What Is Business Continuity In The New World?

Damian Ehrlicher is a Board Member of several emerging technology funds and companies and the CEO of Protected IT.

Many companies have all but given up on full disaster recovery plans. Even so much as identifying the most critical aspects and vulnerabilities of a business and building resiliency around them has gone to the wayside.

Understanding what is critical to your business's revenue and mitigating the risks as much as possible is the new normal. Whether it is an outside hacker, a disgruntled employee, a pandemic or a natural disaster, potential risks can come at your business from all sides.

First and foremost, your greatest asset and your most important responsibility are your employees. Without them, your organization is dead in the water, so maintaining a safe and healthy work environment is paramount to any quality business continuity plan. 

Next is understanding what intellectual property is most important to your revenue stream. It could be what makes your business unique, or it could be your infrastructure. If you are a retail storefront, for instance, what are the key pieces to your business that you need to generate revenue? A store needs a physical location, someone to work the register, supply chain for your product, a POS (point of sale) to collect revenue and security to prevent theft.

While these are all pertinent to revenue, each has a potential workaround for business continuity. A store can be virtual, a supply chain can be adjusted based on time, a backup POS can be used, you can be insured to lessen the risk of theft or you can invest in business impact insurance to mitigate multiple risks. This is a very rudimentary example compared to most businesses in the economy today. Most businesses are more reliant on technology than the traditional corner store, but the building of resiliency around technology is the same.

Achieving Business Continuity In The 'New Norm'

It starts with security. Whether you are a nonprofit, a small business, a Fortune 100 company or anything in between, you need to implement some level of security. Cybercrime is a multibillion-dollar industry that is extremely well organized. Hacking frameworks are sold to people with a revenue-sharing model built-in. This is clearly the new age of organized crime.

Many companies have compliance guidelines that help design the frameworks of the business such as SOC, HIPPA, PCI, NERC/FERC, etc. However, these compliance certifications do not protect you fully. A mature business should have a cybersecurity program that includes some or all of these solutions:

• Endpoint security

• Application security

• Blockchain security

• Cloud security

• Data protection

• Email security

• Fraud and identity management

• IoT security 

• Enterprise perimeter security

• Health care data security

• Supervisory control and data acquisition (SCADA)

• Smart home security

• Network security operations center

• Threat intelligence 

• Vulnerability and risk management 

• Web security (ad fraud, web application firewall)

Not to mention, some organizations are coming up with novel approaches to maintaining security at the binary level. But even with all of these tools, you are still not 100% protected. While your first line of defense just mitigates your risk, it is key to your business continuity plan.

Next is understanding what applications are critical to your business and what business processes are reliant on those technologies. 

Often there are application stacks or containers that are interdependent on business continuity. For a car dealership, having a car in stock or a line of sight to a car the consumer wants are the first steps, but understanding the processes to finance or take payment is also part of the path to revenue. You need to do more than ensure your supply chain has the product; if your financing application is not running, you cannot complete the sale. That same financing application may consist of four applications, so you need to ensure the business continuity of all four.

Traditional business continuity was designed to build a secondary disaster recovery site that mirrored your production site in case of an infrastructure failure, but with an organization in constant development mode, this traditional methodology had to be augmented to adjust for the speed of business, not to mention the cost to run fully redundant IT systems. Even with virtualization and the advent of the hyperscale cloud provider, you could not fully mitigate this risk. 

Knowing the areas you need to build resiliency around is key. Many companies perform a business impact analysis to understand where they need to invest more within their IT infrastructure.

Understanding the risks to your business and what your weak points are for revenue-impacting events is the first step to building a business continuity plan. Never underestimate the people on your team. When properly motivated, they can help you accomplish most anything during difficult business quandaries. For example, we had one customer enact an 18-month digital strategy plan in 48 hours' time when their business was put at risk due to Covid-19. It meant all-hands-on-deck and no sleep, but they got it done. 

Business continuity is a constantly evolving world, and you need to challenge the business on a regular basis for creative ways to maintain the revenue stream. Understanding and acting on the above, in addition to having insurance, should cover you close to 98% in challenging times.