Close this search box.

What makes a good business continuity plan?

Table of Contents

A good business continuity plan allows your business to continue trading (in some form) as closely to normal as possible following an incident that causes disruption to daily activities. With only 10% of businesses without a business continuity and disaster recovery plan surviving following a disaster, a business continuity plan is your life jacket in a disaster.

Threats and disruptions mean a loss of revenue, increased costs, and a drop in productivity. Collectively, these will lead to a drop in profitability.

As a disruption to your business can take many forms, it is essential that your business continuity plan is fit for purpose and covers all of the potential disasters that can damage your business.

Disruptions that your business continuity plan must address include;

A focus on cyber security


Cyber attacks are more prevalent than ever. In fact, UK small businesses are targeted by 65,000 attempted cyber attacks per day (Hiscox), and these attacks can cause fatal damage to businesses.

Ransomware is a type of cyber attack that infects your systems, often through a phishing email, and locks you out of your data and IT systems. The criminal then holds your data to ransom until you pay the criminal their desired amount of money for its release.

This type of attack is becoming a cyber crime standard, as shown in the USA recently where no less than 3 separate town councils have been attacked – with their systems and data put into complete lockdown!2 of the councils have since paid the ransom to retrieve their data, but the third is still holding out and is still unable to function properly and serve its residents.

If your business continuity plan doesn’t have the correct measures in place, this type of attack will render your business unable to trade – a situation that ruins 9 in 10 business.

Phishing Emails

Unwitting employees are the biggest vulnerability to any business and make the lives of cyber criminals easier than ever. To gain access to your systems, and therefore your data, cyber criminals will frequently use phishing emails to trick employees into granting access to your business’s systems.

This is how most ransomware attacks begin and, as a result, should be included in your business continuity plan. IT awareness training, as part of your ongoing staff training programme, is a great way to mitigate this risk.

Credential vulnerabilities and the dark web

You business continuity plan should also include a course of action should the business need to identify if data has been compromised. It must also outline the necessary steps to be taken in order to reduce the risk of that data being used as an entry point into your business systems.

This is a simple process that includes dark web monitoring and a password management policy which addresses compromised login details.

A layered approach to data management

A fit-for-purpose backup and business continuity system works on the principle of layered security.

We recommend that your business continuity plan contains three layers of backup:

1. On DeviceThis will be your default copy stored on your device.

2. External StorageThis might be a USB stick, external hard drive, or an on-site server.

3. Off-site Cloud StorageThis might be storage in the cloud, or another method of off-site storage, meaning that if you suffer data losses or a system failure, you can run your operations from a cloud copy.

Without a business continuity plan, the first layer is your only copy, meaning that if your device suffers a cyber attack then all of your data is lost forever.

We recommend, as part of your contingency planning, that you utilise all three layers of security, ensuring that if one or two methods are compromised then you still have a third to draw upon.

We recommend, as part of your contingency planning, that you utilise all three layers of security, ensuring that if one or two methods are compromised then you still have a third to draw upon.

Expect the unexpected

A business continuity plan means you can mitigate the risk of the majority of the threats to your business, but only if it offers continuity against ALL the major threats to your business.

Don’t rely on the fact that you have all of the best cyber security measures already in place. Cyber criminals are evolving all the time to breach your defences and monetise data stolen from your business.

It is important that your business continuity plan is reviewed on a regular basis (at least every 12 months) to ensure it still protects your business against all the known threats.

Employees can be the biggest risk in any business and it is important that they are constantly invested in to reduce the risk of the potential threat they pose. By investing in cyber security training, and phishing email training in particular, you can significantly reduce the risk of being hit by a cyber attack.

However, nothing is 100% secure so your business continuity plan must be a robust failsafe.

GDPR fines are now becoming prevalent across the board for businesses who openly flout the data laws that are now in place.

Even if you have all the correct cyber attack measures in place, we know that criminals still succeed in stealing data from businesses. Your business continuity strategy must include a plan of action that reduces the risk of this happening and reduces the risk of any stolen data being misused or sold on.

Contact Neuways about a Business Continuity and Disaster Recovery Plan

To ensure your business continuity plan is fully protecting your business, and that you have all the necessary cyber security defenses in place, contact our Cyber Security experts on 01283 753 333 or at

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Work Password Example - why you need a password manager
The most hacked passwords in 2024 and how to protect yourself
These are the most hacked passwords in 2024, learn today how you can protect your business and foster...
Read More
Early patching in Cyber Security
The Importance of Early Patching
Combat against cyber threats with early patching in cyber security.
Read More
Zero Patch updates - Cyber security vulnerability spotted - Neuways urge businesses to act.
Biggest Microsoft Patch Tuesday in years fixes four zero-days, five critical bugs
Discover how the latest Microsoft Patch Tuesday update addresses 142 vulnerabilities, including four...
Read More
Cyber security offered by Neuways in Derby
Businesses pressing ahead with AI regardless of Concerns
Businesses are ignoring concerns re: AI for data tracking. Neuways advise on how to foster a cyber security...
Read More
What is Credential Stuffing and how can it affect your business?
Defend your business against credential stuffing attacks thanks to Managed Cyber Security services from...
Read More
Cyber secure culture within the business
6 ways to foster a Cyber Secure culture within your company
95% of cyber security issues traced to human error. Here is how to foster a cyber secure culture within...
Read More
Apple devices holding company data could be a security flaw in your business. Photo by Aurich Lawson.
Why it's important to control what apps go into devices that hold company data
If you supply employees with work devices holding company data, managers need to be able to control what...
Read More
Beware of Fake Free WiFi netowrks.
Beware of Fake Free WiFi Networks
Fake free WiFi networks allow cyber criminals to gain access and steal personal data. Use a secure WiFi...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311


Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

We can help you conduct Cyber Audits to assess whether your business would gain Cyber Essentials and Cyber Essentials Plus Certification. Our dedicated departments work with your team to assess how much work is required before you gain Cyber Essentials Plus certification. We will then provide advice and consultation on what aspects you need to change within your business before providing a quote on how we can assist your company become Cybersafe.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. Our experienced business consultants have worked all over the world for organisations operating on a global scale. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.