Continuity Planning: 10 steps to success

10 things to know business continuity

Do you know how to keep your business running successfully in a crisis?

Business Continuity planning is the process of creating a strategy which identifies and documents risks to a company and outlines processes of prevention and recovery.

It ensures that, in the event of a disruption, disaster or accident, personnel and assets are protected and able to function normally. Something many businesses and business leaders have had to adapt for particularly in the last 18 months since the Covid-19 pandemic.

It should include steps to take before, during and after an event to maintain business operations and financial viability. Business continuity planning is essential for companies of all sizes. However, unfortunately, many still aren’t getting it right. Companies continue to suffer IT outages which should be avoidable or easy to recover from.

There are several reasons for weaknesses in current business continuity plans, such as underestimating risk and failing to test and review plans. Although nobody likes to think about “what if” situations, it is critical that business leaders understand the threats, prepare for them, and act accordingly.

Continuity Planning: 10 crucial areas business leaders must understand to create a successful plan

A 10 point basic Business Continuity plan checklist for business leaders

 

  1. Which IT systems need protecting? Email, ERP, Financial Applications, CRM etc.
  2. What data needs protecting from loss/corruption? Data within databases, Standard documents etc.
  3. What are the costs per hour of losing access to systems and/or data? Use a template to calculate.
  4. How long can the business tolerate the loss of particular systems/data? Consider potential financial and reputational damage.
  5. How much data can the business afford to lose without significant impact? None? A minutes worth? An hour or days worth?
  6. How long should saved data be retained? What are the regulatory requirements in the country and particular sector?
  7. How long will it take to restore services? Are the current technologies and systems in place to deliver the business’s operational needs?
  8. Do you have the skills inhouse to ensure the business can recover from a disaster?
  9. Do you have a documented plan that is reviewed?
  10. How often to you test recoveries? It should be as often as feasible, or at minimum, annually.

Still feeling like you don’t know where to start?

QuoStar can help you with Business Continuity planning. Find out how here.

How to strategically use IT to increase business resiliency in the age of COVID-19 and beyond

Strategic Blog | 6 ways to use IT to improve long-term business resiliency

Resilience. It’s been one of the top words of 2020. But, as coronavirus has aptly demonstrated, it’s much more than just a buzzword. If you want to your business to withstand turbulent times, be it a recession, new marketplace competitors, changing regulations, security threats, Brexit or a global pandemic you need to improve resilience.

What is business resilience?

Resilience is essentially a business’s ability to anticipate, prepare, respond to, and adapt to change within the business environment. Some events, like COVID-19, are near impossible to predict but generally, the business landscape is becoming more volatile and dynamic. Rapid technological evolution, an increasingly global competitor landscape, and societal issues are all putting stress on the business environment.

However, if you can successfully and continually increase business resiliency, it will better protect your ability to achieve goals and objectives, regardless of the unexpected events that may occur.

6 ways to use IT to increase business resiliency in the long-term

1. Simplify the IT estate

Businesses are dealing with an increasingly complex IT environment. Mergers, acquisitions, and years of accumulated technology – much of it outdated – all contribute to bloat. Over the years, businesses will have likely acquired multiple systems and applications. New demands (internally and client-side) require new capabilities and businesses strive to keep up with the pace of change.

There is probably a lot of overlap within the IT estate. So, the first place to start is with a comprehensive IT portfolio review. Businesses need to review the full estate of infrastructure, hardware, applications, people, processes and tools to determine where the inefficiencies lie.

While such a review may be daunting, the returns – both financially and operationally – will far outweigh the effort. By trimming the fat, businesses will ultimately be able to achieve more modern, agile and secure IT operations. This agility is key to building resiliency. A cumbersome and complex IT estate makes change costly, slow and problematic. Building flexibility into the IT estate, allows businesses to quickly and efficiently react to changes around them. It can also help reduce IT operations expenditure (Op-Ex), which you can then redirect and essentially self-fund further transformation.

2. Use CRM systems

A CRM system ensures you have a complete, centralised view of everything that is going on in your business development function, from New Business and Marketing, through to Account Management, clients and prospects. It gives your Sales and Account Management team access to the real-time data and deep insight they need to close deals for quickly and efficiently.  

Ensuring up to date contact information and a record of all activity is stored in one centralised place allows reps to deliver higher levels of customer service. If a rep is on holiday, ill, or leaves the business, another member of staff can pick up contact where it was left ensuring a smooth experience for the customer. 

Often, it’s not the waiting that frustrates customers, it’s is when they feel like they are in the dark. Not knowing if your request has even been seen, let alone acknowledged. As many businesses strive to improve their customer service, people are being less tolerant of poor service across all industries and are quick to switch to competitors when their expectations aren’t met. When utilised correctly, CRM systems can help manage customer expectations by helping prevent activities from being dropped. Workflows can notify relevant staff members of important upcoming dates, remind them of outstanding tasks, set recurring reminders for regular check-ins and calls, and numerous other points which help the overall client service function run smoother  

Holding detailed client information also allows marketing teams to send more timely, relevant and accurate communications, for example celebrating anniversaries, notifying them of relevant upgrades or add-ons to services/products they already utilise, and alerting them. The right communication, at the right time, can help increase the likelihood of retaining the client and may encourage them to make further purchases. For example, if a client already has a rolling service with you, you probably don’t want to notify them of the massive discount you’re offering to new customers.  

