July 22, 2020

Planning for the Unexpected: IT Business Continuity Key to Navigating Emergencies

If 2020 has taught CPA firms anything it is this: Anything can happen, anytime, and your IT staff and infrastructure need to be prepared for the worst, always. Creating a business continuity plan, refining it over time and being able to apply new learnings to rapid deployment are all critical to keeping operations running during a crisis.

Rightfully so, the business world has been laser-focused on adjusting and responding to the pandemic. And most public health experts agree COVID-19 won’t be the last pandemic coming our way. So, yes, COVID-19 is top of mind, to say the least. 

But a health crisis isn’t the only unexpected event that can potentially threaten your CPA firm’s ability to do business and protect its sensitive client data. Hurricanes, fires, tornadoes, power outages, floods, break-ins and cyberattacks can come out of nowhere as well. 

At Cetrom, we’re a happy and optimistic group, but we also understand from experience that planning carefully for the worst possible IT scenario is the only way to survive it when — not if — it occurs.

Let’s take a look at some practical tips for creating an effective Business Continuity Plan (BCP) that includes an effective IT Disaster Recovery Plan (DR). 

First, Let’s Define Business Continuity and Disaster Recovery Plans

It’s always important to remember that your CPA firm will not be able to stop a crisis from occurring; in most cases, a natural disaster event, power outage and even some cyberattacks cannot be prevented. A BCP is for the aftermath — it is your organization’s and team’s roadmap for how to respond when disaster strikes in order to minimize the damage and make a return to normal operations as quickly as possible following the crisis event.

A solid BCP will cover all aspects of your organization from human resources and IT to finance and external partners. A Disaster Recovery Plan (DR) is only one component, albeit a very important component, of a BCP.

Businesses are destroyed by a crisis not because of the initial event itself, but rather in their failure to recover quickly enough. In the IT world, extended outages and downtimes are killers; for CPA firms in tax season, not having a strong BCP that includes an IT DR plan in place could literally be the end of your firm.

We’d like to think that nearly all CPA firms now have some type of BCP and DR plan in place after the upheaval caused by the pandemic. So, some good has come from COVID-19, as more CPA firms now have plans in place for the next unexpected disaster. 

The key question for these firms is this, however: Are they committed to constantly revising and updating their BCP and DR plan? Has their firm assessed what it learned from COVID-19 and found a way to integrate these learnings into their BCP and DR plans? 

Everyone has been moving at the speed of light to survive, but it’s important to remember to reflect, assess and make needed changes to your plans to make them more effective than ever before.

Assess How Your IT Infrastructure and Team Performed During COVID-19

This is not a time to be walking on eggshells and dancing around how your CPA firm’s IT infrastructure held up or how well your team responded to the pandemic crisis. It is time to be fair, honest and practical about what your firm did well, what it did adequately, and where it failed. Ask these questions to assess overall performance:

  • How long did it take your firm to adjust to 100% remote work?
  • Have staff productivity levels changed during the pandemic?
  • Has data security remained strong even while interacting with more vulnerable home networks and the use of more personal devices?
  • Have your clients been receiving the same level of service and performance during the pandemic?
  • What IT needs, challenges and requests for equipment were expressed by staff members?
  • Did planned backups occur or were they disrupted?

There are scores of important questions to ask when reflecting on your firm’s response to a crisis. In essence, those CPA firms that can respond to a crisis in real-time while also assessing and planning for future disasters will be in the best position to refine their BCP and IT DR plan to meet future threats.

Ultimately, BCP and IT DR plans are about mitigating all different kinds of risk. In order to mitigate as much risk as possible, your firm needs to actively and unendingly be in risk assessment mode. COVID-19 likely exacerbated risks you already were aware of and probably unearthed new risks that you’d never even considered. Again, react, assess and then integrate what you learned and are learning during the pandemic into your BCP and DR plan. BCP and IT DR planning is not a “set it and forget it” exercise; it is a never-ending process of continual improvement that keeps CPA firms prepared for the unexpected. The minute these plans become stagnant is when your risk is highest.

Consistent Training, Practice and Processes Are Critical

BCP and IT DR planning is really about being proactive to prepare for the worst-case scenario. The first step is simply accepting that a disaster or crisis is coming sooner or later. Once you and your IT team accept this reality, committing to continually improving the plans and constantly educating staff about the disaster response and recovery plan is a no-brainer investment of time and treasure. 

Once you’ve made this commitment, there are several tried and true best practices that still need to be followed:

  • Have a dedicated disaster response and recovery team comprised of staff members from IT and all other departments
  • Develop, document, and communicate the new, adjusted, and improved plan to all employees when key revisions have been made
  • Create standing reevaluation periods where the plan can be adjusted, updated, and improved
    • Be sure to revise the communications plan along with the DR action plan; this is particularly important with staff working remotely. A better, improved DR action plan won’t mean much if the lines of communication to enact it break down
  • Practice, practice, practice. Run mock attacks and breaches periodically to test your team

Backups and Redundancy Make DR Possible

Having a comprehensive BCP and an agile, rapidly deployable DR plan is essential. However, a great plan won’t mean all that much without a masterful backup and redundancy network that ultimately is what the DR plan is designed to utilize to get your firm back on its feet as fast as possible. In other words, your team could execute your DR plan flawlessly and still fail to save your firm if your data is not backed up and cannot be recovered from another source.

Your CPA firm must have a regimented, sophisticated, and repeatable backup process for your data.

  • Multiple backups need to be conducted daily
  • You need to use various methods to backup your data to create redundancies; these could include cloud backups, hard drive backups, or other methods
  • The key is that these backups must live outside of your network and some should live beyond your physical office space to mitigate the risk of natural disasters, fires, or break-ins

Ideally, your CPA firm should store data and backups in geographically dispersed, disaster-proof, and highly secured locations offsite. For example, Cetrom clients have their data securely stored in our two cloud data centers in Virginia and Colorado, that are geographically dispersed for automatic failover protection and remote backups, ensuring their data is protected. Both facilities are SSAE 16 compliant (formerly the SAS70 standard) and SOC 2 compliant for top-tier security measures. Having multiple backups, stored at different locations and completely separate from the network, reduces the risk of data loss and is critical to getting your firm’s IT back up and running quickly post-disaster.

Always plan for the worst and hope for the best. 

Once your CPA firm accepts that disaster striking is an inevitability, then it can adopt a new mindset that actively and unendingly assesses risk, adjusts to new learnings, and builds a powerful BCP and IT DR plan that its staff is well versed in and ready to deploy at the drop of a hat.

AI and Tax Preparation: Opportunities and Risks for Accounting Firms

Artificial Intelligence (AI) is revolutionizing industries worldwide, and accounting is no exception. Tools like ChatGPT and Microsoft Copilot are..
November 25,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

AI and Tax Preparation: Opportunities and Risks for Accounting Firms

Artificial Intelligence (AI) is revolutionizing industries worldwide, and accounting is no exception. Tools like ChatGPT and Microsoft Copilot are..
November 25,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

blog Archives

See all
Is Cetrom Your Cloud Services Solution?