The ability to act swiftly, act confidently and swing your sword with great technique and without hesitation rests on your pre-crafted, pre-tested game plan.
Mike Leach, arguably the most notable innovator in college football’s Air Raid Attack, developed a popular mantra for his team in 2003: “Swing Your Sword.”
It was after a loss where his defense looked timid, his team confused and unprepared.
“If you’re frantic, without being clear-minded, you put yourself into a vulnerable position,” he recalls telling his team after the loss in his autobiography, "Swing Your Sword." “Are you going to duck your head and swing it timidly? Or are you going to have great technique and swing it without any hesitation?”
The threat of disaster-like scenarios that cause unexpected downtime, or data breach that can deeply compromise operations, can put your business in an extremely vulnerable position. There are of course disasters like floods, tornadoes or hurricanes, or well-published threats Ransomware that can cause significant downtime. But there are less obvious occurrences that can affect your business any time, any day.
A few scenarios (which I’ve seen firsthand) that you should consider:
- Intermittent, five-minute power outages
- Data breach (social engineering or other cyber-related attack)
- Accidental discharge of the fire suppression sprinklers within an office building
- Construction mishap (street, plumbing, building, etc.) that affects infrastructure services to your office building
- Traffic collision that crashes into a transformer next to your building
A Business Continuity Plan (BCP) is a strategy to get a business up and running as soon as possible in the event of some form of disruption. A Disaster Recovery Plan (DRP), a subset of BCP, is your strategy for restoring vital technology or support systems. The ability to act swiftly, act confidently and swing your sword with great technique and without hesitation rests on your pre-crafted, pre-tested game plan.
Swing Your Sword: Six Strategies for Crafting a Razor Sharp IT Business Continuity Game Plan
1. Recognize that the Threat is Real.
There’s a reason not everybody succeeds in selling insurance and it’s simple: People are willing to roll the dice.
Your DRP or BCP is your insurance policy – and a sound one at that. According to Stax Market 2018 Report, 52% of businesses experienced a disruptive event(s) in the last five years. Additionally, according to FEMA, as many as 60% of small businesses never recover after a disaster and are forced to close, highlighting the need not only for trustworthy infrastructure, but a well crafted plan to keep operations up and running.
Saying “it will never happen to me” is essentially conceding that you’re willing to roll the dice.
2. Get a Technology Assessment.
It’s good to know where you stand currently from a structural standpoint.
A Technology Assessment delivers crucial operational risks that lie under the hood of your network infrastructure. They include endpoint security assessments, workstation and server operating system assessments and patch level assessments. They can also provide password management insight and asset reporting.
3. Quantify the Potential Impact.
This involves meeting with organizational leaders and finding out simply “how long can we operate without access to technology?” How much is it costing you for every hour you are down: When you can’t handle customer inbound calls? When sales people are not out prospecting? If your service technicians can’t have calls dispatched to them?
Meet with different managers to identify what is needed to conduct business, and then rank them according to priority. For example, managers with responsibility for revenue generation and team leaders with customer support responsibilities. Then start asking the questions… how long can we run without access to technology? How much is it costing us per hour?
The numbers compiled with help guide the spending necessary for a plan that is properly aligned with business needs.
4. Keep your Head in the Cloud.
A gold standard in disaster recovery is being able to continue operating at 100 percent. It’s expensive, but it’s doable.
Following best practices for data backup will ensure quick, accurate, and reliable data recovery when it’s needed most. A well-rounded approach may combine both local and cloud-based storage and recovery options. Avoid manual data backup processes whenever possible (common with smaller companies). Resist the urge of plugging in that terabyte hard drive, telling yourself “I’ll back this data up every Friday,” and thinking that taking it home on Fridays will suffice for establishing “geographic redundancy.” You’re likely to forget it, or Murphy’s Law will come into play and, unexpectedly, the hard drive will fail and so will your manual process.
5. Communicate Your Offensive Maneuvers.
Communication planning is a key part of preparedness and executing any Business Continuity Plan.
Failed communication can thwart even the most well devised strategy. This includes notifying necessary parties of the disruption, identifying the location of impact and providing scenario details. Also, as an example, for a customer support staff, it’s supplying the necessary scripts ahead of time to effectively communicate with customers what the situation is and how it’s being handled.
6. Invest … Then TEST.
One of the biggest mistakes businesses make after investing money and time in infrastructure and disaster planning is a failure to test. According to Riverbank’s Annual Backup and Disaster Recovery (BDR) report, 46 percent of small to medium enterprises never tested their BDR Plan.
Ever been a part of a fire drill? An announcement is made that a test of the building fire alarm will occur at a given time. The time comes, the alarm sounds, and all employees exit the building. Now employees know what the alarm sounds like and what to do when they hear it. Disaster recovery infrastructure and business continuity plans require a similar approach to testing. In fact, firms that aren’t testing aren’t doing their due diligence.
For example, if your organization were to lose power to the building for 24 hours and your plan calls for sending people to home offices to work from home, what does that mean exactly? Are the Internet connections employees have at home fast enough for business use? Are the systems used by your business able to support working remotely? How will people communicate? How will conference calls occur? How will inbound customer calls be handled? What will the message be that you provide to customers, if any, about the power outage and the viability of your business to function? Et cetera, et cetera…
If the unexpected occurs, can you swing your sword with confidence and precision? Consider these questions:
- Have you given considerable thought to your own Business Continuity Plan
- Can you ensure employee well-being if the unexpected occurs?
- Will business keep moving to lessen the negative impact?
- Are you prepared to maximize IT uptime with best backup practices?