However, it’s important to remember that you cannot realise these gains simply by purchasing the technology. You need to clear on your business requirements and goals – why are you purchasing a CRM system, what do you want to gain, what do you want your reps to be able to do? You need to have the sales and marketing processes in place and be prepared to continually improve them. It’s not just a case of “switch-on and go”.  

For more advice on selecting the right CRM System for your business, check out our top 7 software selection tips

 

3. Utilise cloud computing & storage

Cloud computing is one of the best ways to increase business resiliency thanks to its inbuilt flexibility and scalability. This was aptly demonstrated at the start of the pandemic when many businesses needed to switch immediately to remote work. Those already utilising cloud platforms and services reported finding the switch much easier than those based fully on-premise. No longer completely reliant on physical hardware, employees can access company data, files, applications and programs from nearly any internet-connected device.  

Additionally, cloud services, such as SaaS, are typically priced per user per month. The number of active users can be easily scaled up or down depending on demand. This flexible pricing structure gives businesses much tighter control over their cash flow, potentially giving them additional budget to be directed elsewhere in the event of a crisis. It also allows a business to scale up, out and across quickly, to seize advantages without the traditional CapEx and ramp-up times. 

4. Automatic breach detection & notification

The cyber-security threat landscape is growing exponentially. Businesses must prepare to defend against threats like ransomware, phishing, malware, DDoS, attacks on IoT devices and more. While you have your first line of defence, like firewalls, anti-virus software and employee training, this is no longer enough. You need to prepare for things slipping through the cracks.  

Tools including threat intelligence analytics dashboards, SIEM, and 24x7x365 Security Operations Centre (SOC) should be utilised to automatically detect any potential threats, intrusions or suspicious activities and respond rapidly to minimise the threat. Such tools and services should also notify IT administrators as soon as threats are detected so they can act and prevent costly downtime and shut down breaches. 

5. Use effective KPIs & dashboards

To accurately track the health of your business, you need to have a holistic view. Typically, most KPIs, at their base level, measure the value extracted. While this is, of course, valuable, and should be continued, it’s quite backwardslooking in terms of resiliency. Measuring the components of resilience, such as adaptability and flexibility, are critical to building a sustainable business.  

Once you’ve chosen the right measurements, it’s essential that you review them on a regular basis. This will enable you to spot potential issues on the horizon and rectify them before they cause real issues for the business. How often you review will depend on what you’re measuring. Some KPIs may need to be checked more frequently than othersYou can underestimate the importance of this data. It is what you should be using the drive business decisions, both strategic and technical. If you can see what is working, you know where to direct your efforts, your resources and your budget.  

Ensure employees are aware of the KPIs and how their actions contribute to the overall success of the company goals. Awareness builds accountability. If employees can understand and see the role they play in the business and feel part of the business’s success, they are more likely to continually improve and refine to ensure those KPIs are hit.  

6. Embrace change

Building resilience is not about only making changes under extreme pressure. Businesses need to have a level of flexibility in their organisation and their supporting IT systems that will allow incremental change and continual improvement. Small but frequent changes are also far less risky than massive, one-off ‘big bang’ style changes.

Increasing business resiliency beyond coronavirus

Unfortunately, experts are already predicting that COVID-19 will not be a oneoff. There is every reason to expect we will see other global pandemics in the future. Furthermore, broader issues like inequality and climate change could easily result in the same economic instability and marketplace volatility that the coronavirus has caused. We also don’t know what the longer-term effects of the long lockdowns on businesses will be, as the whole world has certainly got smaller again, markets are without a doubt going to be more global. 

Change is a natural part of business. You will never be able to fully eliminate every potential risk your business could face. However, you shouldn’t see this as a problem. This is an advantage. Don’t seek to merely mitigate risk to try to restore what was. Instead, look to create opportunities for your business by effectively adapting to new realities.  

Businesses who build resiliency can typically anticipate threats more rapidly, better withstand the initial shock of the event, rebound more quickly, and emerge in a better state for the new environment. These four benefits can make all the difference in a highly turbulent, competitive landscape so businesses must prioritise building resiliency in the coming months.  

Join the Business Leaders Community

If you found this content valuable, why not join our free Business Leaders Community? Not only will you receive our monthly briefing with more business improvement tips and advice, but you’ll also get exclusive access to virtual events designed for leaders who want to make strategic improvements and get ahead of the competition. 



Why your business needs two Internet connections

Business continuity - Why your business needs two Internet connections

Your business’ Internet connection now means so much more than just being able to browse websites. So many programs, services and features rely on an Internet connection that if yours went down, you would feel an instantaneous impact.

Businesses constantly use the Internet to communicate with their clients, collaborate with colleagues and access cloud-based systems such as Office 365 and Salesforce. Using the Internet is so ingrained in our workday, there’s little you could do without it.

  • You couldn’t send or receive emails
  • You couldn’t access any cloud application services or files in cloud storage
  • You couldn’t access any websites or web services
  • You probably couldn’t use your telephony system

The only good thing which comes from an Internet outage is… well, there isn’t one.

How much does a lost Internet connection cost?

Internet outages cost UK businesses nearly £7 billion in 2016. Whilst that was a few years ago, don’t think the age of this stat makes you safe. This figure is set to increase year-on-year and so will now be something far higher.

The table below shows the impact downtime has on varying sizes of businesses based on both the productive time lost and the cost of an outage.

Table showing the costs of an outage in varying sizes of business.

