Remember when you were young and your school conducted a fire drill? All students exited the school in an orderly, quiet fashion in single file. Or perhaps your school didn’t have a plan in the event of a fire? Or if they did, perhaps they never had a drill? Was it important to know what to do if there was a fire in your school?
A Disaster Scenario With and Without a Business Continuity Plan
Have you ever taken a cruise? If so, you probably remember the muster (life boat) drill. Everyone on the ship participated so that everyone would know how to reach a lifeboat if the order was given to abandon ship. Was it really that important to know how to reach your lifeboat in the event of an emergency?
If you don’t think a school fire drill or a muster drill are important, then you probably don’t think a business continuity plan is important either. If this describes you and you have a small to medium-size business (SMB), please read on….
Life Without a Business Continuity Plan
You are a business owner and this morning, your offices were demolished by fire. You visit the scene and realize that the building, office furniture, and IT equipment are all destroyed. Not knowing about the fire, your employees are showing up for work. You and your employees are standing in the parking lot of your office building and your employees are awaiting your instructions. You don’t have a business continuity plan. You never thought this could happen to you so it was not a priority. The question is: What do you do now?
The answer is: You wing it! You tell your employees to go back home and that they will be contacted about next steps. You call your office manager and the head of IT to see if they have any ideas. You discover that IT has been backing up all your company’s systems to tape but unfortunately the most recent backups were stored onsite. Your IT team had no disaster recovery (DR) plan in place and you do not have a DR site available. IT will need to purchase new equipment and find a new location to temporarily house both equipment and employees.
You contact key staff members and realize that NOW you need a plan to get the business back up and running as quickly as possible. You secure a conference room at the nearest hotel and ask key staff members to meet you there. You start to whiteboard a plan of action but there is no time to think about best practices. The meeting is a brainstorming session, but unfortunately none of your staff have any experience in a disaster situation and neither do you. You decide that you need to bring in a consultant to assist with developing and executing a plan to get your employees back to work. It takes time to find a consultant. It takes time to develop a plan. It will take too much time to get your business back in business and only if you can recover most of your lost data.
Every minute you spend planning and delaying getting your IT data center back up is costing you around US $8,851 per minute according to Ponemon. Worst yet are the statistics quoted by the Federal Emergency Management Agency (FEMA): 40 percent of businesses do not reopen after a disaster and another 25 percent fail within one year. The United States Small Business Administration has published similar statistics: over 90 percent of businesses fail within two years after being struck by a disaster.
You can bet not having a business continuity plan in place increases your chances of going out of business even further.
A Business MUST HAVE: A Business Continuity Plan
When the World Trade Center fell on September 11, 2001, many companies lost employees, equipment, offices — everything — but one company that was headquartered in one of the Towers was back up and servicing customers within 24 hours. Imagine! The September 11th attack was the largest attack on U.S. soil but despite loss of life and unheard-of destruction, this organization automatically routed service calls, reassigned employees and equipment, and was back online the very next day. This is an example of a business — albeit a large business — with a solid, tested business continuity plan.
Figure 1: Total Cost by Primary Root Causes of Unplanned Outages Comparison of 2010, 2013, 2016; $1,000 omitted Source: Ponemon. The Cost of Data Center Outages January 2016
Thankfully, the U.S. hasn’t had such an attack since 9/11 but there are many types of disasters — both man-made and natural — that can devastate your business when you least expect it. And, we are not just talking about terrorist attacks, acts of war, fire, floods, weather events, infectious disease, or pandemics either. Other types of disasters include theft or vandalism, loss or illness of key staff, a crisis affecting your brand, any major loss of critical data, and cyber-attacks.
Let’s just take cyber-attacks as one example. Recently, Roger A. Grimes, CSO Columnist, published an article entitled “The 5 Cyber-Attacks You’re Most
Likely to Face,” where he talks about the attacks most companies experience: socially engineered malware, password phishing attacks, attacks on unpatched software, social media threats, and advanced persistent threats. And, according to the Ponemon Institute research report, “2016 State of Cybersecurity in Small to Medium-Sized Businesses (SMBs)”, 55 percent of respondents said their companies have experienced a cyber-attack in the past 12 months and 50 percent report they had data breaches involving customer and employee information in the past 12 months.
