Several weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses. Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.
- Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
- 39% feel that it could take a month or so, but they could eventually reopen
- 17% felt they would be out of business or would required state and local aid to survive
While not a scientific sampling, the results are alarming. Alarming for a few reasons:
- Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan. Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
- More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening. While many businesses might re-open in a month, the future will be challenging.
Your Risks are Yours
A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods. Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.
- A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
- A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
- A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.
In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months. Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses. Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.
Business Continuity is a not just a good idea, it is a responsibility.
As business owners, our employees, vendors, and customers count on us. While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime. Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.
Here is some food for thought:
- Know Your RTO: Understand how quickly your business needs to Return to Operational. Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
- Assess Your Risk: Understand the different disaster scenarios and how they may impact your business. Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
- Watch Your Flank: Asses how different types of threats could impact your business. We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
- Factor in Humanity: We used to talk about balancing security with ease of use. Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”. Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.
Your next step.
Contact us. It is time for a serious conversation about protecting the value of your business. A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget. Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget. For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.