2017 is done - what do we do differently in 2018?
With 2017 behind us and a new year just begun, we consider which business practices we want to continue and perhaps which need to be done differently. As ghoulish as it may seem, part of my planning includes learning more about how many disasters happened during the past year, problem trends, and how well businesses are prepared for recovery.
Published: Wednesday, 03 January 2018 08:31
In a report from FEMA, I found the number of major disasters declared over the past five years:
||% change from previous year
These numbers account for such things as weather disasters, floods, terrorist attacks, and those caused by human actions. Digging a little deeper, I wondered how many cyber/data breaches happened during 2017, or at least those deemed big enough to be reported. Here’s the list I found:
E-Sports Entertainment Association, Xbox 360 ISO and PSP ISO, InterContinental Hotels Group, Arby’s, River City Media, Verifone, Dun & Bradstreet, Saks Fifth Avenue, UNC Health Care, America’s JobLink, FAFSA: IRS Data Retrieval Tool, Chipotle, Sabre Hospitality Solutions, Gmail, Bronx Lebanon Hospital Center, Brooks Brother, DocuSign, OneLogin, Kmart, University of Oklahoma, Washington State University, Deep Root Analytics, Blue Cross Blue Shield/Anthem, California Association of Realtors, Verizon, Online Spambot, TalentPen and TigerSwan, Equifax, US Securities and Exchange Commission, SVR Tracking, Deloitte, Sonic, Whole Foods Market, Disqus, Hyatt Hotels, Forever 21, Maine Foster Care, Uber, Imgur, TIO Networks, eBay, Alteryx
That’s more than 40 companies - not a good trend. It also leads to the questions, "Is my business vulnerable?" and "What can I do about this?"
Here are some quick tips that I gleaned from a recent article from EverBridge:
Question your approach
Justification for the effort to define a recovery strategy on what is arguably a rare occurrence is a difficult task. Rather, look at the need from a value-based perspective for being able to recover, such as:
1. Regulatory compliance
2. Competitive advantage
3. Brand and reputation recognition
4. Knowledge capture
5. Increased robustness
Find out what others in your industry are doing and from there address the question, “What is right for us?” Not all companies need sub-second recovery… Some companies really can convert their entire work force to remote workers… Your solution needs to be tailored to your needs.
Simply, plans are worthless if you don’t exercise them on a regular basis. Leading standards on continuity planning refer to having regular exercises that increase in scope and complexity over time. Of course, “How often?” is a key question. Two exercises a year is thought to be a good benchmark for exercises, with one being a tabletop exercise and the other a more in-depth simulation.
Some food for thought: As you continue through your planning process, include your business recoverability and resilience as part of the discussion. Being prepared for “what if” scenarios is critical for long-term success.