Please be aware that this post may contain affiliate links. This means I may receive a commission if you choose to make a purchase via these links, at no extra cost to you. Please refer to my full disclosure policy for more information.
Have you ever actively thought about the implications for your business if you permanently lost access to all of your files and documents, if someone tried to sue you or even if you, the business owner, became long term sick and were unable to work?
Before you think I’ve completely lost it, I know these are not things you want to be thinking about. They are actually probably some of your worst business fears and for that reason, many people, understandably, try not to think about them.
However, I’m going to encourage you to. The age-old, “face your fears” saying has merit here, because if you do that, you can plan for it and if you can do that, the impact won’t be as great.
Business Continuity Planning
This is where a business continuity plan comes in! If you google this term, you get a lot of very wordy, jargon-filled, slightly yawn-inducing, corporate sounding posts that are more geared towards larger companies that lose four or five figures every minute they are non-operational.
They also aren’t particularly user friendly for small, online businesses and contain a lot of information that just isn’t applicable, so I have translated my knowledge of them (I built, managed and carried out many in my corporate career) into something that suits the online space and doesn’t make you want to go and take a long nap (maybe just a short one!).
The result is something that is not a traditional continuity plan, but rather a much shorter, action-based plan that also acts as an SOP of one-off and recurring activities that need to take place in your business to protect it. The way I do it also acts as a team-building exercise as an added bonus feature!
This is something I will often carry out for my OBM clients and is one of the guiding principles interwoven with building out their back-end systems and processes.
What is a Business Continuity Plan?
It is a written document that outlines the systems and processes in place to mitigate any potential threats to the company and ensure ongoing business operations.
You may have heard of disaster recovery plans, i.e. how you react to a business-critical event; a business continuity plan is similar, but instead is generally a proactive measure rather than a reactive process.
No Time to Read Now? Pin For Later!
Why You Need A Business Continuity Plan
Because I bet you’re wondering whether this is really something you need to do! I get it, there are a million things competing for your attention and here is why you should dedicate some time to this one:
1. Revenue Protection
There are so many ways this could manifest itself, but ultimately threats to your business will cost you, one way or the other. It could be in the form of losing clients because you are unable to deliver what they’re paying you for, missed sales because your website or shop is non-operational, your loss of productivity because your team can’t do their work, or you needing to hire a web developer (e.g. to clear up all the malicious code in your hacked website) or lawyer (e.g. because someone is threatening to sue you).
2. Reputational Protection
If you become unable to complete client deliverables, lose client data or find your website or social media channels hacked, you risk losing credibility in the eyes of not only your clients, but in your industry as a whole. This can have an intangible, but very real long term, impact on your ability to generate revenue.
Ultimately, all businesses will experience “downtime” in one form or another, but it is about how you deal with this and how you have prepared for it that will position you as a professional or not.
3. Recover Business-as-Usual Operations Faster
If you have a plan, you are more likely able to get back to business-as-usual (BAU) more quickly. This gives a better client experience and gets you back to your revenue-generating activities faster!
4. Increase Internal Business Confidence
Business continuity planning is a key leadership activity and actively builds trust with your team. It is an opportunity to demonstrate just how seriously you take your business and that your team is key in protecting it.
5. Peace of Mind
That ever-elusive state of mind for any business owner! Look, I don’t think I have ever heard anyone running their own business say that it is a stress-free operation, but if you are anything like me (read: type A, has a spreadsheet for everything, plan everything to within an inch of your life, etc!), you probably have to actively try and not let that stress get the better of you.
Creating a business continuity plan has given me peace of mind in the sense that I know we have an actionable plan for either myself or my team to follow in order to mitigate the risks to my business and that if the worst was to happen, I have done as much as I can to protect it (and I can confidently and honestly communicate that to my clients). It also makes it that little bit easier to relax when I actually manage to take a holiday!
How to Create A Business Continuity Plan for a Small Online Businesses
Ok, so this is a high-level process for how to approach creating your business continuity plan. If you are bringing your team on to help you create this (which I encourage you to, the more eyes here the better), I recommend asking them all to write some notes based on this structure, before then jumping on a call together to hash it out in more detail.
Allowing everyone to independently assess from their own viewpoint first will virtually guarantee that everyone has at least one idea no one else has thought of!
1. Identify Your Business Threats and Risks
What are the things that wake you up in a cold sweat at 2:00 am in the morning, or the things that make you want to go and lie on the floor with your eyes closed in a darkened room taking deep breaths? Go through each of your business functions at a time, thinking internally and externally and write them all down (if you need a glass of wine to get through this, that’s fine!).