The results of the study investigating the cost of Internet outages

Businesses experience an average of 4.7 outages per year – each of which cost a mid-sized business an average of £3,644.

Internet outages are clearly expensive and so your business should be doing everything to prevent them. Luckily, it’s not difficult to reduce the chance of your business seeing an outage.

How to prevent an Internet outage?

Difference between broadband, leased-lines and 4G services.

Before considering getting two Internet connections, you must ensure your primary connection is the correct type for your business. There are three main types of connection:

  • Broadband – Generally only good for very small businesses. This is the same connection you likely have at home. Broadband connections share bandwidth with other customers meaning lower performance at peak times and fluctuating performance. Broadband typically has a non-existent Service Level Agreement (SLA). This means if you go down, you aren’t going to be a priority to the service provider. You may have an SLA in your contract, but they are typically valueless.
  • Leased line – Good for growing and medium-sized businesses, necessary for large businesses. A leased-line is a private connection which only you can utilise – guaranteeing consistent performance. SLAs for leased lines operate more rigidly – giving you better uptime guarantees and faster resolutions when issues occur.
  • 4G Connectivity – Good for satellite sites or rural offices. 4G has become a popular solution for certain niche scenarios such as remote offices or areas where other options are poor or non-existent. Although good in principle, 4G services are typically not enough for full business operations – though they can act as a lifeline if a wired connection fails.

Getting a second Internet connection

Once your primary connection is suitable, the second step is to add redundancy to your Internet connection. Many businesses think a leased line gives them immunity to an outage. However, while you may still get limited connectivity during a wider network outage, you should aim for no loss of service at all.

Since we operate leased lines for many of our clients, there are a few best practices and common mistakes we’ve seen which you should be aware of when planning your own leased line.

The Last Mile Rule

The ‘Last Mile Rule’ states that the final mile of cabling which connects your business to the Internet should be physically separate between your two connections. This isn’t always possible due to external infrastructure and costs, but it’s worth aiming for.

Having the connections enter your office from alternate directions and cabinets means a physical disruption (perhaps caused by overzealous construction workers) only impacts one cable – allowing you to maintain connectivity.

To take it further, a secondary Internet connection should be run from a different telephony exchange – meaning that an issue at an exchange doesn’t bring down your connectivity.

Automatic switching

Manually reacting to an outage is not ideal. It’s stressful, confusing and results in unnecessary downtime for your business. Instead, you want to configure your connection to automatically switch over to the secondary circuit if the primary one is down.

Typically, this is achieved by intelligent firewalls or two carriers (ISPs) working in conjunction via a managed service.

It’s also worth considering using the second connection, rather than just having it sat idle. Many organisations push certain traffic over the secondary connections, such as backups or voice calls. Obviously, if the second line fails (often more likely) that traffic can just fail-back to the primary connection.

Diversify line providers

Rather than going straight to your current line provider for your secondary connection, consider diversifying to another provider instead.

In the UK, BT Openreach and Virgin Media are the two largest owners of cable infrastructure, so if you already have a connection with one, it’s worth diversifying into the other. This is so that if the network provider themselves experiences an outage, you don’t lose your primary and secondary connections because of it.

Another benefit to a diverse approach is that if one of the major providers goes down, you can be overwhelmingly smug that your operations keep humming along whilst your competitors are frantically putting out fires and incurring reputational damage.

What is the cost of two Internet connections?

The direct cost of a second Internet connection will vary depending on local pricing so research your providers. If an identical line is too expensive, you could consider purchasing a reduced capacity line instead, i.e. a broadband circuit to just allow critical services to run in a disaster.

Doing this ensures a primary line failure won’t completely take you down, but you may find it difficult to perform Internet-heavy actions. Consider how much bandwidth you use normally and your usage at peak times to help you choose a sufficiently effective backup line.

What is the ROI of a second connection?

A second Internet connection is a preventative investment, meaning you cannot calculate ROI in the traditional sense. Instead, look at how much money your business is losing from downtime, then map this against the cost of a backup line.

As medium-sized businesses typically lose £3,644 per outage and experience 4.3 outages per year, a secondary connection would save them £15,699.20 on average every year. This can be considered the yearly ROI.

To calculate this for your own business, use this simple downtime cost equation to find your cost of downtime then multiply it by the average length of your outages and multiply it again by your average number of outages per year.

It’s also important to not just focus on the hard costs. You also need to consider soft costs, such as reputational damage. If your operation was offline for 3 days (very possible) then how is that going to impact your reputation?

Does my business need two Internet connections?

This question is akin to asking, “does my business need to be accessible to clients and customers?” or “do my employees need to do their work?”. If you’re a micro-business, then you can probably get away with a single connection because downtime losses are minimal. But otherwise, it becomes not a question of if you should get two Internet connections, but when you should get your second connection.

Don’t make the mistake of thinking a disaster won’t happen to you. Too many businesses put off investing in their business continuity and then take a permanent blow to their reputation rather than enjoying business as usual. Don’t let that be you.

Is your business ready for its' second connection? Our experienced teams can help you protect your business from downtime and disruption. 

7 reasons reactive IT support is dead

reactive it support is dead

Here’s an important question for you: Do you only eat your lunch after having died from starvation?

You will have likely answered “no” to that question, so here’s another one for you. Do you only fix your IT issues after they cause damage to your business?

You probably said “no” again. But unless you’re using proactive IT support, you should be saying “yes” instead because this is exactly what you’re doing. Waiting until the worst has happened before addressing a problem.

