP, they need to make sure that all stakeholders are in the loop about what’s happening. This is especially important during a major operational disruption. Your BCP should include a list of personnel, along with several ways to contact them in an emergency.
For other company personnel, consider creating a calling tree that outlines who is responsible for contacting whom. Additionally, consider external parties that need to be contacted, such as technology providers, insurance agencies, media and so on.
- Create off-site redundancies.
As the old saying goes, “Never put all your eggs in one basket.” If your company’s most valuable assets are all centralized in one location, without backups, then you’re creating an enormous risk.
We strongly recommend replicating resources like data, infrastructure and operations off-site. With today’s hybrid cloud backup solutions, for example, you can store and recover data both on-site and in the cloud for true business insurance. It’s also a good idea to have a backup location (or at the very least, plans for quickly obtaining one) in case you need to move your critical operations following an on-site disaster.
- Determine your recovery time and recovery point objectives (RTO/RPO).
Your recovery time objective (RTO) is a goal for how quickly your operations (or an individual system) need to be restored to avert a major disruption. Your recovery point objective (RPO) is a goal for how much data you can afford to lose when restoring a backup; it represents the data loss (in minutes, hours, days, etc.) that occurs between the initial loss and the most recent backup available.
Both RTO and RPO are critical components of continuity planning, as they help to determine realistic objectives for recovery—before it’s too late.
- Implement employee training.
Educate personnel on what they need to do in an emergency situation and where they can receive updates from the company if normal lines of communication are broken. Training can be time-consuming and costly for any business—but it could be even more costly if personnel don’t know how to respond appropriately to a disaster.
In addition to recovery training, consider focused training programs on subjects like cybersecurity to ensure that employees practice safe web browsing and avoid mistakes that lead to malware attacks.
13. Put your planning to the test.
Use drills, mock recoveries and penetration tests to find holes in both your continuity planning and your cybersecurity. This should be done at least once a year to check the integrity of your systems and recovery procedures. For example, see how your data backup technologies perform when you try restoring a full backup and running your business-critical apps from the cloud.
- Constantly reevaluate your BCP.
Over time, the information in your recovery plan will become outdated. Managers listed as emergency contacts will have left the company. Recovery procedures will refer to technologies that have been replaced. Make sure your recovery teams review the BCP, at least twice a year, to ensure it stays accurate. As part of this process, you also should be striving to improve the plan even further and identify new technologies and solutions to help achieve your objectives.
- Put people first.
The conversation around business continuity is generally focused on technology. But keep in mind that people are the heart of any business. Without their safety and cooperation, no recovery will be possible. It’s especially important that you plan for how you’ll keep employees safe in a dangerous situation, such as a tornado, fire, building collapse or even a terrorist attack. Evacuation procedures, first aid kits and medical response protocols should all be part of your disaster planning.
Get More Tips from Our Business Continuity Experts
For more information on business continuity solutions for small businesses, contact our experts at Invenio IT. Call (646) 395-1170 or email us at [email protected].