Last Updated on November 2, 2020
With an unanticipated pandemic currently impacting nearly every organization and individual on the planet, business continuity and business resiliency are suddenly hot topics. While these issues remain far from “sexy,” failure to attend to them can literally cost your business its life.
So should you be concerned about business continuity planning? Or is your firm fine with a “fingers crossed” approach?
To get fresh insight into this critical question, The Virtual CISO Podcast recently featured an interview with Cosmo Gazzani. Cosmo is Director of Business Development at Continuity Centers and wekos, combined companies that focus on business continuity. Host John Verry, Pivot Point Security’s CISO and Managing Partner, also brings considerable experience helping SMBs plan for business continuity.
Cosmo notes that it’s not employee numbers or revenue that determines which SMBs need to plan for business continuity: “Everyone should have some idea of how to recover from anything that could happen.”
The critical concern is how long it would be acceptable for your company to be unable to deliver its product(s) or service(s). At what point would you suffer irreparable or intolerable financial and/or reputational damage?
If, like most companies, your bottom line will quickly suffer from lack of revenue and your customers will quickly look elsewhere for what you’re offering, then you need to plan for business continuity in case of outages that could extend beyond that timeframe.
Business continuity planning can be challenging, partly because each business faces different threats with different potential impacts. You’ll need to consider how to counter the most likely outages.
Questions to consider for most outage types include:
- In the event of an extended outage, where do we work? Can we all work remotely or do some/all of us need to be collocated?
- How do we recover critical IT systems if that outage happens? (And which systems are considered critical in the first place?)
- If our primary data store is unavailable, how do we restore it given the outage conditions? And how long might that take?
You may not need highly formal/detailed plans. But you probably need something rigorous enough to guide recovery and help minimize downtime… not to mention prevent chaos. This could include assessing risks, analyzing business impacts of those risks, developing a step-by-step plan for recovery if a risk manifests, defining metrics for how long recovery processes can take, and taking steps to test your plan to shake out the bugs.
We’ve all heard the truism, “Failing to plan is planning to fail.” We’ve also heard, “Failure is not an option.” That adds up to business continuity planning being an important priority for most organizations.
To listen to the complete episode of The Virtual CISO Podcast featuring Cosmo Gazanni, click here. If you prefer not to use Apple Podcasts, click here.