JoAnne Burek drew on her thirty-six years in IT to show freelancers how we can prepare our businesses for sudden and unplanned incidents, which can cause irreparable damage to our brand or revenue loss. Business continuity and resiliency planning (BCRP) involves
- Business impact analysis
- Plans, measures, and arrangements
- Readiness procedures
- Quality assurance
Business impact analysis
Evaluate each of your business’s resources and categorize them into critical and not critical. Critical resources are those that could cause loss of revenue or damage to credibility. Consider also financial legal requirements. Some sample questions to ask yourself:
- Do I have enough savings in case of an extended outage?
- What’s the replacement cost of my equipment?
- What will I need to fulfill my tax obligations—and when?
Plans, measures, and arrangements
Further classify your digital records into permanent files (e.g., business number, contracts) versus dynamic files (e.g., correspondence, meeting minutes, schedules), which may affect how you organize and protect them. Create an emergency list of people you need to contact if you or your business are in trouble.
Implement mitigations to outage risks by backing up the files on your computer to an external hard drive or the cloud (Dropbox, Microsoft OneDrive, Google Docs), but be aware that some clients may not allow you to store their data on U.S. servers because they are vulnerable to search and seizure via the PATRIOT Act. To save you time, use a scheduling service that backs up automatically.
Burek came across CrashPlan, a service that automatically backs up your files to an external hard drive or on another computer, such as one in the home of a trusted friend. This system lets you have an offsite backup without saving to the cloud.
CrashPlan also has built-in encryption. If you’re using Dropbox or Google Docs, you may want to consider other encryption systems like VeraCrypt or 7-Zip (technically data compression tool that also has optional encryption).
To prevent the security threat from using a universal password for all of your accounts, use a password manager such as LastPass or KeePass.
Finally, use anti-malware software, such as Avast for Windows or Sophos for Mac.
Burek suggests implementing these practices immediately to mitigate risk:
- Perform regular backups
- Save your work frequently
- Keep your cellphone charged
- Stay ahead of your work projects
- Have a backup credit card
- Have an emergency fund
- Keep a list of cafés or other Wifi hotspots
- Plan migrations carefully
- Wait before upgrading
- Create a recovery disk for your computer
- Consider installing an uninterruptible power supply.
Readiness procedures
Build a plan that you will follow if you have to recover from an unplanned incident. Burek told us about her approach: she considered the two resources that were key to her business—her house and her computer. For each major disaster scenario (“I don’t have my computer,” “I don’t have my house,” and “I don’t have my computer or my house”), Burek considered how she would respond. Your plan should go into more detail so that you can read it like a checklist during a time of crisis.
Burek also noted that governments provide a lot of resources for disaster preparation—see, for example, Emergency Management BC, Alberta Emergency Management Agency, and Ontario Emergency Management.
Quality assurance
How will you know your plans will work? You have to test them regularly—Burek suggests annually, at a minimum. Confirm, for example, that you can retrieve a file from backup and that you can restore files on a hard drive. You could also rehearse what you would do in a possible scenario without actually contacting the support people you may need. Further, make sure your plans are up to date when there are major changes to your environment (e.g., new computer, new software) or to a threat.