My thoughts and prayers go out to those who have been affected by COVID-19. Many people and companies alike have been adversely affected by the virus and the measures in which we are fighting it (quarantine, self isolation, business shutdowns, etc…).
Many of our clients are activating remote-working continuity plans in order to keep serving the needs of their stakeholders during these disruptive times. Some are more prepared than others. A handful have used this time to think about other disasters that might disrupt their business and what measures should be taken now to prepare.
I believe this horrible crisis may have a silver lining: a warning to be better prepared for future unpredictable disruptions in our businesses.
God, grant me the serenity to accept the things I cannot change, courage to change the things I can, and wisdom to know the difference.
- Reinhold Niebuhr
While the cause of a disruption may be out of our control, we can anticipate and prepare for most all categories of discontinuity in our business operations.
Continuity and contingency plans will vary from company to company. We all need a customized plan that meets our particular needs and situation. However, there are some general guidelines I believe can be applied broadly, across most tech companies.
In the technology world we should be prepared for a few different types of potential unpredictable disruptions:
Service provider failures (e.g. AWS going down)
I suggest performing an audit of all third party service providers your company relies on and prioritize them, starting with the ones that impact your business the most. Then build plans around scenarios where that provider fails. For example, if your stack is hosted on AWS, have a plan to migrate or activate another region if your region goes down.
Malicious attacks (e.g. DDOS or penetration hacking)
DDOS attacks can be mitigated relatively easily if you’re properly prepared. One suggestion is to use a service like CloudFlare for domain routing. If you’re attacked, you’re able to take action and block malicious requests and allow real customers to continue using your service as normal while the malicious requests get filtered out.
For penetration prevention (and other attack prevention) I suggest having a reputable third party security company audit your applications and provide a plan of action for closing any open security holes. Do this often and frequently, at least once a year.
Natural disasters or illness (e.g. COVID-19, earthquakes, etc…)
In these days of lockdown and social distancing, many of us are forced to learn to operate entire businesses from home. Surprisingly, many are doing really well. Take note from what you’re learning now and apply it to a more broad and potentially more severe disruption. Create contingency plans based on various natural disaster scenarios. Stretch your imagination on how your business might be affected in various scenarios.
Backup Critical Data
Is anyone not using the cloud for critical data storage? If you are compelled to be occasionally local, it’s important to be absolutely certain your data is backed up. There are a number of convenient ways this can be accomplished. What is sometimes overlooked is mission critical data on a local device like a laptop. It’s important to give the whole enterprise a careful examination for data that will be missed when it’s inaccessible or lost forever. Oh, and backup your backups, even in the cloud.
Don’t be afraid to explore worst case scenarios when building your own contingency plans. It’s better to be over prepared than under, as we can clearly see with COVID-19.
As they say, hope for the best, but expect the worst.