Every company, regardless of size, needs a business continuity plan. Just one natural disaster, global event, or cybersecurity incident can cause severe interruption. Statistics suggest many small- and medium-sized businesses won’t recover; even if they do reopen, chances are they’ll close within the year after the disruption.

Even a minor incident can be quite costly—especially for those providing online customer service or eCommerce. According to Gartner’s statistics, the average cost of downtime for a business is a staggering $5,600 per minute. Thankfully, a good business continuity plan can mitigate business losses and help a company survive a catastrophic event.

UNDERSTANDING THE RISKS

Businesses in every industry need to understand the primary threats they face, along with the level of risk. Once those are understood, they can be factored into the business continuity plan to safeguard against the threats most likely to occur. Common disruptors include:

• Power Outages – Power outages are a risk every organization faces because they can happen due to weather events, cybercrime, trees toppling over wires, or any number of other occurrences. Additionally, unexpected power outages can also potentially harm physical assets, causing further disruption and expense.
• Cybersecurity – Cybersecurity events are on the rise, and many of them specifically target small- and medium-sized businesses. Statistics suggest 43 percent of cyberattacks are aimed at small companies, but only 14% of these businesses are prepared for them. They are also costly, costing $200,000 on average.
  
  Types of cyberattacks facing companies today include data theft, ransomware, distributed denial of services (DDoS), and SQL injections. Hacking and phishing (the latter a primary gateway to exploit companies with ransomware attacks) are also persistent problems for businesses. However, with good security measures in place, most small- and medium-sized companies can circumvent or have a better recovery from cybersecurity events. Data backup and recovery processes are critical to surviving an attack.
• Natural Disasters – Natural disasters can come in the form of hurricanes, tornadoes, snowstorms, wildfires, earthquakes, and volcanic eruptions. Many of these disasters are hard to predict and, if not prepared, businesses could experience significant downtime and damage without a continuity plan in place.
• Global Pandemics – This is not a threat many companies considered prior to 2020, but as we’ve all learned since, an event such as the COVID-19 pandemic can severely impact businesses of all kinds. Even those with the best of continuity plans didn’t see this type of disruption coming. Moving forward, this is a threat that should be factored into any business continuity plan to account for keeping employees productive while working outside of the office and having alternative supply chain strategies in place.

WHAT IS A BUSINESS CONTINUITY PLAN?

Many executives may be wondering what exactly IS a business continuity plan. What does it encompass? Essentially, it’s a strategy that outlines a detailed plan to empower an organization to continue operations in the event of a significant incident or disruption of service. It’s a living, breathing blueprint that has contingencies for processes, assets, people, and business partners to ensure all can remain functioning during or after an interruption.

Business continuity plans are a highly coordinated effort. Therefore it’s a good idea to choose a plan administrator or coordinator to ensure all the pieces come together and everyone understands their roles. Common components of a business continuity plan include:

• Data backups and standards for how often they should occur (some data will need more frequent backups than others—for example, sales transactions will need far more backups than employee personal data will since it changes frequently).
• Escape plans to ensure the safety of all employees and anyone else present at the time of an event.
• A crisis communication plan to determine how to communicate with customers, employees, and other stakeholders during an evolving situation.
• How IT disruptions will be handled, including networks, servers, PCs, and mobile devices.
• Disaster backup site locations. Businesses should consider whether they need a hot site or a cold site.
• How supplies and equipment will be obtained in the event of a disruption of the supply chain.
• What roles each team member in the business plays and what their responsibilities are during and after the event; this includes recovery personnel responsible for the restoration of critical services.

The bottom line is that a business continuity plan will ensure key business needs can be met in a timely fashion and operations can continue or be restored quickly. The preventative strategies within the plan often will be the determining factor in whether a business can survive a disruption or not.

HOW TO GET STARTED WITH A BUSINESS CONTINUITY PLAN

Understanding what’s involved in a business continuity plan is one thing but knowing how to execute one is an entirely different story. To help bridge the gap between the two, it’s important to follow several processes to help determine an individual company’s threats, risks, and needs. Once you ascertain this information, your company can begin to formulate a comprehensive plan. The steps include:

• Conducting a risk assessment using a business continuity framework, such as ISO or NIST.
• Performing a business impact analysis to determine how the company would be affected by specific events—in other words, what would happen if particular circumstances, such as a power outage or destructive fire, happen to the business? How would critical business processes be impacted if certain resources were unavailable?
• Writing the business continuity plan and outlining everything learned as well as solutions to help keep the company up and running during and after an event. These are proactive decisions that must be in place before the event takes place to avoid scrambling for a solution if or when the time comes.

Since business continuity plans are living, breathing entities, they should be revisited and tested often. Technology evolves, staff turnover occurs, and other changes take place. A good plan is scalable and adaptable. It should also be tested at least once a year to ensure its components are still accurate and will work as designed.

Many small- and medium-sized companies struggle with creating a business continuity plan because they don’t have the in-house resources to get the job done. As a solution, they turn to an experienced partner who can help them identify, plan, and execute a solution. If your St Joseph company doesn’t have a business continuity plan in place and would like help implementing one, contact ProServ Business Systems today to learn more.