2. Conduct a Business Impact Analysis
Go through your list and order them by what is going to cost your business the most and then again by what is most likely to happen. Add the two numbers together and prioritise and implement from the lowest score to the highest.
3. Mitigate and Minimise Risk
This is where you figure out what preventative measures you can put in place to avoid your critical business functions being impacted by downtime. Think from both the perspective of avoiding the situation in the first place and about what you can to reduce downtime (i.e. the impact) if the scenario were to happen.
Common Risks for Online Business Owners
Online business owners have a little bit of an advantage in that they don’t have one physical location to worry about when doing their business continuity planning. However, there are still lots to think about and these are probably the most common threats and risks common to online businesses, as well as some ideas on how to lessen the impact and how to protect against them happening in the first place.
Possibly the most common risk to a small online business is losing documents or access to a systems or platform you rely on to execute your day-to-day.
1. Hackers and data security
There are some really quick wins here; use an encrypted password manager and use the password generation feature, install 2 factor authentication on your most critical systems (think emails, Google Workspace, your website and anything that involves money) and install the Wordfence plug-in on your website.
2. Back it up
I operate a two location rule, everything must be stored in a minimum of two independent locations and at least one of them must be cloud-based. I run automatic Google Workspace backups which are saved in Dropbox, my client contracts are zapped to Google Drive, I have UpdraftPlus plug-in on my website, you get the picture.
3. Manage system downtime
Whenever I consider using a new system, I check to see how much downtime has been experienced by other customers, what their backup method is and what their response time is, as well as always checking that there is a way to export my data, both for back-up purposes, but also to ensure that I can easily move to a new platform if I need to. I also recommend adding your site to UptimeRobot so you get automatic alerts when your site goes down (you can set it up to ping a message into a dedicated Slack channel as well).
4. Evaluate your systems
Is there a system or platform that you use and if it ceased to exist overnight, would put your business at risk? Think social media platforms here as well, incorporating diversification into your lead generation and reducing reliance on one platform is also promoting business continuity. An example that has happened to me recently; my current bookkeeping, accountancy and financial forecasting platform recently announced that they were going to stop giving support to anybody outside the US and Canada with immediate effect. I know of several other systems I can move to and as I keep a back up an organised system of receipts, this will cost me a couple of hours at most.
So a tech failure is probably the digital equivalent of giving “the dog ate my homework” excuse to a client. Having access to a laptop and phone is the foundation on which your entire business is built, put a supporting pillar in there!
1. Buy a spare laptop, phone and chargers for your main devices
It doesn’t need to be high-spec, just get a very basic laptop and phone (or do you have any old devices lying around the house that you can keep handy?). Even if you can quickly run out to a store and replace your device, you’re going to lose at least a couple of hours and at worst you could be waiting a couple of days. Work out what your hourly rate is and how much time you lose before you would have been better off having a backup device (I bet it isn’t many!).
2. Do you know how to protect your laptop and phone?
What if they were lost or stolen? The basic is making sure they are both password-protected, but you can also turn on (and properly set-up, many people skip this step) the “Find My” app if you use Apple or the equivalent for other brands. I would go one step further and put together a list of systems you use and on your back-up device (another handy use), go through and sign your lost device out of each system. As an extra step, you may also want to consider encrypting your device and while you’re at it, get some anti-virus software as well!
If one of your team goes off sick, what are the implications on your business? There are a couple of levels to this, but from a strategic perspective, carefully consider whether it is worth having one full-time employee, or splitting the hours you need across two (or more). There is more management time investment, but you are much less likely for both to quit at the same time than you are just one. It also provides you with cover if one takes holiday or gets sick without you having to do it all yourself.
If you are hiring a contractor e.g. for a one-off project, ask them what their planning process looks like if they get sick or need to take some personal time. You want some assurances that they save everything in a shared workspace that you can get access to at any time and ideally, that there is someone else either on their team or that they have partnered up within the industry that can jump in and cover if they will be away for a longer period.
Don’t forget yourself!
Apologies in advance as this sounds all a bit doomsday, but you also need to consider what would happen if you need to suddenly take a step back from your business. How much of it can operate without you? You do not want (and may not be able) to think about this if this were to actually happen.
Work out how much of what you do can be covered by your team and if necessary, can you team up with someone who can hold the fort for a bit and you would do the same for them in the same situation? This takes a bit of working out, mainly for how long they could do this and how payment works (e.g. if you are a website designer and your team don’t have the technical skills to complete a client project, your business continuity partner swings in and takes a pre-agreed subcontractor rate).
This might sound like overkill, but I have actually been on the receiving end of this with a wedding supplier who was unable to deliver on her contracted services. While I was understanding at first and happy to extend the deadline, we got to a point where we were 8 months past the agreed delivery date and there was no sign of what I had paid for, or any kind of refund (or any communication for that matter). We all want to be understanding, but ultimately you need to deliver what was promised.