What is reactive IT support?

Reactive support (sometimes called break/fix support) is where the focus is on fixing IT issues after they occur, instead of preventing them from occurring in the first place.

For a long time, reactive support was the only type of IT support possible. But with modern analytics and systems management tools, better monitoring and even the rise of AI-enhanced predictive models, proactive support is now not only possible but widely available.

Yet despite the proactive model being available, many businesses continue using reactive support – often unaware of the damage it’s causing them.

Their choice of IT provider is most often to blame since the cheapest support rarely offers even a hint of proactivity. Instead, cheap providers favour the legacy break/fix approach as it allows them to get better margins on their clients.

Why is a reactive approach not good enough anymore?

1. Leaves the core of the business vulnerable

IT is vital to every department and process within a business. So, if there’s a problem with IT, there’s a direct business impact. This can range from being a simple inconvenience right through to a complete halt of operations. Accompanied by the typical reputational damage.

With a reactive approach, these problems both large and small can arise far more often. This isn’t necessarily because reactive support is worse at fixing problems, but because reactivity is worse at dealing with them.

With a reactive approach, an issue needs to be actively causing pain before it’s addressed. And this results in far more issues reaching employees.

Compared to the proactive approach’s continual improvement mindset, reactivity is also lacking. For a start, a reactive approach has no way to stop issues before they begin impacting the business. Reactivity also lacks the ability to apply past experience from one client to another. Eliminating most common issues completely.

With so many things going for proactivity, it seems like it should be the default. But it’s an approach that many IT providers only pay lip service to. Only with a focus on continual improvement, along with ensuring all systems are proactively monitored can an IT provider call themselves proactive. But once they do, many problems can be fixed long before their effects become visible. Reducing potential damage and minimising employee downtime.

Discover how our fully managed IT support clients are already benefitting from increasing security, stability and performance with a free online review.

2. Negligent to your clients/customers

By the time a reactive IT support provider begins addressing an issue, your customers or clients will already be feeling the negative effects. Perhaps a crypto-jacking infection on your web server is causing your website to become unresponsive, locking out customers. Or a failed piece of hardware has meant critical client assets are lost. These sorts of issues occur far more often with a reactive approach in place and can have major ramifications for your business.

The largest of these is that outages = lost clients. We live in a time where every business is commoditised. So if you experience frequent issues due to reliance on reactive IT support, your clients can and will switch to your competitors.

Additionally, if you have SLAs with clients, failing to meet them due to a spotty service can have direct financial repercussions. But needing to compensate your clients will not cost you a great deal but will also erode trust, resulting in further problems.

3. Allows issues to grow out of hand

With a reactive approach, issues are only fixed once they’re having an impact on your business. This means that a problem which has no immediately visible impact can go unnoticed until it’s far too late. Here are a couple of examples of the sort of things which can go wrong.

A few hours before going out to meet a prospect, a director’s laptop locks up with a message stating she must pay a ransom to unencrypt her data. Clearly the victim of a ransomware attack, the director is dismayed to find it has encrypted the files she needs for her meeting.

Upon recovering the files from their nightly backup, the company finds that the latest snapshot was actually several weeks old. The nightly backup had been encountering an error and failing each night. Without proactive monitoring in place to spot this issue, weeks of data were lost including the files she needed for her prospect.

On Monday morning, the finance department finds they can’t access their finance software and are all seeing an identical error code. Upon calling their reactive support desk they discover that the error code means that the software’s licence key has expired. It takes a day to renew the licence key and costs a considerable amount to do so. Due to no proactivity in relation to managing licenses, a whole day of productivity is lost and the unexpected cost takes a chunk out of the department’s budget.

A final point here: with a reactive support provider, there’s no guarantee that an issue fixed once is fixed for good or across all systems. Without proactivity, the same issue can arise many times, needing to be fixed from the ground up each time.

A proactive IT provider will instead flag the example issues as non-conformances due to their impact. Then, by putting controls in place, they would ensure that the issue won’t happen again not only for the affected client but for any of their clients. This prevents wasting resources on readdressing issues whilst also ensuring you’re always becoming more resilient to issues.

4. Blind to vulnerabilities

When most businesses think of cyber-attacks, they think of ransomware or DDoS attacks, both of which are very visible. But, most malware is designed to stay hidden on a network for as long as possible. Stealing as much data as it can or working its way up the chain of permissions to execute a catastrophic blow.

With the average compromised system staying undetected for 146 days, having no active monitoring due to reliance on reactive support is a dangerous choice to make. By leaving yourself blind to hidden vulnerabilities due to a lack of active monitoring, the impacts of a breach can also become far worse.

  • Hidden spyware can steal more data, resulting in more affected clients and a larger GDPR fine.
  • Hidden ransomware can move further laterally across the network before striking. Increasing the number of files locked and the ransom cost.
  • Hidden crypto-jacking can wear down hardware and reduce employee productivity for longer.
  • Hidden viruses can establish themselves far deeper within a device. Increasing the time and money required to remove it.

Lacking proactive monitoring and system vulnerability scanning allows these threats and more to stay on your network for far longer. Putting your business at a much greater level of risk than it needs to be. But with proactive monitoring and regular vulnerability scans, you can identify these risks and remediate them far quicker.

5. Normalises failure

When using reactive IT support, issues will often be common, recurring and irritating. The sheer volume of these small problems can easily overwhelm employees, causing them to either just get used to it or leave the company. Neither outcome is ideal.

