By Fritz Coyro
If the COVID-19 pandemic has taught us anything in the last year, it’s to expect and prepare for the unexpected.
Organizations without a business continuity (BC) or disaster recovery (DR) plan struggled across the board to redefine how to do business — losing revenue along the way. But organizations that had BC and DR plans — and tested them regularly — made the transition with ease and discovered a new way of doing business.
How does a business continuity and disaster recovery plan help organizations?
Even in a normal business climate, there are many benefits to implementing a BC/DR plan:
- Develop muscle memory: Practicing a disaster scenario via tabletop or with a real exercise develops a kind of “muscle memory” when a situation really does happen. When (not if) an incident does happen, hours and days are shaved off the recovery process. The last thing you want to do in a chaotic time is not have a plan.
- Meet customer requirements: Many security frameworks, vendor agreements and customers are requiring organizations to have defined, documented and tested plans in place in the case of a disaster.
- Meet insurance requirements: Insurance providers of cyber insurance have started requiring their policy holders to have plans in place before writing a policy. This is becoming standard practice and is increasingly seen as a requirement as opposed to a nice to have.
- Build resiliency: No one can plan for everything, but creating and implementing a plan (and practicing with it) can give you the blueprint for surviving one of many threats, from a cyberattack to a natural disaster.
- Cut down on your recovery time: When your business is down, it’s not just the revenue loss that affects you. It’s also the hours of employee downtime, additional time spent getting back up and overall impact to your brand reputation. A BC/DR plan can be the difference between losing a few hours of employee salary versus losing a week of it. Sometimes it’s next to impossible to build back the brand image, which can do irreparable damage to the way customers view your business.
The range of challenges that a BC/DR plan can help you overcome is wider than you might think. For example, one of our clients experienced power and communications outages due to a nearby plant, but their BC/DR plans allowed them to switch to alternate processes and keep on running.
What makes up an effective business continuity plan or disaster recovery plan?
Creating a successful BC/DR plan starts with prioritization.
- By performing a business impact analysis on your applications, you can highlight which are most important to your business environment. For example, if you’re an online retailer, your website and order entry application are going to be tier one in importance to business continuity.
- Once you know which business processes and applications are most important and have prioritized them into tiers, step two is determining what is an acceptable amount of time for those applications to be down in the event of a disaster. Since the quicker you want to recover, the more money you’ll spend doing so, you’ll want to focus on getting tier one applications back up and running. A BC/DR plan can define your acceptable timeline, as well as how long you can wait on tier 2 and other applications.
- After that, you can begin looking at your recovery options, such as which pieces of technology you may need to enable a faster recovery. Cloud-based technology was critical to enabling organizations to quickly transition to remote work during the pandemic, so organizations that had transitioned off of on-premises technology because their BC/DR plans had identified this potential challenge were already one step ahead.
- The final piece is often overlooked but no less important. Enabling business continuity or a fast and effective recovery requires periodic testing and keeping documentation up to date. We recommend testing quarterly or annually to help ensure your plan will actually work as designed. And since your business environment is going to change after you’ve created your BC/DR plans, making necessary updates and keeping documents up to date is just as critical.
How Wipfli can help
Wipfli’s business continuity specialists can help you create effective business continuity and disaster recovery plans — from performing a business impact analysis, to helping you develop your plan, to performing testing. Click here to learn more.
Sign up to receive additional content and information in your inbox, including our WipfliSecurity Weekly email detailing the most critical cybersecurity threats, vulnerabilities, patches and updates.
What are RTOs and RPOs in business continuity planning
Concerned about disasters or ransomware? Practice!
Fraud and cybercrimes exploding during COVID-19
Take remote work to the next level