Over the course of the last several years, we have seen three major events that forced us to reassess our business continuity and disaster recovery planning. The Christchurch earthquake of 2011 initiated a shift towards cloud technology in preparation for office access becoming more unpredictable. 2020’s COVID-19 pandemic solidified remote working and online collaboration as an essential part of modern businesses, while Cyclone Gabrielle reminded us just how vital power and communications networks are during turbulent times. No business could have predicted the unpredictable.
Yet, despite all these unforeseen events disrupting businesses everywhere, one thing is certain: now more than ever, we must plan for and manage potential disruptions from any source – natural disasters, cyber-attacks, data breaches or pandemics included. Our approach towards continuity planning and disaster recovery will determine our ability to come out stronger on the other side.
Cyclone Gabrielle recently caused devastating destruction along the east coast of New Zealand. The repercussions of this storm will take years to overcome and have prompted an examination of the risks individuals and businesses face. As authorities investigate ways they can better prepare for future disasters like these, key insights garnered from Cyclone Gabrielle are helping create a solution-oriented approach moving forward. Herein lies several key lessons businesses can consider for the future:
Businesses should develop a comprehensive disaster recovery and continuity plan that is tailored to their particular risks, including the possibility of natural disasters like earthquakes, tsunamis or cyclones. Particularly important for coastal businesses would be preparation against potential tsunamis – so far, an untested but promisingly survivable force of nature!
- A good backup system should be put in place to recover data even if major damage occurs to the business premises or IT infrastructure.
- Business owners should take extra precautions with important documents, such as making electronic copies of those documents and storing them off-site or in the cloud.
- Employees should be prepared for potential disasters through training courses on emergency response and crisis management protocols.
- Businesses should allocate an emergency budget that includes emergency funds to cover any losses incurred due to a disaster and additional expenses associated with rebuilding operations afterwards.
- Businesses should consider their supply chains and the likelihood of disruption to services if their suppliers are affected by a disaster. More importantly, businesses need to think beyond just the restoration of services and focus on ways to build resilience so they can better handle such events in the future and avoid disruption from occurring again down the line.
Following the devastation of Cyclone Gabrielle, communities banded together to help one another in remarkable ways. Volunteers and agencies donated food, clothing and other necessary items as people exchanged desks and computers for shovels and gumboots to undertake the reconstruction efforts.
Though we will never forget the people and property we lost or the destruction caused by this disaster, there is light at the end of this tunnel; together, we shall overcome these trying times – but not without first considering our future through preventive planning. For a more detailed look at Business Continuity and Disaster Recovery Planning, along with free templates and resources, go to https://govern.co.nz/resources.
Tom Hartley is a certified ISO 22301 Business Continuity Lead Implementor and is available for free consultations. He can provide guidance on implementing an effective Disaster Recovery Plan and help with any questions you may have.
Tom is the owner of Govern Cybersecurity. He has over 18 years in the cybersecurity and IT industry at management level, and for the past 6 years has been a lecturer in cybersecurity at the Eastern Institute of Technology. He has earned certifications in ISO 27001 Lead Auditing, Lead Implementation, SOC2, and Ethical Hacking. These certifications are considered the international gold standard for business security.