A good business continuity plan allows your business to continue trading (in some form) as closely to normal as possible following an incident that causes disruption to daily activities. With only 10% of businesses without a business continuity and disaster recovery plan surviving following a disaster, a business continuity plan is your life jacket in a disaster.
Threats and disruptions mean a loss of revenue, increased costs, and a drop in productivity. Collectively, these will lead to a drop in profitability.
As a disruption to your business can take many forms, it is essential that your business continuity plan is fit for purpose and covers all of the potential disasters that can damage your business.
Disruptions that your business continuity plan must address include;
A focus on cyber security
Ransomware
Cyber attacks are more prevalent than ever. In fact, UK small businesses are targeted by 65,000 attempted cyber attacks per day (Hiscox), and these attacks can cause fatal damage to businesses.
Ransomware is a type of cyber attack that infects your systems, often through a phishing email, and locks you out of your data and IT systems. The criminal then holds your data to ransom until you pay the criminal their desired amount of money for its release.
This type of attack is becoming a cyber crime standard, as shown in the USA recently where no less than 3 separate town councils have been attacked – with their systems and data put into complete lockdown!2 of the councils have since paid the ransom to retrieve their data, but the third is still holding out and is still unable to function properly and serve its residents.
If your business continuity plan doesn’t have the correct measures in place, this type of attack will render your business unable to trade – a situation that ruins 9 in 10 business.
Phishing Emails
Unwitting employees are the biggest vulnerability to any business and make the lives of cyber criminals easier than ever. To gain access to your systems, and therefore your data, cyber criminals will frequently use phishing emails to trick employees into granting access to your business’s systems.
This is how most ransomware attacks begin and, as a result, should be included in your business continuity plan. IT awareness training, as part of your ongoing staff training programme, is a great way to mitigate this risk.
Credential vulnerabilities and the dark web
You business continuity plan should also include a course of action should the business need to identify if data has been compromised. It must also outline the necessary steps to be taken in order to reduce the risk of that data being used as an entry point into your business systems.
This is a simple process that includes dark web monitoring and a password management policy which addresses compromised login details.
A layered approach to data management
A fit-for-purpose backup and business continuity system works on the principle of layered security.
We recommend that your business continuity plan contains three layers of backup:
1. On Device – This will be your default copy stored on your device.
2. External Storage – This might be a USB stick, external hard drive, or an on-site server.
3. Off-site Cloud Storage – This might be storage in the cloud, or another method of off-site storage, meaning that if you suffer data losses or a system failure, you can run your operations from a cloud copy.
Without a business continuity plan, the first layer is your only copy, meaning that if your device suffers a cyber attack then all of your data is lost forever.
We recommend, as part of your contingency planning, that you utilise all three layers of security, ensuring that if one or two methods are compromised then you still have a third to draw upon.
We recommend, as part of your contingency planning, that you utilise all three layers of security, ensuring that if one or two methods are compromised then you still have a third to draw upon.
Expect the unexpected
A business continuity plan means you can mitigate the risk of the majority of the threats to your business, but only if it offers continuity against ALL the major threats to your business.
Don’t rely on the fact that you have all of the best cyber security measures already in place. Cyber criminals are evolving all the time to breach your defences and monetise data stolen from your business.
It is important that your business continuity plan is reviewed on a regular basis (at least every 12 months) to ensure it still protects your business against all the known threats.
Employees can be the biggest risk in any business and it is important that they are constantly invested in to reduce the risk of the potential threat they pose. By investing in cyber security training, and phishing email training in particular, you can significantly reduce the risk of being hit by a cyber attack.
However, nothing is 100% secure so your business continuity plan must be a robust failsafe.
GDPR fines are now becoming prevalent across the board for businesses who openly flout the data laws that are now in place.
Even if you have all the correct cyber attack measures in place, we know that criminals still succeed in stealing data from businesses. Your business continuity strategy must include a plan of action that reduces the risk of this happening and reduces the risk of any stolen data being misused or sold on.
To ensure your business continuity plan is fully protecting your business, and that you have all the necessary cyber security defenses in place, contact our Cyber Security experts on 01283 753 333 or at hello@neuways.com.