Cyber-crime represents the fastest growing cause of data center outages, rising from 2 percent of outages in 2010, to 18 percent in 2013, to 22 percent in the latest study. As you can see from Figure 1, the cost of cyber-crime in 2016 was at $981,000, up from $613,000 in 2010.
While not every cyber-attack can bring your company to its knees, it is likely that the right kind of attack can have a detrimental impact on your business. Even if you back up all your data to protect your organization against cyber-attacks, an attacker can target your backups through the backup agent on a device. In fact, there are many ways to inject malicious code in a local agent and compromise backup data in the cloud. For this reason, you need to do more than back up your data. You need a backup solution, such as Acronis Cyber Backup Cloud, that provides active protection.
Acronis Active Protection is a key feature in Acronis Cyber Backup Cloud that protects your data and systems from ransomware attacks by detecting, blocking, and reversing suspicious changes to data, backup files, and the backup agent. It safeguards your data from recent ransomware attacks, including Petya, WannaCry, and Osiris.
But just like a cyber-attack, a disaster does not discriminate. If you are an SMB, you are just as likely to experience a disaster as an enterprise organization.
Life with a Business Continuity Plan
You are a business owner and this morning, your offices were destroyed by fire. You visit the scene and realize that the building, office furniture, and IT equipment are destroyed. You immediately invoke the business continuity plan and your team springs into action.
Despite the chaos associated with an unexpected event such as a fire, your organization has tested this plan under different scenarios and you are confident that your organization is as ready as it can be. Your IT team has developed a DR plan and uses Acronis Cyber Disaster Recovery Cloud. IT expects the data center to be back up and running within a few hours.
IT Business Continuity Ensures You Get Your Business Back to Business
Downtime will cost your businesses revenue, your reputation, and can sometimes drive you out of business. If you cannot recover your critical business data for a prolonged period, you may simply end up being out of business forever.
Traditional availability and recovery solutions can be complex, risky, and challenging. Even when deployed, they may not provide any guarantee of full recovery. This is especially true of tape or homegrown approaches (typically a duplicated infrastructure), which offer limited automation, recovery scope, and recovery times.
But your IT team uses Acronis Cyber Disaster Recovery Cloud, a turnkey, self-service solution, built upon Acronis Cyber Backup Cloud, that protects your critical workloads — on premises, in remote systems, and in private and public clouds — by instantly recovering critical IT systems, applications, and data utilizing the Acronis cloud infrastructure. Even with a full-site outage, your IT team can switch production workloads to machines in the Acronis Cloud Data Center in seconds, letting you get back to business fast.
A Happy Ending
Thanks to your business continuity plan, your IT systems will be back up and running quickly. In addition, you have already identified a new office location, leased new furniture, and have re-routed the phone system and internet service to the new location. Employees are notified when to return to work. Obviously, the list of tasks within the plan is more comprehensive but with a tested plan, everything is running like clockwork.
With a tested business continuity plan, your business can be back up and running within a few days — maybe even sooner — minimizing downtime costs, lost revenues, and brand damage.
The fact is, if you haven’t developed a business continuity plan before a disaster happens, you will be developing it after a disaster strikes. Why take the chance of losing your business and losing valuable time when a disaster happens? And if you are still not convinced your business needs a business continuity plan after reading the above, ask yourself this one question. When it comes to your personal life, do you have a career plan, financial plan, or retirement plan? If you develop plans for the important aspects of your day-to-day life, why would your business be any different?
If you don’t have a business continuity plan:
- Start developing your business continuity plan today by using one of the templates available online. As an SMB, the use of a template will keep you focused on the important plan elements.
- Be sure to include an IT disaster recovery plan as well. An IT disaster recovery plan is a major sub-component of your business continuity plan. It is a roadmap that defines the steps to continue IT operations and resume IT systems, including the network, servers, desktops, databases, applications, and any other components of the IT infrastructure.
Lastly, remember that your business continuity plan is never final. On this topic, you may want to refer to an Acronis article entitled “Are You Sure Your Business Continuity Plan Still Works?”