What Small Business Can Learn from Financial Institutions that had Business Continuity Plans (BCPs) for Decades

By: Matt Armstrong, Owner of C22Tech

Although technology has made “working from home” more possible over the years, there’s a difference between conveniently answering an email from your mobile device and being able to run an entire business without the tools and access your employees are accustomed to using.

Fortunately, investors have been forcing banks and financial institutions to answer this question with a formal document for decades and the process of making a Business Continuity Plan becomes much less daunting by answering some simple questions.

What applications and data do your employees need to access (short term and long term)?

When most people think of working from home, they immediately try to imagine the technology they will use (VPN, Remote Desktop, Cloud, etc.)  Like all technology discussions, that’s the wrong place to start and makes the problem seem overwhelming.  Instead focus on exactly what you will need on a daily, monthly, quarterly, and annual basis to serve your customers and pay your bills.

If your business fields call from the general public your most important resource will be how you answer a central phone line from different geographic locations.  If your business is presenting legal or accounting documents to your clients, you have to consider both how you will access the versions of the documents you’re working on and how you will securely provide the results to your clients (who may be working with their own limitations).

Don’t start with moving everything into the virtual space, focus on what needs to move now and expand from there.

What tools do your employees have to access this data?

Now that you have a better idea of what data you’re trying to have your employees access you can focus on what tools are at your disposal.  In most cases that will be defined by what devices your employees have access to (work laptops, home desktops, mobile devices, etc.) and what technology you or your IT provider have put in place.

This is where the technology matters.  Does your information live on servers in your office, a 3rd party provider in the cloud, or some combination of the two,  Did you just realize that your most important documents and applications are actually just running off the office managers desktop because it’s the only machine that never leaves the office?

Once you have defined what data matters and where it lives you can match up the technology that will let you access it best.  If there are servers in the office with data that cannot leave for security reasons your best bet is probably to you remote access software to connect to desktops or laptops on site (www.logmein.com, www.teamviewer.com).  If your employees bring all of the devices home and you have data on an on premises server a solution like a VPN will probably work best since it does not require an additional machine in the office to access it.  If your data is mostly in Cloud providers, you’re ahead of the curve on accessibility…. which brings us to the third question.

What new risks arise when your employees access data outside of the office?

The biggest problem we see with virtual offices for small businesses is they tend to stop at “getting access.”  The reality is giving your employees access to the resources normally isolated to the equipment and cloud services you can control means you’re also opening your company up to new cyber threats.  The main concerns we focus on first is how poorly managed systems may give malware and hackers access to your data they didn’t have before and how the new found access may allow you employees to take copies of your data that can be used for malicious activity in the future.

We normally recommend that if you are going to allow your employees to use their personal computers to access data for work make sure that they are using a remote desktop solution that gives them access to the computer they normally use rather than network access through a VPN or other direct link.

With the right planning and risk assessment working remotely can be secure and reliable.  As with all technology it’s important to understand exactly what goals you’re trying to achieve and the strengths and weaknesses of the tools you plan to use.