A business continuity plan (BCP) is a nonnegotiable asset that helps organizations swiftly recover from unexpected disruptions such as cyberattacks or natural disasters. An effective plan can make the difference between a resilient company and one that permanently shuts down due to lost profits and customer trust.
In the various case studies below, we reveal the top do’s and don’ts for any BCP, and how to keep yours ready for any incident.
Ransomware impacts an entire city
In March 2018, the City of Atlanta faced a devastating ransomware attack carried out by the SamSam group, successfully crippling the city’s computer systems. The attack disrupted essential services such as public courts, utilities, and police databases, and employees had to resort to completing paperwork by hand as the system took five days to recover. As it turns out, an audit conducted just two months prior revealed 1,500 to 2,000 vulnerabilities in Atlanta’s IT systems, mainly due to outdated software and poor password practices.
On a smaller scale, the Camden County Police Department in New Jersey was hit by a ransomware attack that encrypted important criminal files and disrupted internal administration processes. Though the 911 call systems and public safety responses remained largely unaffected, daily operations were stunted, delaying police investigations.
In contrast to the incident in Atlanta, the department had a solid BCP that included complete, recent, and accurate backups. This helped them mitigate the impact of the breach and resume operations quickly, avoiding significant financial and reputational damage.
The lesson: While the Atlanta incident shows the detrimental consequences of lacking a proper BCP, the attack in Camden County demonstrates the critical benefits of having one. By having a regular backup process, the Camden County Police Department was able to restore operations amidst the attack, achieving 80–85% file accessibility shortly after.
The Atlanta case also highlights the repercussions of not proactively addressing security issues as they come, as their lack of action and poor awareness inevitably led to their downfall. Had they patched their system vulnerabilities, updated their security measures, and implemented stronger password protocols, they may have minimized or prevented the breach altogether.
Marketing firm stays afloat amidst Hurricane Harvey
In August 2017, Hurricane Harvey wreaked havoc on Southeast Texas, dumping over 40 inches of rain in some areas and causing over $125 billion in damages. Many small businesses were devastated by the hurricane, including Gaille Media, a small internet marketing agency. Their offices flooded, making the building inaccessible for three months. Upon re-entry, their staff found the office destroyed and overrun with mold, making it impossible to recover the space.
However, Gaille Media’s operations continued almost unaffected, as they had stored most of their data in the cloud. This foresight allowed their staff to work remotely during and after the storm without losing access to critical documents. Ultimately, the owner decided to keep the company decentralized, allowing employees to continue working remotely as they liked.
The lesson: When crafting your BCP, consider leveraging the cloud and remote work arrangements. It was this exact approach that allowed Gaille Media to continue operating even when faced with significant damages. Additionally, should industry trends and staff needs change, a remote work system ensures your workplace stays connected and collaborative, no matter where your employees may be.
Companies bounce back after a fire
The fire incident at Cantey Technology is another case study of successful business continuity. In 2013, a lighting strike caused a fire that devastated their office, where they hosted servers for over 200 clients. This destroyed their network infrastructure, melting cables and burning hardware beyond repair. Yet, Cantey’s clients experienced no service interruptions since the company had moved their client servers to a remote data center as part of their BCP. Continual backups were also stored off site, aiding in their recovery.
The lesson: The case highlights the need for businesses to anticipate potential disruptions, and to plan for such disasters accordingly. For Cantey, maintaining remote servers and off-site backups ensured their operations stayed intact, even if their on-site environment was affected. The company also reaped the benefits of having invested in a proper incident response system, which helped them quickly and successfully bounce back from a crisis.
Need business continuity advice? Our experts at Kortek are here to help. From data backups and disaster recovery to data restoration strategies, we’ll help you plan a continuity solution best fit to your company needs. Keep your business resilient in the face of threats — get in touch with our team today.