It’s rare to have advanced warning of an impending disaster. Even when you have a solid amount of lead time, there will always be unexpected components. Incidents can unfold in surprising ways, and you likely haven’t thought of every possible scenario. The best chance you have to respond to a disaster lies in your business continuity plan. During a disaster, your organization can rely on a business continuity plan to gain insight into threat levels, coordinate personnel, and initiate incident resolutions. The following are three common disruptions you should plan for with your business continuity projections.
A natural disaster may not always mean bad news, but in worst case scenarios, it’s completely catastrophic. Recent examples of severe natural disasters include the 2010 earthquake in Haiti, the 2004 tsunami in Sri Lanka, and Hurricanes Harvey and Irma hitting in rapid succession in 2017. At the eye of the storm, there wasn’t much that businesses, hospitals, and public buildings could do to prevent damage. Natural disasters might occur for less than a minute, with consequences that last for months or years.
To help your organization become more resilient in the face of natural disasters, take the following steps in your business continuity projections:
- Identify potential risks - What might interrupt your business? Are you in earthquake country or tornado territory?
- Identify critical business assets - What assets make up your organization? Of course your people are the first priority. After that, do you have data, buildings, processes, and equipment that need protecting?
- Minimize the risks - If certain processes will be disrupted by natural disasters, how can your organization continue on without these processes? Do you have a Plan B? Can certain areas of your building be quickly shut down? Can you put security measures in place now to protect important materials and data in an emergency?
- Prepare your supplies - In the days following an earthquake or large storm, does your organization have a generator for power? Do you have flashlights, batteries, first-aid kits, and other critical supplies for safety and sanitation?
- Drill for safety - Prepare your employees now. If there’s an earthquake, have you practiced dropping to the floor and finding the most secure areas? Does everyone know with whom they should communicate during the first signs of disaster? Do you have a networked crisis communication solution in place?
Threats to your organization’s cybersecurity can be severe. Cyber incidents not only impact your organization, but may impact your partners, clients, customers, or the community at large. Building in best practices for protection include threat detection, prevention, and response. Careful protocols and controls can greatly reduce your risk. While cybersecurity looks different depending on how large and internet-dependent your organization is, there are certain measures you can take to become more secure.
To best prepare your organization against the threat of cyber incidents, answer the following questions in your business continuity projections:
- Cyber hygiene - Like brushing your teeth, does your organization practice good cyber hygiene? Is two-factor authentication common across departments? Are controls in place to report suspicious requests or occurrences? Are all important devices password-protected? Do passwords adhere to strong protocols, and are they changed on a regular basis?
- IT departments - Does your IT department routinely conduct wellness checks on computers and networks? Have they clearly defined their role to the organization at large? Are there protocols for filing reports with them and for reporting larger online crime and fraud to the authorities?
- Data storage - Is your data stored physically onsite? Which parts of your network are plugged into the cloud? If one data center was to go down, how is your information backed up? Were your entire network to go down, which parts would need to be reinstated first in order to continue with business operations?
- Compliance - Do your employees know how to comply with cyber rules and regulations? Is there a way for them to immediately disconnect devices from the network in the face of an emergency? Are there key personnel in place for communicating cyber security best practices? Do you offer continuous training or access to resources that provide the latest information on cybersecurity current events and innovations?
With recent years of the flu season being particularly awful, it’s easy to imagine the onset of a pandemic. Pandemics are frightening due to their potentially devastating impact across wide swathes of a region or country. A good business continuity plan will account for the risk of a pandemic or an epidemic. Personnel and business decisions during these times should not be made at the last minute.
When accounting for a pandemic in your business continuity plan, consider the following:
- Skeleton operations - What operations absolutely must continue for your business to stay solvent? Can all other departments go home until the pandemic clears?
- Supplies - Does your organization have clean food and water supplies? Are pain relievers, hand sanitizers, and tissues in good supply?
- Communication - Do you have clear protocols to help avoid the spread of germs? Are there signs on all floors and in all bathrooms? Do people know to avoid touching mouths, noses, and eyes?
Though you can’t account for every detail of an incident, your business continuity plan can remove a lot of stress. By thinking through emergency responses in advance, you’ll give your people and operations the best chance of recovery.