Emma Stewart: Disaster recovery needs planning and testing

Along with cyber-attacks, firms need to plan for other threats such as fires or natural disasters. Picture: Andrew Parsons/PA

These past few years have been a cyber embarrassment for our top companies, and when big organisations are affected by cyber-attacks or “glitches” or whatever you want to call them), it puts online safety in the forefront of everyone’s mind. Regardless of the size of your business, the onus is on you to ensure your customers are protected from data theft or fraud.

Indeed, the Business Continuity Institute’s Horizon Scan 2017 report revealed that cyber-attack was the number one concern for business continuity professionals for the third year running.

Of course, as a business owner, it’s not just malicious attacks and incompetence you need to worry about. There are many other risks to business data and continuity. One of our clients was recently affected by a large scale fire at their physical location. Thankfully they had only recently deployed a new cloud-based enterprise resource planning (ERP) system which meant that crucially their business infrastructure was barely affected, as staff could log in to their account from any location with internet access and a device. From a disaster recovery perspective, they were covered, since all their IT “stuff” was hosted in the cloud.

Here are some top tips to ensure your business continuity plans have integrity. There is no one “perfect” plan for disaster recovery. Every business is unique so ensure your plan reflects the uniqueness of the business. Consider making more than one plan. After all, there is more than one kind of threat. From natural disasters to manmade threats and cyber-attacks, each carries its own risk which might need to be considered individually.

Make sure you deal with all three measures – detective, preventative and corrective. Your plan should aim to swiftly identify risks and have some mitigating steps which ought to prevent disaster – for example, keep your data off site or in the cloud; hold regular training sessions for staff; use up to date fire safety equipment (how long has it been since you recharged your fire extinguishers?)

Identify who will be responsible in the event of a disaster. Create a team of experts who are well briefed and can be quickly mobilised in the event of any kind of large scale disruption. If possible, get them to contribute to the plan. Sense check all your insurance policies. Some insurers will cover things such as business downtime but will look favourably on businesses who have mitigated the risk of downtime.

For example, using a cloud-based business software which minimises downtime in the event of a disaster might be a factor in reducing the cost of insurance premiums. Think about what data you need to protect. What is most important to you? You might want to save your customer or prospect list, it might be inventory or suppliers, or maybe important documents such as insurance policies. Figure this out and include in your back up plans.

If you haven’t already, think about getting an accreditation from the British Standards Institution who have an independent standard for business continuity planning. It covers all sectors and industry and will provide a best practice framework for you to follow.

Test your plan. It’s no use having it on paper if you haven’t tested the practicalities of it. This will also help secure buy‑in from staff. Believe it or not, the disaster could end up being poor organisational acceptance.

Learn from other incidents. Smaller incidents like a practice fire alarm, bad weather or sickness will help you to identify weaknesses in your business. Keep revising your plan. Your business will change over time and so your plan has to change, too. A disaster recovery or business continuity plan which is no longer fit for purpose is pretty useless.

• Emma Stewart is sales and marketing director at software company Cofficient

Click here to ‘Like’ The Scotsman Business on Facebook