What Is Business Continuity?
You may have heard the phrase “Business Continuity” at some point in the last couple of years, but what exactly is it?
Business Continuity is the ability to continue critical business functions and operations after the occurrence of a disaster. Business Continuity and Disaster Recovery is often referred to as BCDR and is considered an insurance policy to protect your organization and its data for when catastrophe strikes. The Disaster Recovery portion steps in to restore a system and/or dataset, so that computing may resume to normal, and hopefully with no data loss and minimal downtime if any.
It is worth noting that a disaster can be defined as many things. For example, a disaster could stem from a phishing email, where the user inadvertently clicks a link or file that they should not have. If this happens, it is very likely that malicious code has infiltrated the workstation and possibly even the network. This is typically how ransomware and malware disaster events occur, resulting in the device to become hijacked and data to be compromised.
A disaster can also be defined as something completely out of our control, such as a fire, flood, hurricane or major storm, burglary/vandalism, power outage, and more. In these cases, it is probable that the infrastructure may receive damage, which could result in delays and potential data loss.
To prepare for these unexpected disasters and develop a backup and BCDR plan, it is important to evaluate the solutions that are available to you. The Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are both factors that should be used to decide what solutions are right for you. The RPO refers to the time between your system crash and the last successful backup that is able to be restored. In turn, an RTO is the time it takes until a system is completely up and running.
What does that mean? How many hours can you afford to be down? The technology available in 2020 is superb and allows for Managed Service Providers (MSP) to restore servers and systems within minutes or hours, rather than days and/or weeks, both locally or in the cloud. However, there are different BCDR tiers, which will require an organization to analyze their needs and determine which Business Continuity solution is right for them. A scalable plan can include hardware and software, and will likely have local and cloud retention capabilities too. Overall, it is absolutely vital for an organization to minimize downtime and protect against the constant threats that are seemingly increasing.
The good news? Edmunds GovTech has conducted extensive research on Business Continuity and Disaster Recovery because we are dedicated to protecting our internal infrastructure as well as providing the services our customers need to be protected. It is our responsibility to consistently educate ourselves and our clients.
Additionally, it is just as important to be proactive in order to diminish the risk of disasters. Ultimately, cybersecurity is a combination of human efforts and tech products and services to prevent and combat the threats of a disaster. At Edmunds GovTech, we have numerous cybersecurity components and tools we utilize for our own protection that we also extend to our local government customers.
Here are some steps to consider when drafting and adopting a BCDR plan:
1) Inventory assessment of equipment and locations.
- All organizations and local governments need to know what they have and where it is.
2) Perform a risk analysis to consider multiple disaster possibilities and their potential consequences.
- Brainstorm “what if” scenarios and determine who is responsible for each task, whether there is a power outage or other disaster.
3) Determine priorities for your overall operation. Each Department should have critical needs that need to be prioritized.
4) Store your information/data. This typically includes important phone numbers, master call list, vendor list, notification checklists, equipment inventories, and more.
- This information should be stored in the cloud and available for key personnel.
5) Document a plan.
- This plan will vary for every organization, but there should be a to-do list that outlines what needs to be executed and amended as tech changes are implemented.
6) Test, revise, and retest.
- Correct issues and problems on full interruption tests. Schedule and execute simulation tests bi-annually for critical servers and systems. Continue practice drills and cross-training of key personnel.
In the end, BCDR is more than just a “backup”, it’s a no brainer. As cyber threats continue to become more sophisticated and potentially devastating, it is imperative to have the proper protections in place. A BCDR plan and efforts will see through disaster scenarios and help recover quickly.