In the case of employees who leave, a replacement must be found and retrained. But even after this, they will still have a chance of leaving the company for the same reasons.

Considering that the cost to replace a well-trained employee can exceed twice their yearly salary, high turnover can be catastrophic for your cashflow.

As for employees who get used to the issues, they may end up causing you more financial damage than those who leave…

6. Kills efficiency

With a reactive approach, each small issue needs an employee to take time out of their day to deal with it, instead of it being pre-emptively resolved.

Whether through having to call the reactive service desk or from reduced productivity whilst dealing with the issue. Even only a few minutes of disturbance per issue can make the wasted time mount up.

For example, if each small problem takes 5 minutes to identify, diagnose and fix and each employee experiences only one issue per day. A company with 40 employees will lose 16 hours and 40 minutes each workweek.

Extending this over a month, the company will lose 66 hours and 40 minutes. And over a year, 800 hours will be wasted. The same as having an employee lay on the floor all day, for 100 days whilst on full pay.

It’s also worth remembering that without proactive management, the same issues can keep recurring. From this, it should be easy to see how lost time can pile up, causing a significant impact on a business’s operations.

7. Proactivity is possible

This list could have consisted of this point alone because the simple fact that proactivity is possible should be enough of a reason to change to it. However, this wouldn’t have been very informative to you, the reader. Nor would it highlight the potential dangers of continuing to use the reactive model.

When comparing the two models, it’s not even a matter of weighing up the pros and cons. The proactive model is a direct upgrade. For one final analogy, it’s like determining whether to use a Palaeolithic hand axe (see: sharp rock) or a chainsaw to cut down a tree.

It’s also worth noting here that many IT support providers sell themselves as being proactive when in truth they’re not. It may be that their monitoring is proactive or one part of their operations. But this alone does not mean they are proactive.

You should aim to understand how your IT system is managed since this shows you what gains can be made with some quick initial changes.

New call-to-action

How to calculate the financial cost of downtime

Business continuity - How much downtime is costing your business

It’s concerning how few businesses understand how much downtime costs, be it for an hour, a week or a day.

Fortunately, understanding these costs at a notepad level is easy and having the figures on hand allows you to make measured business decisions about how much to spend to improve your operations and to mitigate risks.

Many businesses assume they could survive with a day’s worth of downtime. However, they don’t factor in the true cost in terms of lost revenue and fixed costs, such as salaries and utilities.

Here are some basic calculations to help you work out how much downtime would actually cost your business.

How to calculate lost revenue to downtime

Often, when calculating the cost of an IT outage or other disaster, businesses will just look at their fixed costs such as the cost per hour of staff. However, the real cost comes from the lost earnings and revenue. The calculation is simple at a basic level:

Lost Revenue = (Weekly Revenue / Weekly Work Hours) * Hours of Downtime

As an example, if your business usually makes £200,000 per week over 40 working hours, a single hour’s outage will result in a loss of £5,000. That would be £40,000 a day.

Of course, the type of business is a factor. If it’s a law firm, you’re likely looking at the flat calculation above. If you’re an estate agency you may still be able to operate for a few days as your diary and contacts have been synchronised to local devices. However, you will be losing money regardless of if you can scrape by.

How to calculate fixed costs

During an outage you can’t send your employees home without pay, nor can you just skip the building’s rent for that day. In many business sectors, a serious IT outage will impact a large percentage of the workforce. A few will be fighting fires, but many will be idle and this is where the bulk of fixed costs will come from.

A simple calculation for fixed costs is:

Fixed Costs = Number of Employees * Hourly Wage * Hours of Downtime

As an example, if you have 50 staff and on average they are paid £20 an hour you’d be losing £1,000 an hour. That would be £8,000 for a day’s outage.

In short…

If you use the figures above, you’d be losing £6,000 an hour for a business turning over ~£10 million. Although the calculations are basic, they give insight into the fundamental costs which is enough to start informing your decision-making process regarding business continuity and disaster recovery.

You’d also need to look at other areas where you’d lose money – you could have reputational damage, recovery costs, etc. But it’s unlikely that you’d need to go into such detail to make measured decisions on how you’re going to control the areas of risks within your business.

You can certainly dive deeper and look at the cost per individual IT system, as these calculations are a good starting point to understand what you need to – and should be – doing to protect your business.

Thanks to the rapid development in technology and the ever-decreasing costs, controlling these risks for a sensible cost is a reality. A £10 million business should be able to protect their IT systems for the cost of a few hours downtime or less.

Find out what the risks are to your business, where you stand in best practice and how you can reduce your downtime. Register for your business continuity plan review today.

How to work out if your level of uptime is good enough

When browsing for an IT service, it’s common to see in the SLA a 99% uptime guarantee. Occasionally you might spot a 99.9% uptime guarantee. And rarely you might even find a 99.9999% uptime guarantee, but it’s typically a sales ploy. Whilst these numbers sound good, what do they actually mean for your business? As it turns out a 99% guarantee just isn’t good enough anymore. Here’s why…

Downtime infographic

The maths behind calculating downtime costs

How much downtime in a 99% guarantee?

