The 10 Habits of Highly Resilient Organizations
Part of what I love about my job is visiting with customers of all sizes and a variety of industries around the world and seeing firsthand the different ways they approach business continuity and cybersecurity. Just as no two companies are alike, no two programs are exactly alike. A company’s mission, culture and leadership philosophies always drive the way a company addresses risk.
These are 10 habits I’ve observed consistently from well-prepared organizations.
1. Leadership Buy-in
It’s easy to tell right away when leadership truly values its employees, brand, and commitment to customers. Leadership recognizes that the world is becoming riskier and drives business resiliency from the top down, not just verbally, but as an investment in their time and dollars.
For any organization to quickly mobilize and take action on anything, it must be ingrained in the culture. Things like integrating business continuity and cybersecurity into employee orientation programs, newsletters, lunch & learns, and awards programs make resiliency an important part of a company’s values.
All crisis events start locally. A company’s headquarters should not be the only location with plans, training, an emergency messaging system, and practicing. Every office location should practice to be prepared for a business disruption. Use pre-developed tabletop drills to make it easy to get started.
Organizations that are great in communicating are naturally well positioned to communicate during a crisis. Ditch the call tree and email list and implement an emergency notification system. Test it 4 times a year and make sure everyone knows who is responsible to lead a crisis nationally, locally, and on every floor. Employees want to be led during an incident and modern day communication tools make it much easier.
More than likely, your organization does not have a team of dedicated crisis professionals. You need a team, however, to kick in gear at a moment’s notice. Crisis teams who are trained on how to navigate the business through any disruption will have confidence and expertise when called upon. Use the power of online training to make it easy and efficient.
Companies who bring together their executives and crisis teams once a year to practice going through a response together, called a tabletop exercise, ensure collaboration and the viability of plans. Companies that rigorously practice their crisis response also find gaps that create better plans and outcomes.
7. Assess Your Ecosystem
Companies who regularly assess their third party vendors know that their own uptime is only as good as the business continuity and cybersecurity programs of their vendors. For example, your customers won’t care if your third party payment processing system goes down, they’ll just know you can’t serve them and they’ll go elsewhere.
8. Make It Living
Outdated binders sitting on the shelf won’t work well during a crisis. Use the power of the web and mobile devices to make plans living, actionable, and accessible 24/7. Create a 12 month timeline on when to refresh your plans, test emergency notifications systems, take training, and conduct tabletop exercises.
9. All Hazards
Companies who treat threats with an “all hazards” approach maintain a single framework to address virtually any threat from natural disasters to cyber-attacks. This simplifies the planning process and creates a cohesive team and response.
Technology can help automate your entire business continuity and cybersecurity program, enabling reach and accessibility that was never possible several years ago. Consolidate your plans, threat information, crisis team training, and reports in a single pane of glass and make all resources available on mobile devices. You’re already automating many other aspects of your operations, this is another perfect area to do the same.
Business disruptions just happen. They don’t care about the name on your logo, where you’re located, or how big you are. Your organization’s ability to survive and prosper through a crisis is directly related to what you have in place before the incident occurs. Think about lifeboats on a cruise ship. When the ship is sinking, no one has time to manufacture lifeboats.
The same is true when planning for incidents within your company. Have a program built, practiced, and ready to go. If you’re trying to figure out your business continuity or cybersecurity plan during the incident, it’s too late. Take on these 10 habits now to get prepared and you’ll soon be charting a resilient course.