Business Continuity Planning

Slack went down, and the internet panicked. But let’s be honest—this isn’t about Slack. It’s about how fragile our business operations have become when a single tool suddenly disappears. I’ve seen this play out before. A company I worked with relied heavily on a single SaaS vendor for all internal and external communication. When that platform went down—just for a few hours—it disrupted customer service, stalled sales deals, and even delayed compliance reporting. The aftermath? Scrambling to recover, frustrated clients, and a whole lot of “Why didn’t we have a backup plan?” First, redundancy is non-negotiable. Every business should have an alternative communication channel ready—whether it’s email, a second chat tool, or even (gasp) the phone. Second, product counsel should be in the room when these tools are selected. The legal team isn’t just there to review contracts—we should help assess risk, negotiate protections, and push for backup plans before disaster strikes. Third, train your teams. A business continuity plan only works if people know how to execute it. If your team’s response to an outage is “Now what?”—that’s a problem. If you’re rethinking your reliance on SaaS after this outage, good. It’s time for legal, IT, and product teams to work together to build a more resilient operation. For my take on the legal implications of SaaS downtime, check out the video—because trust me, contracts matter when things go south. -------- 💥 I’m Olga V. Mack 🔺 Expert in AI & transformative tech for product counseling 🔺 Upskilling human capital for digital transformation 🔺 Leading change management in legal innovation & operations 🔺 Keynote speaker on the intersection of business, law, & tech 🔝 Let’s connect 🔝 Subscribe to Notes to My (Legal) Self newsletter

The recent global tech outage caused by a CrowdStrike update serves as a wake-up call for businesses of all sizes. It highlights the fragility of our interconnected digital infrastructure and the need for more resilient, decentralized solutions. As small and medium-sized businesses, we need to rethink our approach to tech infrastructure: 1. Redundancy is key: Diversify your tech stack to avoid single points of failure. 2. Local is resilient: Implement local backup systems and explore peer-to-peer networking options. 3. Trust your network: Build connections with local businesses and partners for resource sharing during crises. 4. Be prepared for offline operations: Maintain and regularly test manual workarounds. Moreover, this incident underscores the potential for new, alternative network architectures to emerge. We may see the rise of localized, redundant networks and trusted connectivity webs among businesses and organizations. https://lnkd.in/gFec3VNs As we move forward, it's crucial to balance the benefits of global connectivity with the need for local resilience. By taking proactive steps and advocating for more distributed network solutions, we can better protect our businesses from the ripple effects of large-scale tech disruptions. What steps is your business taking to enhance its tech resilience? Let's discuss in the comments below. #BusinessContinuity #TechResilience #NetworkInfrastructure #SmallBusinessSolutions

"Everyone has a plan until they get punched in the mouth." — Mike Tyson In complex business management, the unexpected is inevitable. Challenges will arise when navigating a major transition, market shift, or critical carveout. While you can’t predict every issue, you can prepare for them with strategic contingency planning. Contingency planning is more than just a safety net; it’s essential for mitigating risks and ensuring resilience. The process begins with identifying critical processes—those functions that must continue regardless of circumstances. This includes operations like payroll, IT systems, and customer service. Next, assemble a planning team with diverse expertise from finance, operations, HR, and IT to ensure a comprehensive approach to risk management. Assess your business's most significant risks and develop targeted strategies to address them. This might involve creating backup systems, cross-training employees, securing alternative suppliers, or establishing clear communication protocols for crises. Once your plans are in place, you can rigorously test them through simulations and drills to identify weaknesses. Update and review your contingency plans regularly to keep them relevant. Adjust your strategies to reflect new risks or priorities. In high-stakes situations like corporate carveouts, where continuity is crucial, robust contingency plans are vital. Ensuring that critical operations are covered gives you peace of mind and prepares you to face the unexpected confidently. No plan can account for every scenario, but by focusing on what can be controlled and preparing for likely risks, you position your organization to handle surprises with agility. So, what events would cause you the most concern? How prepared is your business to navigate them? Solid contingency planning will mitigate risks and build a more resilient organization. #RiskManagement #BusinessStrategy #Leadership #ContingencyPlanning #CrisisManagement #Execution

Today's Google Cloud outage affecting Cloudflare, Spotify, Discord, Snapchat, Shopify, and countless other services is a stark reminder of a fundamental truth in our interconnected digital world: no single point of failure is acceptable in enterprise architecture. Having built SaaS to serve millions of users globally, I've learned that resilience isn't just about choosing the "best" cloud provider—it's about designing systems that can gracefully handle the unexpected. Three critical takeaways for B2B SaaS leaders: 🔄 Multi-cloud isn't paranoia, it's prudence. The most sophisticated companies aren't just backing up data—they're architecting for true redundancy across providers. ⚡ Your disaster recovery plan is only as good as your last test. When did you last simulate a complete cloud provider failure? If you can't answer that immediately, you know what your next sprint planning session needs to include. 🎯 Customer communication during outages defines your brand. Notice how quickly companies like Cloudflare and GitHub communicated? That's not accident—it's preparation. The reality is that even Google's enterprise-grade infrastructure can experience disruptions. The question isn't whether outages will happen—it's whether your architecture and incident response can maintain customer trust when they do. As we continue advancing AI integration in cybersecurity and beyond, building resilient systems becomes even more critical. The cost of downtime isn't just revenue—it's the competitive advantage you lose while your systems are dark. Read about outage: https://lnkd.in/gtt4RDj5 #CloudResilience #DisasterRecovery #B2BSaaS #Cybersecurity #EnterpriseArchitecture

