The SMB owner’s complete guide to business continuity
If you’re leading a business, you have to keep an eye on the big picture. It’s a critical part of the job.
Even when operations are humming along and profits are up, there’s always a chance of disaster or incident like a ransomware attack. Just one significant negative incident could disrupt your business. It may sound sensational, but it’s not an overstatement to say that whole companies have been destroyed in the wake of just one unfortunate event.
At the end of the day, responsibility for business continuity falls on you—the business leader.
But developing a disaster recovery plan that will protect your company is a complex thing. Where do you start? What do you need to include? Do you work with an outside consultant? Hire someone full-time in-house? Do it yourself?
It’s important to know what’s involved before making any of those calls. This guide will provide the basic framework so you’re equipped to handle your company’s business continuity strategy with confidence.
Analyze your business
The Association of Continuity Professionals defines business continuity as “planning and preparation to ensure that an organization can continue to operate in case of serious incidents or disasters.” That may seem self-evident, but there’s some important information there.
The goal is to know how your business can continue, no matter what. We’re talking about everything from failing hardware, to a power outage that lasts a few hours, to a hurricane that literally knocks down your building leaving you with no physical office for weeks or months.
Are you ready for those kinds of events? Would you be able to keep right on doing business?
That’s where you should start—with a close and honest assessment of your business. What processes and procedures are vulnerable? How will network downtime affect your staff? How will you maintain communication with customers in the event of a disaster? What’s your worst-case scenario?
Also, talk to specific people within your company who may have good ideas about how to protect data. And don’t forget to be on the lookout for processes that might put your data at risk. Consider a questionnaire or survey asking employees to describe the weakness and strengths of their work processes. Allow them to remain anonymous to guarantee good information.
After reviewing of the weaknesses and strengths you discovered, develop an impact assessment that describes what parts of the business would be most affected by a disaster. We advise you to calculate the financial costs of downtime over a period of a few hours, or days or even weeks. Also, identify the maximum amount of financial loss your business could endure.
None of this is fun to think about. However, it’s critical information. You can’t develop a comprehensive continuity plan without an accurate baseline of where your business is now.
It’s normal to feel apprehensive after the business analysis. You may have even come across previously unknown weaknesses or security holes. But don’t panic. Just because something could happen doesn’t mean it will.
That’s where the risk assessment, your next step, is incredibly helpful. You can even get a professional opinion on your risk for free. The risk analysis, which might be a written document, slideshow, or chart, should directly identify each risk.
For example, your chart might include aspects of the supply chain, private databases containing employee information, and other valuable company resources.
If there are already protections in place for each risk, be sure to mention them in the assessment. Also include a likelihood score for each risk, perhaps a number from one to five that speculates the possibility the disaster will occur.
For each identified risk, determine a response or action to take when it occurs.
For example, if your building is destroyed by a fire, what should happen? How about after a cybersecurity attack or a flood? Address each disaster with a specific strategy.
Be sure to include resources for every response, naming individuals who can be called in to help. If you don’t know who those people are, now could be the time to find some.
Build your plan
After the analysis and risk assessment, it’s time to draft your business continuity plan. Write this plan carefully, and reveiw it frequently.
You might begin with a summary of your strategy, naming your top priorities. For example, a lot of business leaders choose to address the most crucial weaknesses first and the less risky concerns later. If you decided to bring in a professional backup & disaster recovery contractor, you can work with them when writing the plan, asking them to guide you through the most important aspects.
A good plan will consider all angles of business continuity and include ways to reduce or eliminate risks altogether. Be sure to draw up a contact sheet with the names, titles, and contact information of disaster deputies, business partners, and others who are invested in your continuity.
Remember the plan should be accessible to everyone involved. Include checklists for employees to implement in each type of disaster situation and describe what should happen within ten minutes, an hour and a day after the event.
Also, mention what shouldn’t be considered in a disaster—employees need to be able to abandon tasks and rules that don’t make sense during an emergency and they need your authority to do so.
Test and share
Once your plan is complete, think about how to test your continuity responses. TechRepublic says “practice, practice,” because communication among staff and to the outside world is a primary factor in a successful continuity mission.
A PROFESSIONAL DISASTER RECOVERY CONTRACTOR WILL HAVE EXPERIENCE WITH INDUSTRY STANDARDS, SO CONSIDER BRINGING ONE IN.
Every small and medium-sized business will approach continuity in a slightly different way. There’s a real sense of security in knowing that, even if the worst happens, there’s a plan in place and people who know how to implement it.
Ultimately, thinking ahead is the best way to keep your business and your staff moving ahead, even in the midst of a disaster.