If 2020 has taught business owners anything, it’s that things can happen out of the blue that put their livelihood in danger. No one expected a global pandemic at the beginning of the year that would transform much of the way the world lives and works. The companies that had taken the time to put business continuity and disaster recovery (BCDR) strategies into place, fared much better than those that didn’t and had an easier time switching to a remote workforce during the Circuit Breaker. BCDR is all about preventing things from happening that could harm your business and being prepared to be resilient if things happen that you can’t stop. Everything from smart backup and recovery solutions to having a ransomware response plan in place contributes to ensuring your business is resilient and can face any unexpected event and stay intact. Without a business continuity and disaster recovery plan in place, small businesses are in far greater danger of being harmed irreparably in the event of a crisis that disrupts operations. Over 70% of companies that do not have a business continuity plan in place fail to recover after a significant interruption to their operations.
Steps for Addressing Proactive & Reactive Business Continuity Planning
When you begin putting together a business continuity and disaster recovery plan, you want to approach it from two fronts:
- Proactive: Putting safeguards in place to mitigate events that can disrupt operations
- Reactive: Putting plans in place that allow fast recovery of operations after a crisis has occurred
Small businesses in Singapore need a business continuity plan just as much as larger companies because they are just as susceptible to work stopping events. They also have less capacity to recover from something like a data breach than a larger organization, which makes BCDR vital to their continued health into the future. Here are steps for putting together a comprehensive BCDR plan.
Identify & Classify Business Disruption Threats
You’ll want to first identify any type of threat to your business operations. These can be as varied as a ransomware infection or prolonged power outage. For each threat you identify, you’ll want to classify them as to their severity level, which allows you to prioritize your response plans accordingly (i.e. addressing the highest severity threats first). Some of the typical threats to operations are:
- Hardware malfunction
- Natural disaster
- Prolonged internet or power outage
- Insider theft/attack
- Data loss incident
Identify Proactive & Reactive Strategies
Based upon the threats you’ve identified, come up with comprehensive strategies to mitigate threats that you can (data loss, cyberattack, etc.) and to quickly recover from threats you can’t stop (natural disasters, pandemic, etc.). Here are several examples of both proactive and reactive strategies for good business continuity and disaster recovery plan. Proactive (keep incidents from happening):
- Using antivirus/anti-malware solutions
- Managing patches and updates for devices
- Using a mobile device manager (like Microsoft Intune)
- Having remote workers use a VPN
- Putting credential security into place (i.e. two-factor authentication)
- Having a backup internet service provider
- Using the rule of least privilege to mitigate insider attacks
Reactive (recover faster after an incident occurs):
- Using a team collaboration platform, like Teams, to facilitate remote communication
- Switching to VoIP telephony from a landline-based phone system
- Ensuring all your data is backed up daily and is easily restored
- Having a relationship with an IT service provider you can count on
- Putting step-by-step disaster recovery manuals in place
- Adding cloud-based customer communication and service channels
- Doing disaster recovery drills with your team regularly
- Incorporating remote working, at least part-time, into your operations
Review Current Systems vs What You Need
Once you have your proactive and reactive strategies in place, look at your current technology infrastructure to document the systems you may already have in place and where gaps may be in what you need. Based upon the severity priority of each item that is still needed, put a business continuity budget and timeline into place that you can follow to work towards completing your BCDR plan.
Document & Train
You need to document your business continuity and disaster recovery plan in detail. This includes step-by-step guides that your employees can follow for both proactive and reactive strategies. Update your employee handbooks and onboarding materials as needed to reflect any new proactive strategies (such as “all employees must use 2FA for logins.”) Make sure you take time to train employees on your BCDR plan, including doing regular drills of disaster recovery scenarios so they can become familiar with the steps to take. This will help ensure they follow the steps smoothly in the event of a real crisis to get your operations back up and running and fast as possible.
Contact Managed IT Asia for Help with a Strong BCDR Plan
Putting together a strong business continuity and disaster recovery plan can be daunting, but you don’t have to go it alone! Managed IT Asia can help your Singapore business put this critical strategy in place. Contact us today to schedule your free consultation. Call +65 6748 8776 or reach us online.
MANAGED IT ASIA, we are an IT Support, IT Solutioning and Managed IT Service Provider specializing in serving Small Businesses across Asia. Call us at +65 6748 8776 and let us manage your Small Business IT today!