However, difference between the British Gas response and that of Talk Talk CEO last week is palpable. I listened to Talk Talk’s CEO Diana Harding on the radio the morning it was announced their system had been hacked (as we later found out) by a 15 year old. We heard a lot of “we don’t know at this time” and “we have yet to ascertain”. Information on what had been taken and how it might affect customers was nigh on impossible to glean. However, this morning, British Gas response is a more calm and professional one of
“I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.”
“As you’d expect, we encrypt and store this information securely.”
“From our investigations, we are confident that the information which appeared online did not come from British Gas.”
Recently the BCI released their poll of top ten business concern. Cyber attack has found its way to the top spot. Regardless of the size of your business, the onus is on you to ensure your customers are protected from data theft or fraud. Difficult though it may be to mitigate these risks,were you to find your business in a similar situation, would you rather be a British Gas or a Talk Talk? The key to this is preparation.
Here are 10 disaster recovery and business continuity tips:
1- There is no one “perfect” plan for disaster recovery. Every business is unique so ensure your plan reflects the uniqueness of the business.
2- Consider making more than one plan; after all, there is more than one kind of threat. From natural disasters to manmade threats and cyber attacks, each carries its own risk which might need to be considered individually.
3- But make sure you deal with all three measures – detective, preventative and corrective. Your plan should aim to swiftly identify risks and have some mitigating steps which ought to prevent disaster – for example, keep your data off site or in the cloud; hold regular training sessions for staff; use up to date fire safety equipment (how long has it been since you recharged your fire extinguishers?)
4- Identify who will be responsible in the event of a disaster. Create a team of experts who are well briefed and can be quickly mobilised in the event of any kind of large scale disruption. If possible get them to contribute to the plan
5- Sense check all your insurance policies. Some insurers will cover things such as business downtime but will look favourably on businesses who have mitigated the risk of downtime. For example, using a cloud based business software which minimises downtime in the event of a disaster might be a factor in reducing the cost of premiums
6- Think about what data you need to protect. What’s important to you? You might want to save your customer or prospect list, it might be inventory or suppliers or maybe important document such as insurance policies. Figure this out and include in your back up plans.
7- If you aren’t already, think about getting an accreditation from British Standards Institution (BSI) who have an independent standard for Business Continuity Planning (BCP). It covers all sectors and industry and will provide a best practice framework for you to follow
8- Test your plan. It’s no use having it on paper if you haven’t tested the practicalities of it. This will also help secure buy in from staff. Believe it or not, the disaster could end up being poor organisational acceptance
9- Learn from other incidents. Smaller incidents like a practice fire alarm, bad weather or sickness will help you to identify weaknesses in your business.
10- Keep revising your plan. Your business will change over time and so your plan has to change too. A disaster recovery or business continuity plan which is no longer fit for purpose, is no longer fit for purpose.
Written by Emma Stewart Sales & Marketing Director at Cofficient