In 2014 the business world was met with security breach after security breach. It left the affected companies in not only a crippling financial situation but also with tarnished reputations. Which, one could argue, is worth more than the bottom line. However, there’s a lot to be learned from 2014: consumers and businesses are no longer satisfied with the status quo concerning security best practices. So, in 2015, take the opportunity to learn from last year’s mistakes and build a business continuity plan.
1) Identify internal key personnel.
Never assume colleagues, in both upper and lower management, know whom to contact in case of an emergency. Create a committee of members from various aspects of the business, to ensure no process or level of infrastructure is overlooked. Collect updated contact information, both professional and personal, on a regular basis. Communicate and distribute the list of key personnel internally and to confidential external contacts, if applicable. Because when disaster strikes, and it will, it’ll be too late to outline or identify key personnel.
2) Create various disaster recovery plans.
While “design an evacuation plan for San Francisco” might be an odd interview question, Google had the right intentions. When it comes to developing a business continuity plan, there is no one-size-fits-all for every situation. A natural disaster recovery plan could and should have different points of contacts and business operations than a security or data breach. Document the necessary procedures and create action items for your list of key personnel – just so it’s clearly defined what the roles and responsibilities are.
3) Take inventory of critical resources.
It’s important to take inventory of vital business resources and documents. Are confidential documents or business critical data stored securely? Are backups available? How are they stored and what are the security measures? Do key personnel members have access to offsite company technology? Take the time to ask day-to-day tactical questions as well as higher-level business operation questions.
4) Outline and distribute external contacts and resources.
In the event your physical location has been compromised, an offsite or telecommuting plan needs to be in place. Every day your company is offline means a loss in productivity and profits. Identify a secondary, offsite location for key personnel members to discuss and evaluate the situation, and communicate a temporary business operation plan to employees.
5) Test, revise, repeat.
Don’t assume a one-time run through of an evacuation or disaster recovery plan is suitable for members of your key personnel to feel comfortable executing their tasks. Schedule various planned and unplanned drill scenarios, to gauge how personnel respond under pressure. If certain procedures or members aren’t adequately performing, make any or all adjustments as needed.
Take a proactive step in 2015 and build a business continuity plan. No business is impervious to attack. Protect your data, profits and reputation by having clear, updated and rehearsed disaster recovery plans. Don’t be afraid to test and revise as needed. It’s better to have a solid, working business continuity plan than lose precious productivity days in the event of a disaster.
How often does your company schedule planned or unplanned drills?