How should SMEs prepare for IT emergencies and crises? How important is a careful risk assessment and a well-prepared emergency plan? And how can the damage be minimised after an emergency occurs so that companies can continue with their core business as quickly as possible? An interview with Sebastian Lacour, Manager SI & Cloud Germany, Veeam Software on Business Continuity Management.
Mr Lacour, do you think that SMEs are keeping a close eye on their business continuity management?
Lacour: Business continuity management (BCM) is not a pure IT topic, but it is all too often reduced to that. The business continuity strategy and associated plan need to be derived from a holistic assessment of potential risks to business models and derive processes. However, this is a continuous process. It is not uncommon for this management task to put on the long finger and be subordinated to other challenges. Since the topic is mostly located in the IT area, increasing IT complexity and a lack of skilled workers often contribute to BCM not remaining consistently in view.
What are the risks if companies are poorly prepared in the event of an emergency?
Lacour: A math experiment: If a company falls victim to a cyber attack, it takes an average of 70 days to become fully operational again, which means 70 days of lost revenue. But critical business processes can also fail due to power failure, fire, water damage or internal sabotage, for example. Data can quickly be irretrievably lost. If companies are not prepared for such situations, they often have to invest much more time and money to restore the status quo than consistent preparation would have cost.
What is a good emergency plan?
Lacour: Good emergency planning has four key elements, including a holistic security strategy, transparent and well-documented IT, a comprehensive data backup concept, and an actionable task force. In addition, the planning of failover and failback concepts as well as migrations, but also the comprehensive documentation, continuous updates and regular fire drills are part of this. Today, a great deal can be defined, tested and automated with the help of software. External service providers such as Managed Service Providers can also take over tasks – examples are Backup-as-a-Service or Disaster-Recovery-as-a-Service. This relieves companies of some of the load and helps to optimally manage the complex scenarios throughout, so that business operations run smoothly again as quickly as possible.
Thank you very much for the interview, Sebastian Lacour!