How to make sure your business can survive adversity

10 Dec 2021, by Slade Baylis

With businesses around the world having to adjust to a world with a global pandemic, questions about how to make sure your business can survive through adversity have become commonplace.  In the past, usually only larger organisations would have to consider things like “business continuity”.   Since then however, businesses of all sizes, large or small, have been placing greater emphasis on how to keep themselves operational when faced with unforeseen circumstances that can disrupt their day-to-day operations.

For organisations that are looking to mitigate these risks, they do so by planning out strategies and their responses well ahead of time.  This helps to make sure that they’re always one step ahead of issues that may occur.  By coming up with such detailed plans well in advance, they are able to ensure that their staff and systems are ready with everyone knowing exactly what to do if disaster strikes. 

Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) are the names of the two most common approaches to this form of business risk management.  In the event of a disaster, each of these plans are important, with the focus of a BCP being maintaining an organisation’s ability to function, whereas a DRP is more concerned with the restoration of regular processes, systems and data. 

To fully understand how each of these different plans can help protect your business, we’ll need to dig down further into the details about the purposes of each.

What is a Business Continuity Plan?

A Business Continuity Plan (BCP) is a business plan that’s created for the purpose of keeping an organisation operational after a disaster or event has caused disruption to usual processes.  When a disaster strikes and takes systems offline, in a lot of cases it’s the disruption to your organisation’s ability to function that does the real damage.  For example, if your organisation needs an IT (Information Technology) system to be operational to be able to process sales, it’s the loss of the ability to sell that is the real issue, with the system being down just being the root cause of that problem. 

With that framing, you can see that if an organisation were still able process sales even if the systems were down, it could drastically limit the impact and thus the risk to their business. This is why a BCP is focused on maintaining essential business functions in the event of disruptions.

A well-constructed BCP will require:

• A detailed list of the different functions within a business;
• Identification of how critical each business function is to the operation of the business as a whole;
• Identification of the different risks that can affect those functions (hardware failure, natural disasters, cyber-crime, terrorism, etc); and
• The creation of plans for how these functions will continue to operate during a disruptive event.

A well designed and detailed BCP is something that we recommend every organisation should have, even if they are only a small business with just a few staff.  Knowing what your plan is should the worst occur will mean that you’re prepared, and that you won’t get caught off-guard.  It truly can be the difference between going bust or weathering the storm.

In short, a company’s Business Continuity Plan (BCP) should be concerned with just that – the continuity of one’s business when faced with adversity.  This plan should consider all aspects of their operations – not just the processes from an IT perspective.   This can include plans concerning staff responses to issues, policies around who should be contacted and when, contingencies for work locations, communication methods, or even something out-of-left-field like how many staff can take the same airplane together! 

One thing to keep in mind, is that any sort of work-around by its very nature isn’t going to be as efficient as the systems it is designed to replace. This is why a solid BCP will also include references to policies and procedures for restoring regular system function, which is where Disaster Recover Plans (DRPs) come in.

What is a Disaster Recovery Plan?

Unlike a BCP with its focus on the business operations as a whole, the focus of a Disaster Recovery Plan (DRP) is for the restoration of business systems back to 100% functionality and the prevention of data loss and/or the recovery of data.  If part of a BCP would be to require a diesel generator as a backup for power delivery if the mains power goes down, then a DRP would be concerned with making sure that the mains power delivery is restored back so that operations can return to business-as-usual.

DRPs are often considered to be more focused than a business’s overall continuity plan, sometimes exclusively focused on just a business’s IT systems and data.  Because of this narrow focus, they are usually handled by an organisation’s IT department or IT provider.  The range of issues that could be encompassed by a DRP can range from the loss of a single IT system, all the way up to the entire primary location being inaccessible and thus needing to fall-back to using backup IT systems at a secondary location.  Due to the increasing reliance of businesses on IT solutions in order to operate, it is important to make sure you have an effective and well-thought-out DRP in place.

A well-constructed DRP requires that:

• Regular scheduled backups be taken of all necessary data – when needing to restore data from backups, more recently taken backups help reduce the risk of data loss;
• Backup data be stored in secondary (or even tertiary) facilities – storing backups of business data in multiple locations helps reduce the likelihood of data loss;
• Duplicates of essential business systems can be brought online in case of issues – being able to launch business systems on separate hardware (or sometimes in secondary locations) allows you restore functionality if issues occur on that hardware (or in that location);
• Detailed instructions exist delegating responsibility and processes – knowing who needs to do what is a key part of effectively and quickly restoring business systems; and
• You create a detailed testing methodology– knowing how to sufficiently test business systems after they have been brought online is crucial to knowing if they are functioning correctly.

