A business continuity plan that can’t be updated
A BCP must evolve and adapt over time in line with the growth of your business, changes to the risk climate, and technological progress. With new ransomware and malware schemes regularly developed by cybercriminals, it goes without saying that your BCP plan must be constantly updated.
First, consider whether your plan addresses the right risks for your business—not just the risks currently grabbing media headlines.
Then, prioritise the order in which your IT system should be restored—starting with the truly vital platforms to ensure your business can keep functioning during a catastrophic emergency.
Make sure every single employee is properly trained on your BCP. This is particularly important to stop the fallout from malware in its tracks. One untrained employee can undo in a second all the cyber security training undertaken by the rest of your staff.
Remember that disasters impacting a business’s data integrity and business continuity happen all the time. Loss of data and service can result in a significant financial impact and reputational damage to your business, so choose an IT partner that monitors your data backups and ensures your data and business IP is always protected.
Failing to recognise the proper risks
The Ministry of Business presents a practical ten-step guide to Business Continuity Plans to help you protect the most important aspects of your business—much of it based around protecting your IT functionality.
The first four steps are based around risk identification:
- Identify your key products and/or services and consider how you can reduce the risks to the most profitable ones. If disaster strikes, you could drop or pause your least profitable activities.
- Prepare for expected employee absences. Identify your key people and consider who is vital for business continuity. Develop a plan for the continuity of leadership in the event of absence from key decision makers and executives. Are you too reliant on one person for key tasks? Could you easily recruit temporary staff? How can you support affected staff and their families?
- Identify your key connections. How robust is your supply chain and do you have a backup, especially if transport systems are down? Who could help you get back up and running? Your bank? Landlord? Advisors? What if you can’t access your premises or
- Identify essential equipment and supplies. Could you source alternative equipment or premises if yours are out of action? Consider flexible work arrangements. Are your employees equipped to work anywhere at any time with the ability to connect to networks, email etc? The guide also covers considering relocation options if the need to vacate your premises arises, insurance options including business interruption insurance, and the need to identify someone who could run the business in your absence.
Do you have updated emergency contact details on hand? And one of the most important considerations: are you regularly backing up all your critical and sensitive data?