Disaster Recovery: It (literally) hit home during Blackhat! During the week of Blackhat in August, a fast-moving storm produced 6 tornadoes in Maryland. I wish I had been there to help my husband over the 3 days he had to live (and work) with without power, but I got home just in time to help him with the massive cleanup from the storm. It has taken us two weeks of clearing trees to even see the grass again. The winds were so fierce that broken tree branches were driven into the earth, and we have had to dig them up to move them. Luckily, no one was hurt in our area, but our little town is still recovering. Since I was a kid in a small Texas town, there was a plan. When we saw the storm coming we would head to the hallway bathroom and put a mattress over us. Sounds crazy, but that was our plan, and our family knew the drill. Through our personal disaster, I have been working on Business Continuity and Disaster Recovery Plans for our customers. We cannot predict nor stop events that can cripple our homes or businesses, sometimes for weeks, so what can we do to survive through them? Have a Plan! Why does your organization need a Business Continuity Plan (BCP)? For many it is a compliance requirement. I encourage everyone that if you are taking the time to develop a BCP for compliance, design it as if your business is going to use it. Identify the most critical processes for your business through conducting Business Impact Analyses (BIAs) with each business unit in the company. These help organizations prioritize response to keep the business afloat until operations are restored. This effort also sets Recovery Time Objective  (RTO) and Recovery Point Objectives (RPO) for restoration. Prioritization of services is key: every system cannot be restored in 4 hours. Then comes your Disaster Recovery (DR) Plan. What does this look like? Have you tested it? Can you failover to an alternate site successfully or restore critical systems in 4 hours? If you rely on third party partners to run the most critical components of your business, do you understand their DR Plan? In a year of unprecedented weather events and continued large-scale cyberattacks, this is a great time to have those conversations. From IT support teams carrying servers above their head through knee-deep waters to companies having to shift to writing paper checks to keep employees paid, I have seen the power of a plan keep organizations viable through the worst of times. If you need any help designing a plan, don’t hesitate to reach out. I am always ready to help. #businesscontinuity #disasterrecovery #businessresiliency #planning #restoration #compliance #cisos Photo: Our backyard after 4 trips to the dump.

60% of small businesses close within 6 months of a cyber attack.  Surprised? Most people are. This is a business continuity issue, a cost control issue, and a brand trust issue. What’s the cost of ignoring cybersecurity?    - Operational Downtime : Every minute your systems are down = revenue lost + productivity stalled.  - Regulatory Fines : Non-compliance can hit harder than the breach itself.  - Client Churn : 87% of consumers say they’ll walk away if they can’t trust how you handle their data.  Have you considered these in your own organization? Quick tip: Run a 15-minute tabletop exercise with your leadership team: “What happens if we get hit with ransomware tomorrow?” You’ll quickly spot where your plan is solid and where it’s not. We get your world. Cybersecurity is protection AND its good business. #CyberSecurity #BusinessContinuity #Leadership #RiskManagement #Business

On July 19, 2024, the tech world witnessed what many consider the largest IT outage in history. The CrowdStrike/Microsoft disruption affected millions of devices worldwide. Are you prepared for the next big outage? The impact: Global Disruption: The outage affected approximately 8.5 million Windows devices worldwide. (Source: Microsoft). Travel Chaos: Over 4,000 flights were cancelled globally with over 500 major airlines being affected. (Source: CNBC & CrowdStrike). Financial Toll: Downtime costs the world's largest companies $400 billion a year. While this figure is not specific to the CrowdStrike/Microsoft outage, it provides context for the potential financial impact of such large-scale IT disruptions. (Source: Splunk). While some organizations crumbled, others emerged unscathed. What set them apart? They took proactive steps to safeguard their systems and processes. Here are 10 critical steps to help you avoid similar chaos: 1. Implement Staged Rollouts Slow and steady wins the race. Avoid rolling out software updates across all systems at once. Test updates on a small subset first. 2. Use Extra Monitoring Tools Eyes everywhere! Deploy tools like Fleet to monitor endpoints and detect issues early. 3. Non-Kernel Level Security This will be a key topic for many tech leaders now. Explore security solutions that operate outside the kernel to minimize risks. 4. Enhance Cloud Observability It's their cloud until it is your outage, watch for storms at all times. Invest in tools to detect and prevent issues from buggy software updates. 5. Maintain Analog Backups In some crucial cases analog beats digital and not just recorded music. Keep analog backups for critical sectors to ensure continuity during outages. 6. Improve Testing and Debugging Test like you mean it, then test some more. Ensure rigorous testing and debugging of software and system updates before deployment. 7. Robust Crisis Management Protocols Plan for every manner of chaos, think zombie apocalypse. Have well-defined procedures for responding to major outages. 8. Diversify Technology Stack Avoid relying on a single vendor or technology to reduce risk. This can be argued 'til the end of time, but fewer points of failure is better unless all your points of failure are in the same tech basket. 9. Regular System Backups Think of backups as your get-out-of-jail-free card. Maintain recent backups or snapshots for quick rollbacks. 10. Staff Training Train for trouble Train IT staff in crisis response and workaround procedures. The next crisis isn't a matter of if, but when. Will you be the hero who saw it coming, or the one who kept smashing that snooze button? What steps are you taking today to ensure your systems are secure and prepared?

