Data Management Tips for Business Continuity

Travelers umbrella logo.
By Travelers Risk Control
2 minutes
Two men planning a data disaster recovery plan

When you think "business continuity," you should think about your data and networks as well as your employees, customers and property. Financial data, intellectual property and data on employees, customers and suppliers  are critical to your business. When you craft your general business continuity plan, take steps to also develop a plan specific to your data and networks.

Four-Step Planning Process for Your Business Continuity Plan

1. Threat Assessment

Conduct a threat assessment. It can help identify the nature and likelihood of an event. According to Verizon’s annual Data Breach Investigations Report (DBIR), malware, phishing and misuse of credentials are major vulnerabilities.¹ Other events may involve unintentional actions such as an employee emailing a wrong file, sending it to the wrong person or misplacing a laptop or other electronic device that contains sensitive information.
Your plan should include ways to mitigate the impact of losses caused by these accidental or intentional acts or technological failures. It should also take into account weather-related or natural disasters, including tornados, hurricanes or earthquakes. Power outages and power grid failures also should be considered. 
2. Business Critical Impact Analysis

Conduct a business impact analysis. It will help you identify and prioritize the business functions that are most critical to keeping your operations running. This analysis can help ensure your business can be restored quickly. Here are a few reasons:

  • Your data inventory and classification process can help identify the critical data that must be maintained to continue acceptable levels of operation.
  • Having a network inventory can help identify the critical hardware, software and firmware needed to continue to provide goods and/or services.
  • Determining the maximum time frame before an interruption can cause significant impact to your business can help you prioritize the areas that need to be addressed first.

3. Prevention and Mitigation Strategies

Include a comprehensive backup strategy for critical data, hardware, software and firmware. Other non-critical functions can generally be restored and returned to normal operations over time without interrupting your business.
Be sure to specify in your plan who is responsible for creating backups, where the backups are stored, and who has access to the backups. All backups should be stored at a remote location that cannot be impacted by the same event. The area should be secure with restricted access. You also can use third parties to store your backups. When you set up a contract with a third party, specify the level of security required, and the time frame they have to deliver your backups. You should fully document these procedures, and keep them up to date.
Key backup considerations should include:

  • Electronic data should be automatically backed up on at least a weekly basis. Consider backing up data more frequently for systems storing critical information.
  • Back up proprietary or in-house built software and applications off-site so they can be readily reloaded into replacement equipment.
  • A protected authoritative copy of your organization’s web content should be maintained in a safe location.

4. Testing, Practice and Continuous Improvement

Routinely test your plan so you can evaluate its effectiveness. Key employees and third parties should be familiar with the backup and restoration processes. They should periodically conduct sample tests of the system backups to verify that the operating system, applications and data from the backup can be restored.



Young businesswoman sitting on a park bench, logging in to laptop while holding smartphone with a security key lock icon on the screen.

Top Stories

How Multifactor Authentication Can Help Protect Against Cyber Threats

Multifactor authentication (MFA) can help stop cyberattacks by requiring a second form of verification that can block most account-compromising attacks.

Related Products & Services

We understand the complexity of cyber threats and have cyber liability insurance solutions to help protect your business assets.

Better together when it comes to cyber protection.

Provides organizations of all sizes coverage to help protect against data breaches and other fast-evolving cyber exposures.

More Prepare & Prevent

Cybersecurity Training for Employees

Cybersecurity training for employees can help keep your business safe from cyberattacks. Get tips on employee cybersecurity training from Travelers.

Employees being trained on cyber security.

More Prepare & Prevent

11 Steps to Help Protect Your Business from Cyber Extortion

Extortion as a result of a cyberattack is becoming more and more common for all business types and sizes. Businesses can take these 11 steps to help protect against cyber extortion.

System protected from cyber extortion.

More Prepare & Prevent

How Digital Forensics Detectives Investigate a Data Breach

Digital forensics detectives help businesses with data breach investigations to properly collect evidence and help prevent further damage.

Digital forensics.