Dynamic Business Logo
Home Button
Bookmark Button
Lets Talk-business continuity strategy
Featured

What does your business continuity strategy need now?

Yajush Gupta

Yajush Gupta

February 28, 2024

Crafting a robust business continuity strategy is imperative for any organisation aiming to navigate through disruptions effectively and maintain operational resilience.

Unforeseen challenges such as natural disasters, cybersecurity breaches, or pandemics can severely impact operations if not adequately prepared for. To ensure business continuity in the face of such adversities, it’s essential to carefully consider and integrate various critical components into your strategy.

Our experts explore the key elements that should be included to fortify your business against unexpected disruptions, in this week’s edition of Let’s Talk.

Let’s Talk.

Discover more Let’s Talk Business episodes

Contribute to Dynamic Business

Ben Jones, Head of Cyber Security at Mackay Goodwin

Ben Jones
Ben Jones, Head of Cyber Security at Mackay Goodwin

“A robust business continuity strategy should comprise several key elements to ensure the survival and recovery of your business and must include what to do in the event of a cyber attack or digital outage, as well as more traditional risks to business continuity.

“In terms of cyber, an initial comprehensive risk assessment is crucial to identify potential vulnerabilities and threats. This involves understanding your digital infrastructure, systems, and data and evaluating how an outage or attack might impact them.

“Secondly, a detailed recovery plan is necessary, outlining the step-by-step actions to be taken following a cyber attack or outage. This plan should include procedures for data recovery, system restoration, and communication with stakeholders. It’s important to include a crisis communication strategy, ensuring transparency and timely information dissemination with employees, customers, and stakeholders.

“Lastly, regular testing and updating of the strategy is critical. This is where a cyber consultant comes in handy. They can conduct a simulation or a ‘panic room’ scenario to test the strategy’s effectiveness. Based on the results, they can work with your key leaders to refine and enhance the continuity strategy.

“In a world where digital interactions are essential in day-to-day life, businesses must plan for the possibility of their digital assets becoming unavailable. By having a solid business continuity strategy, your business can minimise disruptions and maintain operations, even during a cyber crisis.”

Rachel Riley, Co-founder and Head of GRC at Ansarada

Rachel Riley
Rachel Riley, Co-founder and Head of GRC at Ansarada

“As organisations continue to grapple with significant uncertainty and emerging risks, one of the most critical components that businesses should include in their continuity planning is creating a long-term strategy for operational resilience. Ongoing pandemic implications, market uncertainty, economic volatility, supply chain struggles, talent shortages, cybersecurity, geopolitical, and climate risks are all concerning global trends for businesses to watch into 2024 and beyond.

“If you have not mapped out your critical processes and performed resilience testing against a range of plausible events, how can you possibly have confidence in your ability to withstand shocks? It’s no longer good enough to have a disaster recovery plan, ISO accreditation and yearly audits. As an organisation, you need to create an operational resilience framework taking a holistic view of your business, operations, finances, governance, regulation and compliance, information security, ESG impact and more.

“If you cannot answer questions such as your impact tolerance threshold and if testing remained in the threshold for events against your critical processes, such as cyber, climate events, supply chain shocks and pandemic-type disruptions, then you cannot be confident in your organisation’s resilience and in your business continuity strategy to withstand the unexpected and continue operations amidst disruptions.”

Antoniette De Marco, General Manager – Technology at Konica Minolta Australia

Antoniette De Marco
Antoniette De Marco, General Manager – Technology at Konica Minolta Australia

“The new, dynamic business environment that businesses face today requires planning and new technologies to not just operate, but to grow. Business continuity strategies need to prioritise adaptable technology roadmaps that are regularly reviewed and updated. Key components should include:

  • Effective cloud integration for scalability and cost efficiency while aligning with business and customer needs
  • Automated and incremental backups, point-in-time snapshots, and granular recovery options to protect critical data and ensure recoverability in the event of a data loss incident
  • Strong security measures and regular audits to better protect sensitive information and maintain customer trust.