Despite the growing importance of cybersecurity, many CEOs have found themselves underprepared for severe cyberattacks. In interviews with 37 chief executives, those who had experienced cyberattacks shared their regrets and lessons learned. They realized they had focused too narrowly on prevention, overlooked the importance of resilience, and failed to prioritize cybersecurity as a strategic issue. To build cyber resilience, CEOs must proactively engage with their cybersecurity teams, learn from simulated attacks, and communicate transparently with stakeholders. Key Takeaways: 1. CEOs who have experienced cyberattacks often regret focusing too narrowly on prevention and overlooking the importance of resilience. 2. Cybersecurity should be treated as a strategic issue, with CEOs actively planning . 3. Simulated cyberattacks can help CEOs and their teams prepare for real-world scenarios and identify areas for improvement. 4. In the event of an attack, CEOs must be prepared to communicate transparently with stakeholders and make difficult decisions under pressure. 5. Building cyber resilience requires a proactive, organization-wide approach that goes beyond traditional IT security measures. #cybersecurity #cyberresilience #leadership #CEOinsights #riskmanagement

We lost millions on New Year’s Eve. Our ad servers crashed. Everything went down. No impressions. No revenue. On the single biggest ad day of the year. We were a mobile ad tech company moving hundreds of millions. But that night? • Our best engineers were partying • No one was on call • AWS alerts were misconfigured • PagerDuty didn’t go off • And no one noticed until I checked the dashboard the next morning: $0 revenue The team thought it was a frontend bug… Until angry customers started calling! That one outage triggered a domino effect: • We lost our biggest advertiser • Publishers jumped to Applovin • Our reputation cratered • The board demanded blood • We spent a fortune on consultants • We fired our CTO • Paused our roadmap for 6 months That night changed how I think about infrastructure forever. If you’re building anything that runs at scale, learn from our scars. 5 lessons I wish we knew earlier: 1. If you make money while you sleep, someone needs to be awake. Holidays don’t apply to production. Build a real on-call system with teeth. 2. If your customer notices the outage before you do, you’ve already failed. Monitoring is a product. Treat it like one. 3. Latency is a product issue. Uptime is a company issue. Founders should obsess over “5-9s” (99.999% uptime) the way they obsess over MRR. 4. Run game days. Simulate disasters. Practice escalation. Know what failure looks like. 5. DevOps isn’t a role. It’s a culture. If only one person knows how your system stays online, you’re already offline. You just don’t know it yet. We rebuilt from the ground up and also changed our culture: AWS with Azure failover. System status dashboard accessible to our BOD. Expectations clearly set that work/life balance doesn’t apply during an emergency. We never blinked during another holiday. If you’re building something important, DevOps is not optional. Don’t wait for a disaster to take it seriously. I did - and it cost me millions. Most expensive lesson ever learned!

How long could you survive if your entire business went offline tomorrow? As a board director across multiple companies, this question dominates our strategic discussions. The reality: 86% of cyberattacks now target business disruption, not just data theft. The shift is dramatic: ✅ Attackers intentionally shut down operations ✅ Recovery time matters more than detection time ✅ Business continuity = cybersecurity strategy One client kept production running with air-gapped backups while competitors stayed offline for weeks. Another shifted 60% of security budget to rapid recovery because 8 hours down costs more than most attacks steal. For strategic insights that inform my board discussions: Threat Vector by Palo Alto Networks. Check it out using the link in my comment. In my latest CXO Spice newsletter, I shared 5 emerging trends and 4 recommendations. 👇 What conversations are you having in your board rooms about cyber resilience? How are you preparing your leadership teams for disruption-focused attacks? I'd love to hear about your experiences and insights from the trenches. #Cybersecurity #Leadership #BoardGovernance #BoardDirectors #PaloAltoNetworksPartner To Stay ahead in #Technology and #Innovation: 👉 Subscribe to the CXO Spice Newsletter: https://lnkd.in/gy2RJ9xg 📺 Subscribe to CXO Spice YouTube: https://lnkd.in/gnMc-Vpj