User Tools

Site Tools


business_continuity_planning

This is an old revision of the document!


Resiliency and business continuity planning

Cybersecurity is not just about keeping bad guys out and keeping your data safe. It’s also about keeping your business running in the face of unexpected network or system outages.

Key points

  • [Start with a plan|Start with a plan]]

Start with a plan

You carry out threat modelling to determine what cybersecurity measures are necessary and proportionate for your firm.

The same approach applies to resilience and business continuity planning: work out what risks you and your firm face, work out what you can do to mitigate those risks and which solutions are proportionate to the risks you face, and prioritise your response.

Document your key devices and systems and say what you would do if they failed or got lost

Prepare a document listing your key devices and systems, and, against each, set out what you would do if the system failed or the device got lost, from a business continuity perspective.

For example, if you use Dropbox, and Dropbox just decided to stop operating one day, or kicked you off the platform. What would you do? Or if your email hosting provider shut up shop?

What would happen if your computer died, or your phone got stolen?

Your aim in doing so is to plan for these eventualities before they happen, so that, if they do happen, you know what to do. Planning in advance means less panic and stress when the bad thing happens, since you know just what to do, and increases the chance of you making rational decisions, since you did your planning in a less pressured environment.

Test your plan regularly

There is no point having a plan if you do not test it. It might look great on paper but, if it does not work in reality, it is worthless. Worse, it offers you a false sense of security.

If your plan relies on you being able to restore a backup, test that you can do it. Learn what it means to restore your backup in practice, and how long it takes.

If you do not work remotely on a regular basis, schedule in time to do it, so you know what to do if your normal work place becomes suddenly inaccessible. Even if your plan is just to head to the nearest coffee shop, give it a trial run — you might find that you've overlooked having a spare power supply in the bag with your laptop, so your battery runs out mid-way through the day, or that the coffee shop you had in mind is fine for a chat but no good for trying to get any work done.

Backups are essential

Consider a spare, synced, computer

If your budget permits it, and if your needs require it, consider having a spare computer, always synced with your documents and files and your settings, ready to go.

The idea being that, if your main computer dies, or gets stolen, you are not rushing out to a store to buy another device: you break out the backup computer, and carry on working seamlessly (or very nearly seamlessly).

If you work from home using a second computer, you may already have this in hand. Similarly, if you also have a tablet or phone and you can get by using just that for a while, while you source and configure a new computer, that might suffice.

There are, of course, downsides to this. It is another machine to keep patched with security updates and, clearly, you end up buying two machines rather than one. You may also have to buy additional software licences, if you rely on software which is licensed on a per-machine, rather than per-user, basis.

But consider how much downtime (and thus lost revenue) you would incur if you only have one computer and it stopped working one day. What would happen if you were in the middle of something time-critical?

Whether you go for a spare computer, or you plan to rely on a secondary device while you get your main computer sorted, regularly test out your plan. Check that you can actually do your job for a day from your iPad or phone, if that is your backup plan. Make sure your spare computer is kept in sync, and that you haven't made a pertinent change on your main computer which is not replicated on your spare, such as a new piece of software.

Protect yourself against power outages

Nearly every device in a law firm other than a notebook and pen relies on power.

Having a plan to deal with power outages is likely to be very sensible. What is proportionate to protect yourself will depend on how often you have power outages, and how long they typically last.

Laptops are inherently protected

Laptops have their own batteries, so you shouldn’t lose any work in the event of a power outage.

It would be sensible to find out just how long your laptop will keep going, under realistic test conditions, so you know how long you've got if that is your main plan.

If your plan involves tethering your phone to your computer, to connect to the Internet (as a power outage is likely to bring your modem and router, and thus Internet connection, down, unless you have a plan in place for those), do this as part of your battery life test. You might find you get much less time out of your laptop's battery when doing this.

Put your networking kit and other important computers behind a battery backup

If you suffer from frequent power outages, and or even just occasional power outages, consider buying an uninterruptible power supply or “UPS”.

This is a big battery, which connects to the mains electricity at one end, and which has sockets at the other end, into which you plug your devices. Ideally, you'd plug in your networking kit, so you stay connected to the Internet, along with any servers. Consider also UPSs for desktop computers, which don't have the benefit of integrated batteries.

When the power is working correctly, your equipment is powered by the mains electricity. When the power fails, the battery kicks in very quickly, so that your equipment keeps running unless the battery is depleted or the power is restored (or else it does whatever you've told it to do when running on battery power, such as shutting down gracefully).

Not only does this mean that you can keep on working through relatively short outages, as the battery-powered kit will continue to operate, it should also save your machines from unexpected shutdowns, and potentially lost data or corrupted file systems.

The batteries inside a UPS are consumable items, and degrade over time. Replace them in line with the manufacturer's recommended schedule, or once they stop offering adequate performance.

Test your UPS regularly. If you've set it up properly, you should have absolutely no qualms in pulling out the plug to the mains.

Consider power banks for mobile devices, and keep the charged ready

Smaller batteries, in the form of power banks, are cheap and convenient, if you need to prolong the battery life of a mobile device.

As well as battery packs for phones and tablets, some manufacturers offer batteries capable of powering, even recharging, computers.

The key issue, from a business continuity perspective, is making sure that they are charged ready for when you need them.

Consider a 12V to AC inverter

A UPS or battery bank might bridge you for relatively short power cuts, depending on how quickly your devices drain them.

If you have occasional longer outages, a 12v to AC inverter may be useful. This is a small device which plugs into the “cigarette charger” port in a car, ending with a main plug socket, into which you can plug devices. You power it by running your vehicle's engine.

If none of these meet your needs, you probably need a generator

If you need more protection than all of these, then you probably also need a generator.

Make sure you have someone to keep it securely, and that you refresh the fuel in line with the manufacturer's recommendations.

Practice working from a remote location (if you don’t do it as a matter of course)

Cellular backup

business_continuity_planning.1566579030.txt.gz · Last modified: 2021/07/06 09:26 (external edit)