“It’s also essential to encourage and upskill employees in new technologies to foster innovation and cultivate a company culture that prioritises ongoing learning and development. However, making all these changes can seem like an overwhelming (and costly) task, especially for lean teams. Partnering with technology experts for external insights, and to accelerate new technology adoption, can help to streamline service management and align digital strategy with future business objectives, without all the added costs.”

Michael Fingland, CEO of Vantage Performance

Michael Fingland
Michael Fingland, CEO of Vantage Performance

“The breadth and scope of issues that can impact a business is more extensive today than ever before, from natural disasters to cyberattacks, from economic downturn to energy grid shutdown.

“It’s important business owners know how to navigate challenging conditions in order to survive and thrive.

“Vantage Performance has helped many businesses navigate through periods of crisis. Here are three key actions business owners should focus on during their recovery and continuity efforts:

  1. Forecast short term cash flow – Prepare 13- or 26-week cash flow forecasts under both best and worst case scenarios to assist in quantifying the impact on your business.
  2. Prepare a 100 day work plan – Develop a work plan that defines and prioritises what actions need to be taken, by who and when. This will help provide a solid basis for rebuilding your business and become a solid indicator of your achievements.
  3. Contact and update your financiers – The power of this communication is often forgotten and should not be underestimated. Provide your financiers with regular updates, including cash flow forecasts and 100 day work plan, to reassure them that you are taking a rational and organised approach to the rebuilding process.”

Tracy Ford, Founder & HR Consultant at Concept HR Services

Tracy Ford
Tracy Ford, Founder & HR Consultant at Concept HR Services

“I find that businesses often underestimate the threat of key person risk in continuity planning. Key person risk stems from the impact of losing crucial individuals in an organisation. These individuals possess unique skills or knowledge vital for the organisation’s functioning and success. Reasons for their unavailability include illness, unexpected events, and resignations.

“To address this risk, start by identifying your key personnel and documenting their roles and responsibilities. I find that this is often only done once someone has resigned and the business scrambles to get everything documented during their notice period and only then realise the extent of their responsibilities and the essential tasks they perform.

“The next steps include documenting their knowledge, cross training to reduce the reliance on one person and succession planning to prepare others to step into crucial roles.

“The consequences of losing a key person or having them unavailable include a disruption to operations, loss of customers, project delays and reputational damage. This is especially impactful for smaller or key-person-reliant businesses.

“Integrating strategies to mitigate this risk into business continuity enhances resilience, promotes a fair distribution of workload and shares institutional knowledge. It’s prudent for risk management but also good people practice.”

Jeremy Bradley, COO at Zama

Jeremy Bradley
Jeremy Bradley, COO at Zama

“I work in the deep tech industry. For us, a business continuity strategy ensures resilience against disruptions like cyber-attacks, natural disasters, and technological failures. Critical components include:

  • Data Protection: Implementing robust encryption, regular backups, and secure cloud storage are essential to safeguard data.
  • Cybersecurity: A multi-layered approach with firewalls, intrusion detection, and security audits protects against breaches.
  • Infrastructure Redundancy: Creating duplicate systems and data centers in diverse locations ensures operations can continue with minimal downtime.
  • Supply Chain: Diversifying suppliers and considering local sources mitigates risks.
  • Employee Training: Educating staff on emergency procedures and cybersecurity best practices prepares them for swift responses.
  • Remote Work Capability: A flexible policy enables business continuity when access to physical offices is compromised, necessitating technological solutions and a supportive culture.

“A comprehensive deep tech business continuity strategy focuses on data security, infrastructure reliability, supply chain robustness, and preparedness, ensuring the business can withstand and quickly recover from unforeseen challenges.”