If your business uses a service with a 99% uptime guarantee that means you should expect:

  • 14 minutes, 24 seconds of downtime every day;
  • 1 hour, 40 minutes and 48 seconds of downtime every week;
  • 6 hours, 43 minutes and 12 seconds of downtime every month and
  • 3 days, 15 hours, 21 minutes and 36 seconds of downtime every year

It’s important to note that these numbers rely on downtime only ever occurring during opening hours. In the ‘real world’ about 1/3 of downtime would occur during work hours (in the actual real world it’s more than 1/3 because higher loads on services at this time increase the chance of a service outage.)

But even if we take the more ‘realistic’ 1/3 value you still end up with 1 day, 5 hours, 7 minutes and 12 seconds of unplanned downtime a year. This would cost 98% of businesses over £2,233,000 in lost revenue according to data from an ITIC survey. And this is without mentioning the costs down the line if clients decide to leave based on poor performance.

For many companies, this level of downtime is unacceptable. Not only for financial reasons but for the impact it has on their image. Many customers expect a responsive service 24/7. So even a short period of downtime can permanently taint a user’s opinion of a company meaning that better guarantees are necessary.

How much downtime in a 99.9% guarantee?

99.9% uptime guarantees (referred to as “three-nines”) have become the new standard for most digital services. They provide decent availability with only a small amount of unplanned downtime. With a ‘three nines plan you should expect the following:

  • 1 minute, 26.4 seconds of downtime every day;
  • 10 minutes, 4.8 seconds of downtime every week;
  • 40 minutes, 19.2 seconds of downtime every month and
  • 8 hours, 44 minutes and 9.6 seconds of downtime every year

It might be surprising to see the impact of an additional 0.9%. But the reason that the change is so drastic is that 90% of the 99% guarantee’s downtime is removed with the addition of another nine. Because each nine reduces downtime by 90%, uptime guarantees become exponentially more effective.

How much downtime in a 99.99% guarantee?

A “four nines” guarantee gives even better rates of uptime. If you use a service offering a 99.99% guarantee you should expect a maximum of:

  • 8.64 seconds of downtime every day;
  • 1 minute, 0.48 seconds of downtime every week;
  • 4 minutes, 1.92 seconds of downtime every month and
  • 52 minutes, 24.96 seconds of downtime every year

Less than an hour of downtime a year sounds good (and it is good). But there’s the big factor of cost to remember. As strange as it sounds, at a certain point it becomes more cost-effective to allow downtime to occur because the cost of a more reliable service outstrips the losses caused by an outage.

There’s still the reputational damage to consider though so, as it is with everything, it’s a matter of balancing things correctly.

How much downtime in a 99.999% guarantee?

  • 0.864 seconds of downtime every day;
  • 6.048 seconds of downtime every week;
  • 24.192 seconds of downtime every month and
  • 5 minutes, 14.496 seconds of downtime every year

“Five-nines” is currently regarded as the gold standard for uptime terms because of how small the margin for error is. A service running with exactly 99.999% uptime would take 11.45 years before the service would have been down for an hour.

What about a 100% uptime guarantee?

Unfortunately, it’s statistically impossible to have guaranteed 100% uptime because something can always go wrong. But despite this you still sometimes see a service offering this. Quite simply whenever you see a 100% guarantee it is either going to be a sales ploy, an overconfident service provider or a scam.

In a lot of cases, a 100% uptime guarantee is either backed with nothing of substance or nothing at all in their service level agreement (SLA). This means that if they don’t reach the promised 100% uptime (which they won’t) you get nothing as compensation.

An example of this would be if the SLA has a strict classification of what can be claimed on. An SLA could state that for it to be claimed on, a period of downtime must be longer than 2 hours and be caused by a technical fault on their hardware. This means that an hour-long outage wouldn’t be claimable. Neither would an outage caused by bad weather disrupting your connection, even where it causes damage to your business.

It’s important to always thoroughly read the terms and conditions for any service provider you sign up to. And equally important to consider alternative points besides just the uptime percent. Factors like the SLA, hardware, security and compensation can be just as, if not more, important.

How much downtime in a 99.9999999% guarantee?

Although a 100% guarantee is impossible, we could hypothetically get pretty close in the future. A “nine-nines” uptime guarantee would allow you to enjoy a maximum of:

  • 0.0000864 seconds of downtime every day;
  • 0.0006048 seconds of downtime every week;
  • 0.0024192 seconds of downtime every month and
  • 0.0314496 seconds of downtime every year

Blink.

You just experienced a decade of downtime with a “nine-nines” uptime guarantee. In fact, if you’ve been reading this at an average speed, you’ve experienced about 9,000 years of downtime between the start of this blog and now. That’s pretty impressive.

Unfortunately, we’re a long way off getting hardware setups sophisticated enough to reliably give this level of availability. And even if we were, it would be ridiculously expensive because of the ludicrous amount of redundant hardware, backup, maintenance, monitoring and security systems, power infrastructure and planning that such a system would require.

That’s not to say it’s impossible, but it’s a long, long way from where we are right now.

Read next: The 6 biggest weaknesses in your business continuity plan.

6 reasons your business continuity plan is weak – and how to fix it

Business continuity - Your business continuity plan is weak. Here's why:

Business continuity planning involves creating a strategy to prevent, reduce and recover from risks to an organisation.

Many organisations still have business-impacting IT outages that should be avoidable, or quick to recover from.

There are six key reasons why these types of IT outages continue to impact businesses.

1. Not understanding risk

Most businesses would be surprised if they listed out every asset or asset type within their business and then looked at every risk associated with it. What’s the likelihood of that risk type affecting the asset or the wider business? What would the impact be on the business? It’s impossible to protect against something you are unaware of. It’s critical that a business understands, at the very least, the IT assets they have and the associated risks to the business. However, when you’re talking business continuity it’s best to include other types of asset, such as key employees or sites.

