No company ever wants to face a disaster, especially in relation to mission-critical customer communications. As much as you may do everything in your power to prevent something, there’s too much outside your control. You must be prepared should you be unable to print and mail customer communications. Being prepared with a business continuity plan is essential.
As much planning and thought that goes into all these “what if” scenarios, there are still regular horror stories of companies failing at business continuity—failure that led to serious consequences. As a good introduction on what not to do, we’ve gathered some true tales of the dark side of business continuity.
Backing Up Files Alone Is Only as Good as the Applications
In order to print your customer communications, you have to send data files to the equipment, whether to your own in-plant or to your provider. Organizations are aware of the need to back-up these files, and that usually occurs daily. But you can’t just back-up the files, as one company found out. They had not backed up their systems, operating system, applications, or updates. So, one day, the disk failed, and even though the back-up files existed, the foundation was gone to retrieve those files. It required a complete VAR rebuild, resulting in over two weeks of downtime.
Takeaway: Back-up all necessary parts of the system, so that if you need to move files, you can still access them.
Hardware Is Often the Culprit
When looking at the cause of business continuity for certain functions, including customer communication, hardware failure is the most likely culprit. The chance that a hurricane will sweep through and destroy your operations isn’t going to be what your face; instead, you’ll have to repair or replace equipment.
One of the largest pieces of equipment in your in-plant is the printer itself. But it’s not simply a printer, it’s a hardware system that is connected to other machines on the same network. These machines are sophisticated, but they aren’t indestructible.
One story from this scenario is the that of a large in-print that had a printer on its last legs. A new one had been ordered but was still a week from delivery. The machine froze during a long run. It was no longer repairable, and the other equipment in the facility didn’t have the capacity. The company contacted their business continuity vendor but knew it would be 24 hours before they were up and running. In total, they were offline for over 24 hours and had to spend many hours manually removing printed documents that were in the machine when it froze.
Takeaway: Hardware only has a finite useful life. Stretching beyond that costs time and money. Because you’re always on a cycle of “updating” the newest thing, you probably spend much more on equipment than you should.
Human Error Is a Leading Cause of Disaster
Yes, humans are often their own worst enemy when it comes to disaster. This can range from tripping over a power cable to a typo in the code. Of the latter, one such incident caused a massive outage of one of the world’s largest brands. Could a simple typo wipe out your files? It’s possible, so it’s prudent to always have plans in place to deal with or correct human error. Imagine all the possibilities of human error in printing and mailing. Although, much of the actions are automated, human interaction is still necessary. How many opportunities do workers have every day to sink your system? And, if so, what is the protocol to keep the error from compounding?
Takeaway: Humans a
re human after all. They make mistakes. Having a clear policy on what to do post-human error in your disaster recovery plan is critical.
Ransomware: Threats Inside and Out
Cyberattacks are becoming more prevalent every day, with a company being hit with an attack every 40 seconds. It’s very easy for hackers to create their own ransomware, fueling its growth. No industry is immune. There are attacks on every vertical. And don’t think large companies are immune because of their protocols. Actually, 25% of businesses impacted by ransomware have over 1,000 employees.
Ransomware isn’t merely an outsider threat, insiders also can initiate it. An anecdote from the industry presents the story of a terminated IT professional. He issued a threat to his former employer that he would expose all their data files to everyone if he wasn’t paid $1 million. Luckily, other employees were able to find the backdoor he had created and repaired the vulnerability. This incident revealed how unprepared the company was in relation to insider threats and resulted in major changes to their business continuity plan.
You should always keep in mind that the data used in your customer communications is considered personally identifiable information (PII). It may include names, addresses, account numbers, Social Security numbers, or other data. This information has to be protected from breaches. Many hackers would love the chance to access this information. It can fetch a high dollar on the dark web.
So, in the event that you have an internal or external ransomware attack, be sure that your business continuity plan includes steps to handle the matter securely and compliantly.
Takeaway: Your customer data must be protected from both inside and outside threats. Your disaster recovery plan should include what to do if there is a breach.
Cautionary Tales Shine Light on Necessity of Solid Business Continuity Plan
These are cautionary tales, most of which recovery was eventually possible. However, many experienced excessive downtime, lost productivity, incurred costs, and suffered other harm. Your customer communication disaster recovery plan should account for so many different situations. Because of this, it’s bound to have some vulnerabilities. If you want to avoid these horror stories, start by downloading the PCI Group Business Continuity checklist. It’s a great tool to ensure you’re prepared for anything.