Nathan Reichstein, Chairman of National Business Advisory Committee at Moore Australia

Nathan Reichstein
Nathan Reichstein, Chairman of National Business Advisory Committee at Moore Australia

“Business continuity plans are extremely important and during COVID-19, we saw multiple businesses fall over due to lack of such strategies. When formulating any continuity strategies, it’s important to consider the business’ responses to:

  • Operational issues – A simple example of operation issues is key person risk. If a business is heavily reliant on a key person, it’s important to have contingencies in place to ensure the business is not hampered if that key person leaves.  Another example includes having strategies in place in relation to IT and dealing with cyber-attacks, identity theft & scams which are becoming common in today’s environment. Some of the risks mentioned here can be mitigated by having adequate insurances in place.
  • Long term structural issues such as having succession plans in place when business owners are looking to exit the business. As part of any good succession plan it is important to assess the current situation, identify potential successors, develop and implement the plan from start to finish. There are numerous benefits to succession planning, and these include minimising tax liabilities, ensuring continuity and sustainability, facilitating intergenerational planning, employee retention and ensuring a smooth exit strategy for business owners when selling their business.”

Andrew Kay, APJ Director of Systems Engineering at Illumio

Andrew Kay
Andrew Kay, APJ Director of Systems Engineering at Illumio

“One of the biggest threats to business continuity in the current environment is cyberattacks. These hacks have evolved from simply stealing data to impacting operations, and often lead to extended downtime or system outages. For small businesses, these attacks and the resulting business interruptions can be crippling.

“Small businesses must therefore take measures to maintain the function of IT systems even in the event of an ongoing cyberattack. This requires a move away from the traditional “find and fix” approach to security and instead focusing on limiting the spread of breaches. One way to achieve this is through Zero Trust Segmentation – a security technology that proactively isolates breaches by restricting lateral movement once a hacker has gotten inside. You can think of it like a hotel where each guest has a key card. An intruder might be able to gain access to the lobby, but they can’t access other floors or rooms. This ensures the most valuable assets – or those that are needed for businesses to remain up and running – will always be protected.”

Anthony Spiteri, Regional CTO APJ at Veeam

Anthony Spiteri
Anthony Spiteri, Regional CTO APJ at Veeam

“The most critical component of any business continuity strategy is having a secure data backup and recovery system in place. Backup alleviates the fear of losing out to malicious ransomware attacks and data breaches, which continue to be one of the major threats to business continuity.

“According to Veeam’s 2024 Data Protection Trends Report, eight out of 10 organisations suffered more than one ransomware attack last year. When businesses are unprepared, not only do they put themselves at risk of business disruption (downtime, loss of sensitive data and financial burden) but also reputational impact.

“Second to data backup and recovery is implementing a zero trust approach – adopting a mindset that eliminates implicit trust while staying compliant with new privacy regulations.

“Modern, effective security is based on zero trust, replacing the increasingly ineffective perimeter-based security approach. Zero Trust frameworks like Veeam’s Zero Trust Data Resilience (ZTDR) model includes the security of data backup and recovery systems. This helps businesses fill a gap in their security strategy by extending zero trust to backup and recovery, achieving greater cyber resilience and business continuity.”

Elise Balsillie, Head of Thryv Australia

Elise Balsillie
Elise Balsillie, Head of Thryv Australia

“Expecting the unexpected has become a regular course of business. In early 2024 Australia has already experienced its fair share of extreme weather events such as storms, major floods, as well as IT outages.

“Ensuring your business has a continuity plan in place is critical to successfully navigating unexpected disruptions. While most people think of continuity planning in the context of large corporations, it is particularly important for a small business, where the impact of an unexpected event could mean the difference between making it or breaking it.

“For those small business owners wondering where they should begin, here’s a look at the key components a small business owner should include in their continuity plan.

“It’s important to first run a business impact analysis to assess the risks if your business had to stop operations. Documenting scenarios where a disruption resulted in lost sales and income will help you understand the potential impact. In turn, this will illuminate the ways you can safeguard your business and ensure you have the proper contingencies in place.

