Businesses all across the country are facing serious disruptions due to the effects of the Coronavirus. Companies are all still grappling with the myriad of issues the pandemic has caused, including how to ensure the security of sensitive data, systems and proprietary processes.
Many companies simply were not prepared for the challenges this crisis presented and that is all too common a theme that we have seen recently. The focus for most businesses has been just getting employees set up to work from home with little regard for the security risks. The unfortunate reality is that if your employees have been forced to work remotely, your company is more vulnerable now than ever and hackers are keen to capitalize.
Below we offer advice on how to address business continuity management during a crisis.
The Cost of Being Unprepared
The Boy Scout motto is, ‘always be prepared.’ It is an adage every company should take to heart when it comes to cybersecurity. Failing to properly prepare for a catastrophe can leave you and your business woefully vulnerable.
Not only are bad actors looking for low hanging fruit to target but there are business consequences for those that are exposed by an emergency.
- Time – When companies suffer a disruption, they may also suffer the loss of valuable time and efficiency when trying to rectify the issue. The more time you spend preparing for the worst, the less time you will have to spend scrambling when the worst does happen.
- Lost Customer Confidence – Customers, likewise, do not have time for companies that are not prepared. We’re seeing very low patience by consumers as they handle their own disruptions during the current situation.
- Lost Market Share – Lost market share is another consequence of lost customer confidence. We’re seeing businesses switch platforms away from what they have used traditionally to whatever is actually working right now. For instance as WebEx faces server issues, the Zoom platform is gaining considerable market share.
- Fines/Jail Time – Depending on your industry, location of your business and the type of data you hold, you could be subject to Federal and state data protection regulations. Having your staff work remotely can introduce non-compliance issues that subject you and your business to fines and criminal penalties.
Where to Start with Business Continuity Planning
It can be daunting to develop a business continuity plan. The best way to get started is to inventory what is most important to your business. When developing a business continuity plan for a company, start by asking the following questions:
Continuity Plan Questions
- What are your mission critical business processes, applications, and services?
- What are the likely and high impacts that could potentially disrupt these?
- How long can you afford to do without these processes, apps and services?
- What is the appropriate spend to protect and recover?
- What is your mitigation strategy?
Holistic Management Approach
After a company has taken stock of the things that necessarily need to be maintained, regardless of scenario, then they can transition into developing a business continuity management plan. The management plan should holistically account for all mission critical data and systems and have set protocols in place to address disruptions.
A holistic management process should:
- Identify potential impacts & threats
- Provide a framework for building resilience
- Provides for effective response
- Provide for disaster recovery by
- Developing activities and programs designed to return the infrastructure of an organization to an acceptable condition
- Developing the ability to respond to an interruption in services by implementing a disaster recovery plan to restore an organization’s critical business applications
We often see common problems that may not necessarily be cybersecurity specific, but can be resolved through developing and maintaining a holistic continuity management approach.
Most common problems during emergencies/disasters:
- Authority ambiguity (Who’s in charge?)
- Number of responders (convergence)
- Poor use of special resources
- Un-managed media coverage (usually negative)
To address the above, as well as cybersecurity concerns, a company’s holistic approach should require implementing an Incident Command System (ICS). An ICS is an accepted, standardized management system for effective communication, coordination and response to an emergency incident.
By committing continuity management to a central ICS system, a pathway for communication can be established with a hierarchy for emergency response authority.
If your business has faced a disruption and you are unsure of your business continuity framework, reach out to us for a gratis consultation. We can assess your cyber risk and resilience standing and discuss what we can do to help.