Disaster-Proof Your Business Against Man-Made and Natural Threats
This article was originally published in the Honolulu Star Advertiser on August 6, 2019.
It’s hurricane season in Hawaii and while we tend to think of natural disasters like hurricanes, floods and tsunamis when we think about incidents that could impact our business, the unfortunate reality is in today’s world, it’s more likely to be a man-made threat. On any given day, human error, a prolonged power outage, a Distributed Denial of Service (DDoS) attack or a ransomware threat are more likely to negatively impact our business than a natural disaster.
I recently shared this fact at a Hawaiian Telcom University event focused on disaster-proofing your business. We face natural disasters and man-made threats so it’s important to invest the time to assess your business risks and put together a Business Continuity and Disaster Recovery (BCDR) plan to mitigate the identified risks before an unfortunate event renders your business inoperable.
As noted in a previous Tech View column written by my colleague Filifotu Vaai, the Business Continuity (BC) part of the BCDR plan relates to your overall business. In this section, I recommend identifying key areas and functions. For example, key areas may be finance, information technology and human resources, and key functions may include communications and logistics systems. It’s also important to include projected costs if these key areas and functions were lost for a prolonged period of time as well as to identify liability costs.
I may be old-school but in my opinion, a critical element of your BCDR plan is a runbook, which is basically an instruction manual for you and your team to follow in case of a system failure, network breach or other major incident. A runbook generally outlines:
• What steps to take to recover systems and data
• Who is responsible for what actions in a real-life disaster
• How change will be managed
• Where backup systems and data will be held
• When reporting to the necessary authorities or relevant stakeholders will be required.
Your runbook should be as comprehensive and easy to read as possible. There’s less value to a runbook that only highly skilled IT personnel can understand and follow. You may want to consider adding charts to help identify what you need to know more quickly. I also recommend ensuring that multiple business stakeholders have access to the runbook, including at least one non-IT leader, and keeping a hard copy offsite.
If you haven’t created a BCDR plan for your business, today is the day to take action. Getting started can be daunting so ask your fellow business professionals what they’ve done. The good news is you don’t need to go at this alone, you can find a trusted technology partner to help guide you through the process.
# # #
Marcus Yano serves as Executive Director – Architecture and Cloud Services at Hawaiian Telcom. Reach him at Marcus.firstname.lastname@example.org