“Once the scenarios are mapped out, the second step is to develop the plan. The key components of a contingency plan should include:

  • Roles and responsibilities. Everyone has a role to play during a business disruption. Even in a business with one to three employees, establishing clear roles and responsibilities will mean everyone knows what their responsibility during a disruption, mitigating confusion and chaos.
  • Communication protocols. Clear and effective communication is vital during a crisis, not only internally with your employees, but externally with your customers. This is critical to managing any reputational risk. Prepare copy addressing the actions you are taking for different scenarios, customised for internal and external communications. Next, prepare a distribution system for that messaging, leveraging your website, social channels or text for communications with you team and customers. Communicating with speed and accuracy is critical to gaining confidence that the situation is being handled professionally.
  • Testing and training. Using the scenarios from the impact analysis, test the plan and your employee’s response. These exercises will identify areas for improvement and ensure your team understands the plan and their role in it.

“Having a tested continency plan in place will mean little guesswork at a time when your business can least afford it.”

Rolf Howard, Managing Partner at Owen Hodge Lawyers

Rolf-Howard
Rolf Howard, Managing Partner at Owen Hodge Lawyers

“Legally, there are several elements to consider when protecting your business, employees, clients, customers and other stakeholders during a disruption or crisis such as a cyberattack, natural disaster or outage.

“Your first priority should be compliance. That requires understanding the laws and regulations that govern your business during disruptions. Consider data privacy laws, employee rights, cybersecurity regulations, and contractual terms with suppliers and clients.

“Ensure data backups and recovery procedures comply with relevant laws. Have clear protocols for data access control and breach notification in emergencies.

“Analyse contracts for provisions related to disruptions, including force majeure clauses and service level agreements. Develop procedures for invoking these clauses and mitigating contractual risks.

“Maintain detailed records of actions taken during disruptions, including decisions made and justifications. This helps demonstrate due diligence and compliance should legal challenges arise.

“Establish clear communication protocols for stakeholders (employees, clients, regulators) during disruptions. Communicate transparently about potential legal implications and how you’re addressing them.

“Remember, a legally-sound business continuity plan is an ongoing process. Regularly review and update it to reflect changes in regulations, contracts, and your business landscape.”

Carmelo Calafiore, ANZ Regional Director at Extreme Networks

Carmelo Calafiore
Carmelo Calafiore, ANZ Regional Director at Extreme Networks

“Of all elements required for organisations to thrive in the modern business world, one of the most vital for business continuity is secure, flexible, reliable connectivity. Staff need to connect with each other, their organisation’s digital resources, and suppliers and customers to keep business wheels turning.

“In today’s highly distributed work environments, having a reliable, scalable, and secure networking infrastructure in place is critical. This includes deploying a resilient cloud-based infrastructure that is easy to adjust in the event of the unexpected. It also provides the foundation for other continuity necessities like digitising operational processes, organising and backing up data.

“Providing reliable remote worker capabilities is key, as is supporting remote workers who need to access sensitive information remotely. Ensuring this is done with the appropriate security is critical in ensuring that you are not unintentionally opening your company up to a breach. In recent years, SD-WAN and Fabric network architectures have been deployed by companies looking for resilience. Even during local cloud outages, critical systems can maintain continuity while network traffic is simultaneously redirected to an optimised path. The network is the connective tissue supporting all technology across an organisation, and its importance for business continuity cannot be understated.”

Matthew Lowe, ANZ Country Manager at LogRhythm

Matthew Lowe
Matthew Lowe, ANZ Country Manager at LogRhythm

“Business continuity focused companies are those which have robust cybersecurity strategies and can bounce back quickly, because they havw solid security structures in place and a response plan ready to enact, should their ‘number come up’.

“Beyond implementing critical measures like robust password management, threat detection systems, and real-time monitoring for enhanced visibility, a comprehensive business continuity cybersecurity strategy should encompass efficient incident response strategies.

“Security Information and Event Management (SIEM) tools, for example, can help businesses to proactively monitor their growing IT infrastructures and spot threats before they can cause disruption.  When something goes wrong, such as a security breach in an organisation, log files can be crucial to understanding an incident and deciding how to respond.  SIEM solutions are services which collect, organise and manage all the log files produced by an organisation’s computer system in a single place. SIEM services provide analytics, distilling the information from logs into a few simple indicators which can be presented to users to help them get an overview of a system. Using SIEM, a company can bounce back from a breach faster and today is a key part of business continuity in conjunction with a strong focus on ongoing employee training.”