2. Having no controls in place

Once you understand the risks, you can put controls in place to reduce or mitigate the risk. This can be something as simple as protecting a laptop from Trojan software with anti-virus protection, through to protecting against a systems outage by replicating all data and systems into the cloud, or into another site. Controls need to be sensible and considered, hence why it’s critical for a business to understand the true cost of a system outage.

3. No reviews

Business continuity must be a living entity within a business. Every new asset should be logged, have its associated risks identified and have applicable controls put in place. The controls, particularly around continuity, must be regularly reviewed and tested. And by ‘regularly’ that means you should be testing as often as feasibly possible. If you’re waiting for longer than a year between reviews, you’re leaving yourself highly vulnerable.

4. Not using the right technology

Over the last decade, technology has dramatically decreased outage windows and costs when it comes to business continuity. So it’s critical that you review requirements and evaluate the technology. This process takes time and experience to do correctly, so you may want to contact a consultant so you can keep focused on your own business and have confidence in your choice. You should be assessing technology every three years (at most) to look for continuity improvements, easier management and reduced costs.

5. Senior management don’t take responsibility

In businesses of all sizes, senior management, typically at the board level, do not take responsibility for business continuity. It’s usually up to IT to undertake this function, often with heads of departments. So when a disaster strikes, whatever happens, IT gets the blame – even though they’ve identified the risks and applied the controls. This is why it’s critical to get senior management to understand the risks to the business and to accept or reject controls.

Cost factors usually determine whether management accept or reject controls. The controls’ stated Recovery Point Objective (RPO) – how much data they can afford to lose – typically determine these factors. Recovery Time Objective (RTO) is also crucial to understand. This is how long certain systems can be down for without serious consequences. You will often hear a board state that no downtime and no data loss is acceptable, however, this viewpoint often changes when viewing the budget.

6. Thinking it’s just about IT

While IT is important, businesses will have a vast array of assets which will cause different levels of impact if unavailable. What happens if the Operations Manager disappears tomorrow? If a site burns down? Or if listeria from the onsite canteens takes out 30% of the workforce? There are so many scenarios that need to be understood, and suitable controls and processes need to be in place to deal with them if they arise.

Click here to download your 3 essential templates for managing risk

What is the difference between email archiving and email backup?

differences between email archive and backup

Corporate emails are important records of business decisions, communications and information; and, just like paper documents, you must secure and store them properly. This is where an email archiving solution can assist, but many companies may believe they already store records correctly – by backing up their mailboxes on a regular basis.

There is often confusion between email archiving and email backup, with some believing they perform the same – or very similar functions. In reality, they are different solutions, which businesses should both use.

What is Email Backup?

In simple terms, a backup is designed as a short-term insurance policy to facilitate disaster recovery. A classic backup application takes images of active data periodically in order to provide a method of recovering records that have been deleted or destroyed.

Backups are usually only retained for a short period – a few days or weeks – as more recent backup images replace previous versions. It is important to understand that emails can be deleted in between backups and would thus not be retained. Data is usually kept in a proprietary format which can cause problems for long-term retention.

What is Email Archiving?

In contrast, email archiving is designed to provide businesses with an ultra-secure repository for email records that need to be stored for a long period of time. This may be necessary in order to meet certain regulatory obligations. Email archiving provides businesses with a full record of communications, and additional security features like time-stamping and digital fingerprinting ensure that the email has not been tampered with or edited in any way – essential when providing emails as evidence to courts.

It is also far easier to find and retrieve records from an archiving solution compared to a backup. Emails may be requested by an external auditor or can be the result of an internal investigation. Instead of asking your IT department to dig through volumes of saved data snapshots and format it to comply with the request, they can use the search facilities to locate the necessary records in their original and exact format.

Which solution should you choose?

In the short run, it may seem less expensive to back up your email data to a tape or local server. However, the volume of email data increases every day which results in greater storage requirements. In the long run, the cost of storing and protecting that data can far exceed the cost of implementing archiving.

However, this is not to say that an archiving solution should replace your backups. Both solutions fulfil important functions and should be used in tandem. It’s important to remember that it’s a legal obligation to provide copies of emails if asked by authorities or regulators. This is something that virtually all backup solutions cannot do. In order to choose the most effective and suitable solutions, companies should first distinguish between their backup and archiving needs. Then explore the appropriate storage solutions to meet these needs.

3 things that will make remote working a great success

The clocks have gone back, the mornings are darker and the evenings are drawing in, there’s no doubt about it – winter is making its arrival. With the UK being warned to brace itself for some of the harshest, snowiest winter weather in years it is time to consider how the wintry conditions could affect your business and your employees.

It’s predicted that some areas of the country could see snowfall as early as this month, and that could leave staff stranded away from the office with no ability to go about their day to day tasks. However, you can prepare for winter by introducing flexible working policies which will help your business stay operational even in adverse conditions.

Remote working during bad weather

What to consider when introducing remote working?

Utilising solutions such as VoIP (Voice Over Internet Protocol), Hosted Cloud, Hosted Telephony and Thin Client technologies will mean that if employees are unable to get to work because of poor weather conditions they will still be able to log in and work from home, just as if they are in the office. This will also help in situations where the office itself is hit by the weather, e.g. power failure.

