A business continuity plan outlines the procedures to keep your ecommerce operations up and running following a physical or technology disaster. Not having a plan in place puts your business's revenue and reputation in peril in the event of a data breach, warehouse disaster, IT server emergency or any other sever disruption.
Having a written plan in place in place before disaster strikes allows your team to focus on execution during a crisis, rather than making frantic decisions in the moment. For instance, if your company suffers an email cyber attack, the business continuity plan would outline your team's response and divvy up responsibilities, such as alerting the email provider. With the major steps outlined, you can immediately spring to action. A business continuity plan prepares you to respond quickly and mitigate any potential damages caused by the crisis.
Despite the well-known advantages of having a business continuity plan, nearly three out of four small businesses don't have one in place, according to a survey by Alibaba, Vendio and Auctiva. That's especially noteworthy when you consider that each year, 1 in 5 online businesses falls victim to fraud. Most mid-sized companies that use an on-premise ecommerce platform have 16 to 20 hours of downtime each year—and each hour carries a hefty price tag of $70,000.
It's worth noting that ecommerce sites powered by Software as a Service (Saas) solutions don't typically suffer such costly downtime. Security measures on these sites tends to be much more robust. Businesses using an ecommerce platform would still want to formalize a business continuity plan, but would likely shift their concerns to other vulnerabilities, such as email security.
An online store's reputation and revenue both hang in the balance following such an event, and not all ecommerce sites are able to recover. In addition to the loss of revenue and cost of recovery, you must be wary of customer data getting into the wrong hands. Taking the necessary steps for PCI compliance to prevent a data breach in the first place is crucial, because even a refined response may not be enough. Customers who feel that a data breach wasn't handled effectively are unlikely to return—no matter how loyal they've been in the past. In fact, some 60 percent of companies that experience a major data loss go out of business within six months.
**1. Start by focusing on risk assessment.**What are the most likely disasters, breaches and unexpected events given your online store's industry, your customer base, and the location of your warehouses and data servers? You'll need to consider both online risks (security breaches, significant server downtime) and offline risks (earthquake, medical emergency that makes the business owner unavailable).
**2. Get the whole team involved.**Make sure all of your employees understand the continuity plan so that your availability doesn't bottleneck a response in the face of a disaster. Distribute copies of the business continuity plan to all team members and store them digitally in multiple places (server, email) so that the loss of one platform doesn't cripple your recovery efforts. Integrate the business continuity planning into the on-boarding of any new employees and periodically review it with the entire team as new risks emerge or response strategies evolve.
3. Safeguard against preventable risks. The old adage rings true in modern business: prevention is the best cure. While you won't be able to completely eliminate the risk of a data breach, for instance, you can go over proper protocols with employees to greatly minimize the risk that one will impact your online store. Train your team members on security deficiencies, such as creating strong passwords and safeguarding company data. You can also review response drills with your ecommerce team to ensure that everyone knows the overall plan and their expected role in executing it.