Peter Eldon, Director of Sales and Marketing at Access4

Peter Eldon
Peter Eldon, Director of Sales and Marketing at Access4

“Businesses often overlook the repercussions of unprotected voice and telephony solutions on their operations due to lack of guidance. Despite phone sales remaining a primary revenue channel, the necessity of 24/7 phone availability is often neglected. To safeguard against telephony system attacks, robust security measures like firewall setups, intrusion detection, encryption, software updates, and user authentication are imperative. Additionally, proactive measures like network monitoring and access controls aid in threat detection and mitigation.

“Your telephony providers should prioritise discussing potential business vulnerabilities with you. Otherwise, consider switching to providers that emphasise business resilience. Look for carriers offering solutions built on dependable infrastructure managed by local engineers. A thorough telephony health check can provide recommendations for scalable voice continuity solutions, free from offshore support dependencies. This ensures long-term protection for both businesses and their communication systems.”

Sally Dillon, Founder & Chief Collaboration Officer at Revolution Consulting Group

Sally Dillon
Sally Dillon, Founder & Chief Collaboration Officer at Revolution Consulting Group

“In business continuity planning, people stand as the cornerstone of a robust and effective strategy. While there’s a tendency to focus heavily on processes and technological solutions, the true power to navigate and overcome challenges lies in the resilience and adaptability of the workforce.

“Empathy, flexibility, and effective communication are fundamental in cultivating a culture equipped to withstand and adapt to crises. It’s imperative that leaders and team members foster a two-way relationship of deep understanding and support. Mutual empathy not only bolsters collective resilience but also cements a foundation of trust, which is invaluable in times of uncertainty like the pandemic.

“Integrating these core values into business continuity planning enables organisations not just to recover from disruptions but to emerge stronger and more cohesive, ready to tackle future challenges. This strategic approach enhances the efficacy of continuity plans and establishes a bedrock of trust essential for steering through uncertain waters.

“Building a culture steeped in resilience and adaptability is a continuous endeavour, vital to the DNA of organisations. It transcends mere preparation for disruptions, advocating for a mindset of continuous improvement and proactive learning. Adopting this proactive stance ensures that teams are not just reacting to challenges but are proactively prepared, seamlessly transitioning into established processes to adeptly manage crisis and change.”

Charles Ferguson, General Manager, Asia Pacific at G-P

Charles Ferguson
Charles Ferguson, General Manager, Asia Pacific at G-P

“In today’s unpredictable economic climate, businesses must anticipate and prepare for disruption and volatility in their daily operations. One of the main ways to ensure business continuity during economic turbulence lies in building a global workforce to help increase flexibility in operations and bolster resilience. Despite Australia’s tight labour market, the unemployment rate is the highest it’s been in two years. This has prompted Australian executives to cast a wider net and tap into a global talent pool to address local skill shortages, with 46% considering hiring talent from other countries, as highlighted in G-P’s Global Growth Report. Geographically diversifying the workforce ensures Australian businesses are equipped with skilled workers needed to drive competition  and enable growth, despite the fluctuation of the national labour market.

“However, 32% of global executives are hesitant to embrace global hiring and are limiting their business growth to avoid costly mistakes and errors due to complicated tax and legal regulations. To overcome these challenges, business leaders must leverage available technology and seek support from reliable compliance and legal experts. Adopting the right tools and expertise is key to streamlining complex and time-consuming aspects of compliance and removing roadblocks to global growth, ensuring Australian businesses remain competitive.”

Chris Thomas, Senior Security Advisor at ExtraHop

Chris Thomas
Chris Thomas, Senior Security Advisor at ExtraHop

“Recent cybersecurity breaches have triggered a widespread rethink by businesses about their IT infrastructure and the way in which their workforces are organised for business continuity.

“Indeed, raising awareness of cyber-threats and the cascade of consequences that could follow an incident can help employees understand the necessity of the security measures and increase their willingness to work together to reduce business risk.