However, there’s no reason your business should limit flexible working policies to bouts of bad weather. With research showing remote working is becoming more common and employees wanting – or in some cases expecting – greater flexibility, then introducing it on a more permanent basis could benefit your business. If you are considering remote working this winter then it is not only technology that you need to consider. When creating a policy for your business there are three key areas that you will want to consider. You will need to set standards for each to ensure that it doesn’t become a drain on the business

1. Communication

This is one of the most important aspects to get right. Without regular communication, a remote team will fall apart. Every member of the team must understand their role, responsibilities and deadline, and check in regularly. Schedule regular video calls with your team (or individuals/departments depending on your particular business) to “catch up”. For example, you might have a Sales call every Monday morning to recap the previous week and layout plans for the week ahead.

Communication tools like Microsoft Teams can be used to keep the conversation going throughout the week, and some businesses may want to look into solutions like project management software. If you’re implementing remote working for the long term you will also want to schedule regular face-to-face meetings to keep the team operating as a team. While email, Teams and video conferencing are great tools if contact is kept virtual all the time you risk people feeling disjointed from the business and moving on.

2. Trust

Remote working isn’t for everyone, or suitable all the time, but you must be able to trust your team. You need workers who will be honest, motivated and self-driven to complete their tasks. No one will be checking in to see if they’re slacking off. It really comes down to personality type. Some work best in a team, others work better alone and some need a mix of both.

Those who work best alone will adapt very to remote working, with the odd day in the office. On the other hand, someone who thrives when working with people is likely to prefer working in an office environment. Putting them at home or in a serviced office alone could reduce productivity or cause them to leave altogether. For someone who works best in a mix, flexible working may be better. For example, the option to work at home when on deadline, but then in the office when delivering a project.

3. Company Culture

Culture is critical to the success of a modern business, but it becomes even more important with remote teams. As workers will be spread across different cities – or countries – you’ll need to go the extra mile to bring your team together. It’s important that you get to know one another’s working style, weaknesses and strengths. Encourage staff to help others solve problems and answer questions.

On a day to day basis, it’s possible to enhance the culture by creating virtual collaboration and social environments. Tools like Yammer can help you fulfil this requirement, it’s essentially a private social network for business. Employees can post in forums, chat, upload photos, just like on Facebook, except it’s focused on the working environment. Most businesses will also bring their people together regularly, to ensure bonds are built and teams are aligned.

Like any new policy, remote working will present its own challenges but think of it as a learning opportunity. With remote working shown to increase productivity, reduce absenteeism and lower overheads it could be quite the boost.

It’s important to plan ahead. Many businesses never entirely recover from a major disaster. Contact us today to receive a comprehensive review of your business continuity plan.

Why you need to review your business continuity plan now

IT strategy - Why you need to review your business continuity plan now

They’re not here yet, but plummeting temperatures and snow weather warnings will soon get you thinking about how the Winter conditions will impact your business. Maybe key staff are unable to commute, distribution channels could be disrupted or communication lines might go down. Simply put, sleet, snow and flooding will all wreak havoc on your operations and the only way to limit the disruption is to be well prepared.

Before the season’s stormy weather sets in, businesses should prepare themselves for the worst. We’re lucky in the UK that we rarely see major natural disasters (earthquakes, volcanoes, tsunamis) on account of us being away from active fault lines, but the weather can still cause significant problems. Every company, therefore, needs to have a business continuity plan in order to prevent future disruption. And today is the perfect time to review your plan and ensure that when the weather does change, you’re prepared.

Why should you review your business continuity plan?

A business continuity plan is designed to identify the potential impact crises could have on your business. It ensures relevant procedures are in place to limit these. However a plan is only as good as the information it contains and, as such, must be reviewed regularly to ensure that it is fulfilling its intended purpose. Technology evolves, people move on and new members of staff join the team, so your original plan won’t remain relevant forever.

There are different views on how often a business continuity plan should be tested. It will usually depend on the type of organisation, key personnel turnover and the number of business and IT changes which have occurred since the last test. Best practice states that you should review your plan at least once a year. In this review, you should bring together key personnel to analyse the plan. Prior to this review, you may also want to ask staff to provide feedback on the plan to incorporate into your review.  Whenever there are significant changes in personnel, equipment, operating software or recovery strategies you should review your plan.

Testing your business continuity plan

Some organisations will test their business continuity plan between two and four times per year. Common types of testing include:

  • Tabletop Exercises: usually involve the test team reviewing the plan in-depth. They will look for gaps and ensure that all business units are represented.
  • Structured Walk-Throughs: each member of the recovery team walks through their plan components to identify any weaknesses. Sometimes these tests may include role-play or drills. The team will usually have a specific type of disaster in mind for the walk-through.
  • Disaster Simulation Training: Usually an annual task as it is time-consuming. You create an environment which will simulate an actual disaster, with all equipment, supplies and personnel required. This is to see whether you would still be able to carry out critical tasks during the event.

Regular tests and reviews will identify any weaknesses, prepare your team and ensure effective procedures. As the old saying goes, fail to prepare, prepare to fail. The more frequently you plan, review and test for a possible crisis, the less likely there will be gaps. Meaning your business has a better chance of being able to continue or quickly resume, normal operations.

Click here to download your 3 essential templates for managing risk hbspt.cta.load(6067788, ‘a7e334e3-20ae-46e5-87ce-3f9dbc880a96’, {});