A year into the COVID-19 global health crisis, people and businesses are weary. We’re tired of being isolated from friends, family, and coworkers; we’re tired of the constant barrage of negative news; and we’re tired of not knowing when or if things will ever be “normal” again. Pandemic burnout is setting in, and it is taking a toll on business security and data protection efforts. The fatigue many employees are experiencing can have a major impact on how well your organization responds to a crisis, like the severe winter weather event in Texas, or a major ransomware attack, like the one that recently hit human resources and payroll giant PrismHR.
So what can we do to minimize pandemic fatigue and ensure that our organizations are ready to address any new crisis that gets thrown our way? We can practice resilience.
Business Continuity + Disaster Recovery = Business Resilience
When we talk about business resilience, what we mean is how well a company weathers a disaster by proactively preparing a business continuity (BC) and disaster recovery (DR) plan.
It has become abundantly clear over the past year that disasters come in many shapes and sizes, from a brutal winter storm that knocked out power to millions of homes and businesses to a massive cyberattack on the U.S. government to a widespread grid failure and blackout in Mumbai believed to have been caused by human error.
But what all crises have in common is that organizations that make business resilience a priority always fare better when faced with adversity than those that don’t prioritize resilience.
Why Business Resilience Matters More Than Ever in the Wake of COVID-19
Business resilience has been top of mind for most C-levels since the pandemic kicked into high gear, but chief security officers (CSOs) and chief information security officers (CISOs) have had an extra-challenging year thanks to COVID-19.
Between the onslaught of pandemic-themed phishing attacks, millions of newly remote workers broadening company attack surfaces overnight, and ransomware gangs zeroing in on critical infrastructure sectors like healthcare and manufacturing, a rock-solid business continuity and disaster recovery strategy has never been so important.
Biggest Challenges To Successfully Implementing a BC/DR Strategy
Just because having a business continuity and disaster recovery plan is important, that doesn’t mean that implementing one is easy. There are several common roadblocks that often hamper the success of even the best laid BC/DR plans.
Not Developing an Actionable Plan
Vague, generic, or boilerplate BC/DR plans are useless in the real world. You need a strategy that is specific, actionable, and practical.
Not Sticking To the BC/DR Plan
The plan won’t work if you don’t work the plan. Keep it concise, easy to follow, and well documented so there is no reason to go off script in a crisis.
Adhering To Out-of-Date Policies and Processes
Businesses are in a constant state of change, and too often, BC/DR plan documents aren’t updated with new policies and processes. Make regularly scheduled plan reviews and updates a business imperative.
Failing To Test That the Plan Works
There’s a saying: “If you don’t test your business recovery plan, you don’t have a business recovery plan.” Testing the plan regularly will ensure that it will work when it needs to, preventing data loss and downtime.
How To Ensure Resilience in Uncertain Times
Business resilience isn’t a one-size-fits-all initiative—for example, different industries have different compliance requirements, more complex IT environments require intensive oversight to ensure all the moving parts are accounted for, and so on.
But whether you’re a two-person startup or a massive, multi-billion-dollar corporation, there are a few universal best practices that will beef up your business continuity and disaster recovery capabilities while we navigate what comes next for businesses. Here are six key steps to building resilience:
1. Know what you are protecting.
- Prioritize business continuity and recovery efforts.
- Inventory business-critical systems, applications, and dependencies so recovery starts in the right place.
2. Be pragmatic and action-focused.
- Understand your organization’s needs.
- Design a BC/DR plan that addresses exactly those needs.
3. Bake in resilience.
- Build BC/DR policies and processes into all new initiatives.
- Proactively plan for the worst-case scenario.
4. Practice makes perfect.
- Don’t wait for a crisis to find out your plan doesn’t work or your backup is out of date.
- Test, revise, then test again.
5. Admit your weaknesses.
- Assess your vulnerabilities.
- Have a plan in place to address them or protect them.
6. Keep it simple (you never know who will be around to kick off the recovery effort).
- Design your BC/DR plan in a way that anyone, not just IT, can implement it.
- Use plain language, not tech-speak.
Building business resilience is crucial in these uncertain times. A comprehensive business continuity strategy is a key component of your resilience plan. Download How to Build a Disaster Recovery Plan to learn how to protect your organization’s data, applications, and systems during any unplanned disruption.