“At the same time, it’s a truism within security circles that it’s not possible to secure an environment that is not fully understood. This means that having the capability to discover all the assets on an organisation’s IT network is critical.

“For this reason, companies are turning to network detection and response (NDR) platforms. NDR provides a business with complete visibility inside its organisation’s network, continuously monitors network traffic, and flags suspicious behaviour which deviates from established baselines.

“The technology also provides businesses with analysis of the vast volume of traffic it carries each day – irrespective of whether it emanates from in-house or cloud-based systems, or from known or unknown endpoints. Unlike many legacy cyber-solutions, it’s immediate, provides instant insight and responsiveness, and is ‘always on’ to support continuity of business operations.”

Antony Loomans, Co-Founder at Continuity Council

Antony Loomans
Antony Loomans, Co-Founder at Continuity Council

“First up you need to know who holds the keys to your castle, governance and BCP.

“The trusted advisors to company leadership, including legal counsel and company secretaries, play a pivotal role in business continuity planning (BCP).

“These key BCP steps will help fulfill fiduciary duties, ensure survival for organisations and the ability of governance executives to act:

  • Regularly review processes with a formal checklist to ensure readiness
  • Establish a team of first responders and select a crisis-critical messaging app with failover
  • Secure emergency permissions for key personnel and fortify with multi-factor authentication (MFA)
  • Validate and verify recovery processes with vendors to ensure prompt access
  • Confirm emergency access and validate recovery protocols with domain registrars and DNS management vendors for uninterrupted digital presence
  • Identify critical SaaS applications and establish emergency access protocols for key personnel
  • Create communications protocols and checklists
  • Develop ‘Muscle’ Memory – pressure test everything to identify vulnerabilities and feed lessons back into operational plans with clear and agreed accountabilities

“Immediate Wins include:

  1. Hold a BCP meeting
  2. Update physical contact lists with leadership contact information securely stored off-site for swift communication.
  3. Equip executives with backup SIM cards, satellite phones, solar chargers, batteries and establish alternate communication channels to ensure communication in crises.

“By implementing and validating these controls with executives, teams and vendors, you will bolster your organisation’s defences, minimise downtime and enable the business to survive a crisis.”

Olivia Jenkins, Business & Marketing Consultant at Olivia Jenkins

Olivia Jenkins
Olivia Jenkins, Business & Marketing Consultant at Olivia Jenkins

“In the dynamic world of business, a robust continuity strategy serves as the ultimate shield for your company, empowering you to navigate any storm and emerge stronger.

“To develop a continuity strategy for your business, start with a through risk assessment. Identify potential threats like natural disasters or cyber-attacks, and analyse their potential impact on your operations, revenue, and reputation. Prioritise these threats based on their severity, creating a risk matrix to guide your defence.

“Use your impact and risk analysis to develop a robust response plan. Outline how your business will continue operating during any incident. Develop contingency plans for critical functions, ensuring flexibility to adapt unforeseen challenges. Train your team thoroughly so they understand their roles and responsibilities and conduct regular drills to maintain readiness.

“Facilitate the effective implementation of your continuity strategy by establishing clear communication channels. Keep all stakeholders informed with a predefined crisis communication plan, maintaining transparency, and providing timely updates.

“With these three pillars in place, your business will not only survive but thrive in the face of adversity.”

Andrii Bezruchko, CEO and Founder at Newxel

Andrii Bezruchko
Andrii Bezruchko, CEO and Founder at Newxel

“Having a detailed business continuity plan is essential to assess the threat landscape, develop detailed tactics, and designate responsible team members. But my experience running a business in a country at war has taught me that in times of crisis, a plan often remains just that—a plan. The real test comes in the ability to respond immediately and reassess the situation daily. The team’s safety emerges as the highest priority, necessitating secure finance operations and IT infrastructure, alongside constant communication to stabilize mental conditions and keep partners informed.

“As leaders, we must remain empathetic yet unemotional, recognizing that a crisis is a catalyst, exposing weaknesses and areas for transformation or improvement. It’s crucial to view challenges not as obstacles but as opportunities. This mindset shift helps focus on the strategy and mission, even in the most tumultuous times.

