Most people are scared of catastrophe, but human nature leads most people to avoid thinking about it deeply enough to plan the right solutions. I’m not that person. I think of disasters all day every day. (Insert joke about my psychological make-up here) Having a plan is often the reason a business does or does not survive when a crisis occurs, but most people don’t know where to start. That’s the role I want to play for you. Let me think about all the negative outcomes and help you sleep better at night.
The information revolution has given rise to incredible technologies and has made humans more connected than ever before. It has also spawned a new host of issues, including cyber threats that businesses need to plan for.
The data illustrates that this issue is getting worse, not better:
- Security breaches have increased by 11% since 2018 and 67% since 2014. (Ponemon Institute)
- Hackers attack every 39 seconds, on average 2,244 times a day. (University of Maryland)
- The average cost of a malware attack on a company is $2.6 million. (Accenture)
- The most expensive component of a cyber-attack is information loss at $5.9 million. (Accenture)
- Ransomware attacks cause an average of 16.2 days of downtime. (Q4 2019 Coveware study)
Every business, regardless of size, should have a formalized and tested Disaster Recovery and Business Continuity plan and the testing of these plans should result in action items.
A quick Google search provides us with a good definition for Disaster Recovery and Business Continuity planning. “Disaster Recovery involves a set of policies, tools, and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.” “Business Continuity (BC) planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during the execution of disaster recovery.” Translated into normal human terms, A BCDR plan is critical in protecting human life, protecting the company data, and creating a way to keep the company running in the event of a critical situation.
Please consider the following:
- How would my company handle a Disaster situation? Think…complete power outage.
- How long could the business sustain downtime before it negatively impacts the business?
- Has your business ever engaged in a Business Impact Analysis (BIA)?
Depending on the industry businesses may be required to have a formalized BCDR plan. However, even though you may not be obligated to have a BCDR plan, data shows that bad actors are increasingly going after small businesses. They do this because they know that small businesses lack protections and do not have a BCDR plan in place that they can go to when data breaches or other disasters occur.
It is no longer really an option for small businesses not to invest in a BCDR plan because it is increasingly likely that a business will encounter a need for that plan. The benefit to a strong BCDR strategy is it greatly reduces the chance of having to pay a ransom, it minimizes any downtime experienced due to natural or human errors and helps bolster your organization’s cyber security position. This in turn gives you the peace of mind to confidently face threats when they arise instead of having to figure it all out in the middle of a crisis. and in some cases exceed expectations for your vendors and customers.
You don’t need to wallow in every disaster scenario to create a strong action plan. We’re here to help. Contact us today.