04 April 2023

Kate Fulkert, global business continuity and disaster recovery manager, Vertiv

Anything can happen at any time. Organisations need to be ready to pivot operations quickly and efficiently when needed. Business continuity has never been more important, and a company’s DC strategy is paramount in keeping operations running and businesses open. So, what do we see as the most pressing risks to businesses today - more than two years after we first started grappling with the pandemic?

Dealing with civil unrest

One year ago, the fallout of COVID-19 continuing to rock businesses of all sizes. But today we are spending more time on civil unrest and extreme weather conditions than any other threat.

In addition to the devastating destruction and for those in the country and in nearby regions, the war in Ukraine has dramatic implications globally. Further strain has been put on supply chains, severely restricting commerce.

The war is taxing systems and creating an environment that attracts bad actors. It’s an ongoing and increasingly volatile situation, and will be for the foreseeable future. Organisations should develop business continuity and disaster recovery plans for employee communication, transportation, supply chain and workflow, whilst increasing cybersecurity training.

Protecting organisations

The shift to hybrid models continues to cause challenges, not least a significant increase to the threat of cyber attacks. A distributed workforce means more endpoints, each representing a risk. Businesses must increase attention on network security and ramp up employee training on IT and operational security.
Organisations must also consider how they will track and communicate with employees in an emergency. They should invest in platforms that can enable critical communications, even when traditional channels are down, and update crisis management training so employees know how to react independently.

A twelve-point plan for success

1. Risk assessment and the Business Impact Analysis (BIA): Perform the BIA to determine critical business functions and a risk assessment to identify potential mitigations or controls that should be implemented.
2. Weatherproof the data centre: Create a severe weather checklist and train employees how to prepare for extreme weather conditions.
3. Network redundancy: Build network redundancy into your data centre; ensure you have redundant core and edge infrastructures along with multiple fibre vendors to reroute traffic in the event of an interruption in the network path. Conduct a network system check two times each year.
4. Backup data:  Automatic backups on-site may need to be initiated manually, and the mechanics should be hardened against cyber threats.
5. Preparation for communication breakdowns:  Develop lists with all means of communication for all employees and reach out early with instructions in the event of communication interruptions.
6. Emergency staffing: The preference for many companies today is to shift work virtually, but staff on site may still be required, and needed immediately; have an emergency staffing plan in place.
7. Contact vendors:  As supply chains continue to lag, businesses should consider adding vendors and suppliers to their mass notification systems to ensure critical communications are maintained.
8. Move away from a single vendor approach: Critical business functions should have more than one vendor in place in the event that vendor has a supply chain issue.
9. Build team redundancy and train on emergency response:  Along with team redundancy, train team members for various types of crisis events at work, home or out in the field. Conduct training so they can react to a crisis independently. Employees should take advantage of weather and emergency phone apps too.
10. Inform and work with first responders: Taking photographs of the data centre prior to a disaster event is good practice; before and after pictures make it easier to work with insurance providers.
11. Consider the opportunists:  Training employees on cybersecurity best practices is more critical than ever.
12. Test your plans: Testing is the best means to get recovery plans communicated.

Whilst the threats to businesses are changing, the need to prepare adequately with robust business continuity strategies is not. Processes, policies and plans must begin with protecting the critical infrastructure which keeps businesses up and running – not least in the DC.