There is no doubt that businesses and organisations of all types and sizes must include cybersecurity concerns in their business continuity plans, and they need to sit side by side with the more traditional threats, such as severe weather or supply-chain disruptions. However, cybersecurity necessitates a different level of attention, because a cyber attack or data breach can have such wide-reaching effects throughout an entire company, as well as among its partners, suppliers, and clients.
When you look to integrate cybersecurity concerns into your business continuity planning, be certain to consider these important points:
Cybersecurity and business continuity are inter-reliant
In today’s hyper-connected world, cybersecurity issues and business continuity are inseparable. Cyber attacks and data breaches year on year can and will considerably disrupt a company or even worse put it out of business—due to lost data, compromised personal or financial information, unplanned downtime, and other challenges. A single cybersecurity incident can result in lost productivity, decreased revenue, and a damaged reputation to name but a few.
There’s no refuting that cybersecurity and business continuity must be joined at the hip. Once thought as two separate items altogether, they should now, ideally, work in unison to minimise costs, protect data, and streamline a timely and effective response to any actual attacks or data breaches.
Business continuity employees need to be IT-minded
As the business continuity manager, you have an opportunity to educate your team and the business on the important role that cybersecurity plays in business continuity efforts overall. Many companies have to battle the assumption that IT security is “owned by” the IT department. In reality, the whole business has a responsibility in protecting its digital data and systems.
Where to begin educating your team
- Consider holding a brief workshop on the importance of IT security and cover the items below:
- Educate your team on the key facets of IT and how they impact the whole organisation.
- Provide an overview on the IT security techniques and systems used, as well as the core challenges associated with safeguarding network-enabled technologies—including increasingly sophisticated hacking strategies and good, old-fashioned human error
- Explain how difficult it can be to fully recover IT networks and systems and ensure proper operation, all of which are vital to ensuring business continuity.
Business continuity planning must take on board IT-dependent applications
Consider and review your most recent business impact analysis. Does it account for all IT-dependent applications, such as the company website, social media platforms, and shared and restricted network drives—and all the extensive and valuable information stored there? Does it totally pinpoint all critical IT processes, data, and locations that support the company’s revenue, customer information, trade secrets, and other vital sensitive information?
To safeguard the continuity of IT-related systems, be sure to include secure workarounds or redundancy into your business continuity planning, permitting stakeholders to obtain access in the result of a system or network failure. You must then meticulously test all backup systems in place.
Disaster and crisis communications should be assimilated
As a final point, consider whether or not your organisation is ready to quickly and successfully respond to and communicate with external stakeholders during a cybersecurity incident. If a breach occurs, you will need to issue statements and updates to customers, suppliers, partners, the media, and other interested parties.
It’s no longer sufficient to meet baseline technical requirements for post-incident response and communications with regulators and consumers. You should also work to get ahead of the game during any incidents by communicating the correct information to all parties involved. You could consider incorporating the companies’ official, mandated response with communication through other platforms, such as social media. This will help keep your messaging consistent and ensure that the company’s reputation is being managed well.
Have you considered a high level cyber / GDPR risk review of your business?
Working in conjunction with Riskworks, the team at NexusProtect will come into the business and carry out a strategic level health check of your current general security, cyber and Information management.
Working alongside your key business personnel the NexusProtect team will go through your current systems and procedures and compile a report on the security infrastructure of your business. The health check will support the identification of key risks, if any, and support an action plan on how to reduce any risk which is identified.
To discuss your approach to business continuity and cybersecurity contact Jon Davies and the team on 01625 547754 or visit http://www.cyberliability.uk.com/