If you want a business to come back to, you need to think about how you would manage it because if you are in a position where you literally have to drop everything, I can guarantee you won’t need the added stress of thinking about it then.
Ok, so this is the area that makes me want to run away and hide under a rock. Two reasons, it’s bloody complicated and getting it wrong (to me) has the scariest implications (probably something to do with the fact I don’t have the right knowledge to be completely in control of it).
Ok, super basic one to start, but NEVER undergo any work without one. Even if you do unpaid test tasks (a debate for a different day).
Insurance is there to protect you against unacceptable losses. It is your safety net when all else fails and protects both you and your clients.
3. Understanding Privacy Laws & GDPR
I dread the quarterly date in my diary where I have to spend a couple of hours reviewing any policy changes or best practices in this area. For some reason, the people writing these policies have a way of using words I understand in isolation, but string them all together and I literally have no clue what they’re talking about. It takes a lot of brainpower and a few trusted advice sources to keep me and therefore my business operations in the right place with this!
As an OBM, I operate a “Data Processing Agreement” in addition to my standard contract that both myself and my client needs to sign if I am to be handling any personal data that they have collected (e.g. email addresses, their client information etc). You can find out more about them here.
I also recommend you have a clear process for storing client data securely and ensure that all the third-party systems you use are GDPR compliant. I also recommend you have a written business process for identifying and reporting any personal data leaks (either from my own business or a client’s) and that anyone you hire into your company has some training in this area.
Side Note: please remember that GDPR is applicable to you if you have clients or customers in the EU, if you collect personal data (e.g. email addresses) of people in the EU or of you handle data that falls into these categories on behalf of a client. Please don’t think that is you don’t live in the EU it is not applicable to you! You can find out more about GDPR here.
4. Website Policies
5. Get a Lawyer before you need one
Identify a lawyer that could help you should things go wrong. Book a consultation with them and go through what you think your business legal risks are and what you have put in place so far. Ask them to review it and identify any additional exposure and recommended actions. Get an idea of how much their services would cost and check whether your insurance policy covers it (the lawyer can check that for you). Do you need to be allocating any money into a business emergency fund?
You then have two options: put them on retainer (this can be pricy, so may only be an option for higher revenue businesses), or keep it to a one-off consultation and keep their details handy. If you go for the latter option (which I have, those solicitor retainers are pricy!), have a couple of back-up options should your first choice be unavailable.
How to Manage & Test Your Plan
Ok, so you’ve created your pretty business continuity document, completed all you one-off tasks and set your reoccurring ones in your project management software.
I bet you’re hoping you’re done?! Now comes the fun bit and the team-building opportunity I talked about earlier; time to test that plan!
I recommend doing a walkthrough exercise of your business continuity plan every quarter with your team to check for gaps. If you run a quarterly strategy or goal-setting day with your team, then is a great time to do it. It is crucial that your business continuity plan is kept as a live document and actively touching base as a team this frequently will ensure that focus is kept on it. I actually recommend your team be the ones that lead it as they will be running the day-to-day and more likely able to spot holes in their own processes.
If you really want to test your plan though, you need to simulate it! Obviously, this isn’t possible with all of the scenarios, but it is with a lot of the more common system and tech issues. I am not suggesting you do this during a launch or when you have an impending client deadline (although an actual failure is, of course, most likely to happen then), but it is the most realistic way to test your plan.
Ideas for Testing Your Business Continuity Plan
- Have two of your team members switch roles, can they follow each other’s SOPs? Do they have access to all the systems they need?
- Have your team practice restoring website backups, how long does it take?
- If you’re feeling especially crafty, go into your Google Admin and lock them out of Google Workspace for the day, do they know where to recover their files from?
Timing these tasks is a big part of testing so you have an idea of the impact of each of these events. It will also potentially uncover where people aren’t following your business processes or the continuity plan, so be prepared for this.
That’s A Wrap! Creating a Business Continuity Plan for Your Online Business
I will admit this is not the most inspirational topic, but in my line of work, I definitely deal with the more practical side! On the days when I feel most stressed, I often reach for this document – it reminds me that I have plan and I can cope with the absolute worst that could be thrown at my business. Having a plan always calms me!
I also feel a little less pressure, I know what process would be initiated if I had to step away from my business and just how long it could operate without me. Peace of mind is always gold!
Finally, this is just another way I can serve my clients in the best possible way. I hope they never have to know I even have a business continuity plan to execute, but if they do, I know it presents the best image of my business and demonstrates that I have done everything in my power to mitigate the risks to my client, myself and my team.