Business Blindspots: Facing the Disaster You Never Saw Coming.
One very large company, RSA, experienced a breach in 2011 that cost the company upward of $66.3 million and caused untold reputation damage. It forced multiple companies to move to other security platforms for user authentication, and they thought it could never happen to them.
In my many years of building business continuity and disaster recovery programs, I have continually heard, “It can never happen to me.” While this remains true until it does, it is at that point when a business’s viability is tested. One might think that the size of a business makes the difference, but in my experience, preparation and planning are scalable, and it does not matter the size of the company; no one is exempt from disaster.
I have seen multiple smaller businesses (most medical) with poor backup procedures lose millions in receivables because they could not restore the invoice records for billings sent out and long past due. They thought they had nothing to fear once the invoices had been submitted to insurance.
You have a choice. You can choose to react in an emergency, being forced to take some action that may or may not be beneficial, as reacting is being out of control; or you can take control and make a plan. Though the plan may not be perfect, it is a course to recovery where you are in control and can reduce impact, costs, time and loss.
As you read on, accept this truth: It can happen to you; it is only a matter of time.
What can I do?
To start, a business must understand that planning for impacts is a never-ending process. One can adopt a Plan-Do-Check-Act (PDCA) lifecycle for their business continuity/disaster recovery planning. Though the size of your business may determine the resources required to address the risks and gaps within your environment, the gaps are addressable regardless of the business size. Let’s start by reviewing the lifecycle of business continuity.
Planning
The ‘Planning’ stage helps determine the goals needed to be achieved. It is the designing of the program and its efforts. From this stage, a policy should be defined, standards may be adopted, and scope may be determined. Since this is a continuous improvement process, it is probably best to not get caught up in ‘getting it right the first time’ but rather to identify the scope and goals, the priorities of the program and efforts to ensure that the other stages produce verifiable outputs.
Do
The program's planning stage will manifest in the' DO' stage. This is a crucial step in conducting a risk assessment, called a business impact analysis (BIA). The assessment identifies gaps through business processes, dependencies, and categorical impacts like financial, regulatory, and reputational. It should be able to prioritize the business functions/services with a criticality tier. Simply put, the assessment result should help identify gaps, understand what is critical vs. non-critical to the business, and define the necessary actions.
Key to this assessment is that each business function/service or application, when focused on disaster recovery items, should have a recovery tier (prioritization) and a recovery time objective(RTO). The tiers help identify what to focus on first, and the RTO is the required goal to recover before the impact is intolerable or severe.
Then, each area should develop a plan for an emergency. These plans should be adaptable based on the scenario, intending to maintain service levels or minimize the impact based on the risk appetite or RTO identified in the BIA. Depending on the type, plans would focus on critical things like staff, where the recovery would occur, what steps are needed to recover, and potential workarounds.
Check
A program's ‘Check’ or test part should validate that the plan designed is functional. It is important to note that the goal is not to have a perfect test but to identify gaps in planning. It is important to ensure that the objective of a test is well-defined and that those participating know its purpose.
There are many ways to test your plans, too, but generally, the first test should be a tabletop exercise in which the team sits around, walks through the scenario, and identifies what they would do based on the plan. Other tests could be functional, hybrid, or production.
Regardless of the test, it is essential to capture the gaps.
Act
The ‘Act’ stage is where you should take what you learned from the test stage and analyze it, identify what gaps can be addressed and what items may not be able to be addressed at this point, and then focus on mitigation.
Planning is scalable, but disasters are not.
Planning is a maturing process that improves and mitigates the risks with each cycle. Anyone can plan, but not everyone can survive a disaster. So perhaps you should initiate discussions within your company about this. If your company does not have plans, then ask why. Perhaps be that voice of change and identify the disasters your company is susceptible to and what actions you can take to prepare for them.
In closing, I always tell my customers they can be in control or at the mercy of the event. Don’t be like one of my past customers, a small dental office who began using a different service provider. The provider never exercised their data recovery plan. When their hard drives crashed, they thought, ‘No problem,’ and let their IT company begin recovering the data from the backups. However, they never tested the new backup system implemented.
With over 120 days of accounts receivable past due and insurance providers and customers who inquired about services rendered, this customer could not provide evidence of what services they performed, what balances remained or anything. The loss was in the millions. Though their business insurance was willing to cover the losses that could be evidenced, they were forced to settle for pennies on the dollar since they could not evidence much at all.
Take action today! In my next article we will begin to cover in more detail the key steps in developing plans.
James Knox is a resiliency expert with an innovative spirit who thrives when building meaningful solutions to various daily problems in the corporate world. He is an avid outdoorsman and loves extreme rock crawling, fishing and hunting. As a survivalist, James has learned from necessity how to prepare for life’s bumps and thrive with practical and sensible solutions, supporting his family's self-sustaining lifestyle.
Tags
- All
- 25 year food
- 25 year shelf life food
- 72 hour kit
- Best food storage types
- Best long-term food storage
- Blizzard preparedness
- Budgeting
- canning
- Certified GMO-free Emergency foods
- Certified GMO-free foods
- Coffee
- Comparison of emergency food methods
- Composting tips
- Dangers of genetically modified foods
- dehydrated food
- Edible Wild Plants
- emergcy preparedness
- Emergency Cooking
- Emergency Food
- Emergency food Christmas gifts
- emergency food storage
- Emergency Food Supply
- Emergency food supply recommendations
- Emergency Planning
- Emergency Preparedness
- Emergency preparedness advice
- emergency preparednesss
- Emergency Supplies
- Emergency supplies checklist
- Emergency Survival
- emergency survival gear
- Emergency survival kit checklist
- Emergency Survival skills
- exercise
- Family emergency preparedness
- Family emergency preparedness plan
- Family Preparedness
- Food Storage
- Food storage 25 year shelf life
- Food storage amounts
- Food storage Christmas
- Food storage containers long term
- Food Storage Secrets
- Food storage serving size
- Food storage types compared
- freeze dried food
- Freeze dried food storage
- freeze dried meats
- Freeze-dried emergency food storage
- Fruit Trees
- Gardening
- Getting Started
- Gluten-free food Storage
- Gourmet emergency food
- Healthy food storage
- How much emergency food to store
- Improved emergency preparedness
- Jared Markin
- Jared Matkin
- Legacy Premium
- Lessons learned from Hurricane Sandy
- Lessons learned from natural disasters
- long-term food storage
- Long-term Food Storage Guidelines
- Long-term Food Storage tips
- Long-term water storage
- Mental Emergency Preparedness
- Mental toughness
- Money-saving tips
- Natural disaster planning
- Natural Disasters
- Perfect Christmas gifts
- Pet Emergency preparedness checklist
- Pet Emergency preparedness kit
- Pet Emergency Survival tips
- Pets and Emergency Preparedness
- Plant Foraging
- portable solar panels
- portable solar power
- portable water filters
- protein drinks
- Risk of genetic modification
- Seed saving and storage
- Seed saving guide
- Self-reliance
- Self-reliant practices
- Shelf Life
- Solar Cooking
- Solar Ovens
- Special Dietary needs
- Stranded in a car in a blizzard
- Survival food
- Survival Gear
- survival kit
- Survival kits
- Survival Ovens
- Survival Skills
- survivalist gear
- suvival kit
- Tree Pruning tips
- Tree Trimming basics
- unique ideas
- water bottle with filter
- water filter
- water filter straw
- water filters
- Water Filtration
- water pitcher with filter
- water pitchers with filters
- Water purification
- Wild Food Foraging
- Winter composting
- Winter driving
- Winter preparedness tips
- Winter storm preparedness tips
- Winter Survival
