Recover fast from business disruptions

The risk of business disruptions

If you can’t get into your premises or use your computers, or your business is disrupted in any other way, you risk losing customers, your reputation and perhaps even the business itself.

Here are six simple steps that may help minimise the damage and quickly get your business back on track.

Step 1: Prioritise critical processes         

In planning to recover your business quickly, separate your business-critical processes from those that can wait. Consider how long your business could survive without performing critical processes and, ideally, establish a time-based target for restoring them.

Servicing your customers by focusing on their needs will drive priority and give you a clear idea of what you have to do, in what order, and how long you have to do it.

Step 2: Identify all the resources you need to run your business

Many businesses depend on a number of resources to provide their products or services, including:

• staff
• technology, both data and voice systems
• resource suppliers or service providers
• property and infrastructure, including stock, supplies and equipment
• vital business records such as customer data.

Step 3: Consider the effects of disruptions to these resources

What would happen to your processes if you didn’t have access to any of these resources?

The actual cause of the disruption is less important than its effect on your resources and the impact this has on your ability to continue providing products or services.

For example, a flood, telecommunications outage or cyber-attack could leave you without access to your technology. And, in some cases, one event can impact more than one resource you depend on.

A fire or flood, for example, could destroy your technology systems, business records, stock and supplies if they’re all in the same premises. Or, by closing schools and childcare centres, an extreme weather event could prevent some staff from coming to work.

Step 4: Develop a Business Continuity Plan

Your Business Continuity Plan sets out what actions you need to take and what everyone needs to do in a range of scenarios. While the details will depend on the nature of your business and how much you’re able to invest in managing risk, the aim is always to have your business-critical processes up and running in the shortest possible time to minimise impact on customers and staff.

Your plan should be straightforward and easy to follow. Everyone in the company needs to know about it and to understand their own role and responsibilities. They should also be familiar with the chain of command if key people are away when the disruption happens.

 Brainstorming with key personnel can help you identify possible scenarios and the most realistic and effective responses.

For example, you might decide to keep your stock in two different warehouses, to build a relationship with a second supplier or invest in remote access capabilities that would enable your people to work off-site if they couldn’t get into the office. You could also cross-skill staff to cover important roles or introduce flexi-time or job sharing, which fosters employee goodwill as well as providing another level of business resilience.

Step 5: Be sure the plan works

The only way you can be sure your plan will work is to test it, and this could involve anything from a desk-based run-through to a real-time simulation and rehearsal of a particular scenario.

You can’t plan for every eventuality so, when you’re running a test, you might want to throw in something slightly different from the plan. This will encourage your team to be flexible and think on their feet.

Step 6: Regularly review and refine your plan

A Business Continuity Plan isn’t something you can set and forget. You should review and update it regularly, when there’s a change to your business operations or if you identify a new or emerging threat.

A Business Continuity Plan is not just your key to recovery, it’s a practical way of maintaining your competitive edge and building resilience. Minimising the impact of disruption on your customers and other stakeholders will help to protect your reputation and keep your business safe.

Next steps

If your business has been impacted by a ransomware attack, the next steps you take will be crucial. Learn more about these kinds of attacks at don’t let your business be held to ransom.

The Australian Cyber Security Centre (ACSC) Ransomware Emergency Response Guide also provides guidance for businesses impacted by ransomware which includes:

• Record important details as quickly as possible. Take a photo of the ransom note or any new file extensions you may have noticed.
• Turn off the infected device by holding down the power button and/or unplugging it from the wall. This is the best way to stop ransomware from spreading.
• Disconnect your other devices which may be on the same network.
• Change your important passwords for your online accounts.
• Visit the ACSC website for their Ransomware Emergency Response Guide and more information.
• It is important to report the incident to the ACSC at ReportCyber
• If you’re a business, depending on the severity of the ransomware compromise, you may have to notify your customers of the attack. The Office of the Australian Information Commissioner can provide advice on your obligations.