“Crisis management is not just about survival; it’s about thriving by turning adversity into an advantage. It demands a dynamic approach, where flexibility and rapid decision-making become our greatest assets. By maintaining clear communication, ensuring the safety and well-being of our team, and staying true to our core values and mission, we can navigate through crises, emerging more robust and more resilient on the other side. This proactive and strategic approach ensures that we not only weather the storm but also capitalize on the opportunities that arise from it, reinforcing our commitment to growth and excellence.”

Brett Newstead, Director of Sales, ANZ at Zebra Technologies

Brett Newstead
Brett Newstead, Director of Sales, ANZ at Zebra Technologies

“In developing a business continuity strategy, Australian SME leaders must appreciate the significance of supply chain management and workflow efficiency. Firstly, maintaining a resilient supply chain is essential, encompassing strategies like diversifying suppliers and embracing technology for real-time monitoring and response. By proactively identifying risks and establishing robust contingency plans, businesses can ensure uninterrupted access to critical resources, even amid disruptions.

“Secondly, optimising workflow management is key to enhancing operational agility and adaptability. This involves streamlining processes, leveraging digital tools for collaboration and task management, and fostering a culture of innovation and flexibility within teams. Through these measures, SMEs can mitigate the impact of unforeseen challenges and position themselves for sustained success in a dynamic business environment. By prioritising supply chain resilience and workflow efficiency, Australian SMEs can make their businesses more resilient.”

Paul Wilson, Chief Technology Officer at Blue Connections IT

Paul Wilson
Paul Wilson, Chief Technology Officer at Blue Connections IT

“Development of a robust business continuity strategy should begin with a thorough business impact assessment, identifying potential threats capable of disrupting operations and analysing their possible impact on the organisation, including commercial implications and necessary downtime.

“This should be followed by the development of a business continuity plan (BCP), with a primary focus on safeguarding the health and safety of employees followed by the preservation and recovery of critical functions in the event of disruption. Thorough documentation of the BCP paramount, encompassing detailed strategies on how to maintain or restore functions after each potential incident outlined in step-by-step guides.

“Furthermore, engagement with stakeholders to establish clear recovery objectives and timelines is also key to ensuring the strategy’s success and adaptability.

“Employees must be trained on their responsibilities when the BCP is enacted, complemented by regular testing to identify potential weaknesses in both the plan as well as backup systems and data recovery processes. Feedback garnered from these exercises should be used to refine and update the plan, ensuring its ongoing relevance and usefulness.

“A post-incident review process is critical after any incident to evaluate the BCP’s effectiveness and empower business leaders to make informed adjustments based on actual experiences.”

Srujan Talakokkula, Managing Director, ANZ Commercial Business at Trend Micro

Srujan Talakokkula
Srujan Talakokkula, Managing Director, ANZ Commercial Business at Trend Micro

“Conducting business without a cybersecurity strategy is like playing a game of poker without bothering to look at your cards — you could be risking it all because of an unwise approach. A sound cybersecurity defence must be the foundation of your business continuity strategy.

“The past year has highlighted that for organisations, regardless of industry or sector, a cyber incident is no longer a matter of ‘if’ but ‘when’. As a business with limited resources, taking a pragmatic approach to cybersecurity can help you create a strong plan that minimises impact. As a first step, evaluate your cybersecurity hygiene. Assess if you are doing the basics, such as discovering and continuously monitoring known, unknown, internal, and internet-facing assets to fully understand your digital attack surface. Adding to that, it is crucial to proactively engage in risk assessment to identify potential vulnerabilities.

“Along with mitigation efforts, prioritise developing a response plan. Post-incident, it’s imperative to swiftly contain threats, and then focus on recovery through meticulous system restoration. Conducting a thorough review post-incident enables fine-tuning of response strategies, enhancing resilience against future threats.

“For any business, preparedness and adaptability are paramount in mitigating risks and maintaining operational continuity through the inevitable cyber hurdles that come your way.”

