Business leaders are gearing-up for next-generation, AI-driven cyber attacks. U.S. businesses will need to consider a GDPR-type policy to protect customer data even before any regulations are enacted. The tech skills gap has lead many small businesses to seek outside help which can lead to reliability and security concerns. These are just a few of the IT and technology concerns that keep business owners up at night.
A minor IT issue can quickly snowball into a major catastrophe without a carefully constructed crisis management plan, but what details should a business include?
Statistically, it’s practically impossible to avoid dealing with a disaster. In fact, if your business has longevity, it’s not a matter of if, but when. That’s why it’s vital to have a solid, reliable disaster recovery plan in place. Here is some guidance to help.
1. Identify the most likely threats
Potential disasters generally boil down to one of three main types:
- Technological disasters
- Natural disasters
- Man-made disasters (e.g. cybercrime)
In theory, each of these categories has seemingly limitless crisis possibilities. In practice, some threats are likelier than others. For example, in the UK flooding is much more probable than an earthquake.
2. Monitor and prevent
Your Plan A should always be to monitor and prevent threats, if at all possible. If not, then you need to take swift action.
There may not be much you can do about natural disasters. That said, it’s smart to avoid doing business in known environmental hazard areas. There is, however, a lot you can do to avoid technological and man-made disasters.
The hard truth of the matter is that IT disasters are commonplace for businesses who fail to take basic, common-sense security precautions (e.g., regular software updates, data encryption, and automated backups). Likewise, man-made disasters are a product of human error and lack of security.
3. Keep track of key assets
Your assets can be divided into three main groups: people, data and physical items. Essentially, use the same approach to protect each group. First, decipher who or what they are. Second, know where they are located.
The need to know precise locations of each asset depends on the situation. For example, in the case of a person, it may be enough to know whether or not they are in a building. In the case of data, you need to know the exact server on which it resides.
Remember, you have a duty of care towards anyone who is legitimately in your place of business. You may even have a duty of care towards someone who has not entered it legitimately. Avoid placing them in harm’s way.
4. Quickly re-establish communications
Mobile phones have made this a whole lot easier than it used to be. Keep in mind, however, they are not totally reliable, especially in periods of heavy network demand. Depending on your situation, it may be appropriate for staff to have personal radios (i.e., walkie talkies).
5. Include a safe meetup location
These days, the term “meet up” may be used literally or figuratively. If you have on-premises staff, then you will need a literal meeting point to check everyone has exited the building safely. If staff are, however, working remotely, then you will need some kind of digital check-in method, to confirm that everyone is well.
Luke Watts is the Managing Director at RoundWorks IT who are specialists in Managed IT Support and business IT Solutions, serving businesses across the East Midlands and beyond.
© YFS Magazine. All Rights Reserved. Copying prohibited. All material is protected by U.S. and international copyright laws. Unauthorized reproduction or distribution of this material is prohibited. Sharing of this material under Attribution-NonCommercial-NoDerivatives 4.0 International terms, listed here, is permitted.