Disasters, as we know, can be varied and take many forms.  The loss of access or functionality of systems is just one threat that organisations can face.  However, another threat that is increasing now more than ever, is that of cyber-crime, even targetting businesses that are small to medium sized.  As mentioned in our Cyber-attacks on Australian businesses up 89% article earlier this year, it’s been reported that ransomware is one of the greatest threats facing organisations large and small, with the amount of attacks and amounts being demanded upon growing year on year.  Hence, a DRP isn’t just solely concerned with the operation of business systems, but also places high emphasis on the security and integrity of the data stored within them. 

This growing risk of cyber-threats and cyber-crime is one reason why many small businesses are now considering implementing their own DRPs.  It’s no longer just large corporates that are the target of this sort of malicious activity.  Having sensitive client information stolen and then ransomed back to you, or worse yet, sold to nefarious third-parties, is now unfortunately a risk that all businesses face. This is why it’s equally important with all DRPs to consider the protection of not only your own business data, but that of your client's as well.

By creating an effective and sufficiently detailed DRP, businesses can protect themselves from catastrophic situations that would otherwise cripple their operations.  It’s true to say that any business that fails to build such a plan will likely find themselves with a severe case of regret.

Planning for the future – Where should you start?

Knowing that you need to prepare for these sorts of issues with proper planning is one thing, but knowing how to actually do that is another entirely.  Depending on the scale of your business, the BCP that you end up with may look drastically different than another.  For example, a BCP for an organisation with a few staff that all work remotely is unlikely to look the same as one for an organisation with up to a hundred staff whom all work on-site together at a single facility.  However, that being said, when it comes to DRPs, there are still quite a lot of similarities and overlaps regardless of the size of your business.

A few key choices that you need to make when signing up for your services can actually start you off a few steps ahead.  In fact, making the right choices at the start can help you meet most of the key DRP requirements that all businesses should have, all without any extra work at all! 

These choices are twofold: 

1. Which platform should you host your systems on?
2. What type of backup software should you use?

Making the correct decision with regards to these two questions can greatly help reduce the likelihood of downtime and data loss. 

For example, by choosing to host your systems on a VMware Cloud Server (VCS) rather than a Virtual Private Server (VPS), any services that you host will be protected by a technology called Hyper-Convergence - a standard feature of the platform.  This technology allows you to have a truly High Availability service.  High Availability (HA) services protect systems from downtime by making sure that duplicate systems can be switched to if there is a problem, in order to make sure that the services are always available.  This level of protection is usually something that’s reserved for large corporates, however, with Micron21, it comes with all our VCS services, thus ensuring that all our clients, big or small, can benefit from such protection..... and without breaking the bank! 

For those interested, we’ve gone into more detail about this in our Protect your mission critical systems with Hyper-Convergence article. 

Regarding the second question about backup software, simply by choosing backup services that use our Veeam and Acronis backup platforms, clients are able to rest assured that their data is protected.  Not only that, but when used in parallel with one another, they can help organisations meet the strictest Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).  RTOs are goals organisations set for how long they aim to have it take for a backup to be restored from.  Similarly, RPOs set organisational policies for when and how many backups should be taken of each system, as well as how long they should be kept.  With Veeam able to achieve RTOs of one hour and both Veeam and Acronis able to keep long-term backups whilst minimising storage requirements through incremental backup techniques, both are powerful tools in any businesses’ arsenal.

That being said, even taking your own backups and storing them separately from the server is a great way to protect your own data (and the data of your clients).  You don’t need to invest in expensive backup solutions to have some form of protection.  Something as simple as an external hard-drive can save you days of pain (or even your entire business) in a crisis.  It’s also really important to identify where your data is stored.  For local files on staff computers, you’ll want to make sure that anything critical to your organisation is either stored on network drives that are backed up, or alternatively synchronised into the cloud.

However, it’s not just DRPs that we can help with - we can also help our clients with their BCPs as well.  For example, we can offer remote working facilities for our clients in the event of a disaster.  This allows our clients to have a secondary facility that they could use as a fail-over location, should their primary facility be inaccessible for whatever reason.  In fact, we have a number of customers that utilise these services as part of their BCP, who even come on site occasionally in test runs of those continuity plans.

With a combination of HA services and multiple levels of backup, any organisation is able to bolster their protection against hardware failures and data loss – which helps them meet the main criteria of an effective disaster recovery plan.  That protection, in combination with having well-designed BCPs and DRPs in place, can reduce the severity of issues should they occur.  Not only that, but it can also help reduce the likelihood that they will occur in the first place!  Due to that, we can’t recommend them highly enough to each of our clients looking to manage the risks to their business.

Want to bolster your business continuity and disaster recovery plans?

In this day and age, we strongly recommend that you have business risk management plans in place.  If you are interested in implementing your own BCPs or DRPs, please let us know!  We have different technologies and services available that can help bolster them.  Through High Availability services and multiple types of backup protection available to you, we can help reduce the risks to your business if such a crisis was to happen. 

You can email us at sales@micron21.com or call us on 1300 769 972 (Option #1) to find out more.