Fabian Calle, Managing Director, Small and Medium Musiness, SAP Concur Australia and New Zealand

Fabian Calle
Fabian Calle, Managing Director, Small and Medium Musiness, SAP Concur Australia and New Zealand

“A business continuity and disaster recovery plan should encompass several critical components to ensure resilience and sustained operations during unforeseen events:

  1. Conduct a business impact assessment: identify potential risks, assess their impact on operations, and prioritise them accordingly. Ensure this assessment is reviewed and updated annually to maintain relevance.
  2. Pinpoint technology gaps: specify core IT systems and data recovery capabilities, including reliance on third parties. Automate processes where possible and complete regular tests that stimulate disaster scenarios.
  3. Develop strategies to safeguard key business operations: identify essential functions and detail procedures to uphold or swiftly reinstate these in the event of disruption. Collaborate with stakeholders to gather further insights.
  4. Establish a crisis management team: this team must have clearly defined roles and responsibilities, be appropriately trained, and be ready to respond in various scenarios.
  5. Implement a robust communication plan: this should detail how the business plans to communicate with its employees, customers, and other key stakeholders during a crisis.

“A detailed, well-thought-out business continuity and disaster recovery plan supported by technology is critical to ensure businesses can weather a crisis, minimise disruption, and continue to deliver the services and products that customers rely on.”

Sumir Bhatia, President, Asia Pacific at Lenovo Infrastructure Solutions Group

Sumir Bhatia
Sumir Bhatia, President, Asia Pacific at Lenovo Infrastructure Solutions Group

“In our fast-changing world, smarter technology plays a crucial role in any business continuity strategy. This means optimised solutions that meet current and future needs are critical to unlocking full business potential.

“Take Anglicare Tasmania’s partnership with Lenovo ISG, for example. By implementing a cost-effective IT system, Anglicare ensures continuous support for vital community services. Lenovo’s robust solutions have provided 24/7 reliability over the past five years to its operations. This collaboration also showcases how smarter technology can empower all business such as not-for-profit organisations like Anglicare.

“With ever-growing data and emerging AI workload requirements, businesses often face IT scalability challenges. Flexible and scalable solutions such as Lenovo TruScale helps organisations manage risks and ensure continuity even during downtime events. The key to business continuity lies in having the right technology partner that helps navigate unexpected challenges. In this era of intelligent transformation, organisations must strategically utilise their data to their advantage and make informed, data-driven decisions.”

Aden Axen, General Manager – Cloud Managed Services at Atturra

Aden Axen
Aden Axen, General Manager – Cloud Managed Services at Atturra

“Organisations need to consider the following questions in any business continuity plan:

  • What is the impact if systems fail?
  • For how long could your business function without its IT systems?
  • What alternative procedures could you perform while your systems are out?
  • What is the cost of lost productivity and revenue that is sustainable by your company?
  • Has the business continuity plan been clearly communicated to relevant stakeholders?

“Finding the balance between cost, benefit and risk plus the recovery time and recovery point objectives (the time when the last backup of data was made) are key.

“For cybersecurity business continuity, businesses should consider supplementing multi-factor authentication with other controls, including proven backups, that allow you to recover fast and effectively in the event of a cyber incident.  Establishing and enforcing MFA across an enterprise places obstacles in the attackers’ pathway, preventing the breach of data stored in multiple locations, both on-premises and in the cloud.

“MFA, along with other basic security policies, including security awareness training, data backups, and encryption, is also a critical requirement for signing a cyber risk insurance policy.

“Finally, the business continuity plan must also be well rehearsed, reviewed, tested, updated and maintained on a regular basis.”

Discover Let’s Talk Business Topics

Keep up to date with our stories on LinkedInTwitterFacebook and Instagram.

What do you think?

    Be the first to comment

Add a new comment

#Strategy
Yajush Gupta

Yajush Gupta

Yajush is a journalist at Dynamic Business. He previously worked with Reuters as a business correspondent and holds a postgrad degree in print journalism.

View all posts