The worst rarely happens, but it can – Business Continuity Disaster Recovery Awareness week
May 15, 2019 | Best practices
Dan Johnson Global Director, Compliance & Continuity
In business life as in personal life, pessimism rarely propels us to success. But being realistic can balance natural optimism with proper reflection on worst-case scenarios, and the planning necessary to ensure that whatever challenges the business faces, they are never catastrophic.
Expect the unexpected – This is the realization I have arrived at, in my more than 20 years of focusing on Business Continuity and Disaster Recovery for large companies with complex IT. Whilst common sense and some knowledge of IT vulnerabilities may help with the most likely interruptions to business continuity, you can never second guess when an unpredicted disaster may strike.
Certainty in an uncertain world
We live in uncertain times. Over the past couple of years, the government disaster-assistance agency has had a busy time responding to hurricanes in the Southeast and Texas and wildfires in the West. When Hurricane Katrina struck in 2005, it took four days for the emergency services to get approval for military help. Now FEMA and other agencies have pre-written agreements in place to eliminate needless delays. They’ve also trained their staff to communicate quickly and transparently with all forms of media, including social, to ensure that misinformation doesn’t spread and that citizens get accurate and potentially life-saving updates as quickly as possible.
Cyber-attacks have been on the rise too, with ransomware and malware bringing many businesses, mainly small to medium in size, to a grinding halt. Add workplace violence, active shooters, IT and power outages, environmental discharges, critical equipment failures, and medical emergencies to the list, and it’s clear there’s a lot to think about.
With BCDR, it pays to stress test the dark edges of possibility; experience shows that the worst rarely happens, but it can. When it comes to business, you never know when, where or how disruption may strike. 100% of companies surveyed by a Forrester study admitted they have at least one critical incident and 34% said they had four to six critical events! Not only does this lead to revenue loss and costs, but worse, it could cause employee and customer safety issues.
Disaster Recovery best practices
A best-practice approach to disaster recovery results in benefits across the board. A proper assessment of the vulnerabilities of IT infrastructure and a prioritization map is crucial to developing a robust disaster recovery plan. Attention to the lowest level detail and building a strong disaster recovery team helps to be prepared.
In terms of business continuity, quick, clear and transparent communication is key, without causing unnecessary alarm.
Using the same ethos as airline safety procedure, where passengers are advised to apply their own masks before helping anyone else, it’s critical that employee communication happens first and fast.
Purpose made applications such as Everbridge, that we use at Ensono, which ensures that, no matter what the cause, communication happens quickly, accurately and efficiently in a tested environment that everyone can access on any device. I’m pleased to say that it works.
We recently had a non-planned fire evacuation at our regional head office in Staines in the UK. Within minutes, employees from other locations across the globe were able to step in and ensure maximum service was maintained for all our clients.
Future proofing the enterprise
Our world doesn’t stand still. In fact, it moves more quickly now than it ever has, as technology moves apace. As AI takes hold, along with RPA, chatbots and increased use of robotic intelligence, its more critical than ever that we run BCDR tests regularly, at least twice a year.
The purpose of these tests is not to pass or fail but to help locate any gaps in our preparations so that we can better bridge them.
Testing for DR has to be tailored around a company’s needs, budgets and team’s work hours, to prevent disruption. Disaster recovery plans are not static, but have to be revised and improved through testing and interactions between tests.
My wife asked me last week, what if the plane from our home-town to LA is cancelled and we miss our friend’s wedding – and it’s a good question. It got me thinking about making some alternative plans to ensure that we don’t.
So maybe ‘What if …’ should be a new business mantra.