Why is a Business Continuity Plan important? It’s simple: because a business’ ability to recover from a cyber breach hinges on its ability to react quickly. Since the enactment of GDPR earlier this year, it is now a statutory requirement that a breach is reported within 72 hours of its discovery. But this is not the only thing to consider. As soon as a breach is identified, certain steps need to be taken to contain and mitigate the extent of the breach to safeguard the future of the business. This process will run much more smoothly if all aspects of the strategy are well known to those responsible and have been pre-planned and pre-agreed.
The impact of a breach is often significantly wider than people first think. It is not necessarily just about money or data being stolen, or the fines imposed by the Information Commissioner’s Office (ICO) as a result, but about the longer-term impact. Loss of trust and reputation can be equally, if not more, damaging over the following months and years.
So, with the threat of a successful (and costly) cyberattack being very real, what can be done? Well, firstly, and perhaps counter-intuitively, the most important thing is to accept the risk and plan for a worst-case scenario. Every robust defence should therefore include a Business Continuity Plan (BCP) which includes Incident Response (IR) and Disaster Recovery (DR) plans. These plans should be continually challenged and reviewed, and correctly-scoped simulation exercises will ensure that all key personnel are experienced in the steps that need to be taken.
However, this is just one piece of the business continuity puzzle. Evaluating your company’s ability to restore IT operations can be a good starting point for company-wide Business Continuity Plan. In fact, many business continuity planning efforts start by conducting a business impact analysis or risk assessment. These studies can reveal weaknesses in your organisation’s ability to continue operations that go far beyond IT. Good business continuity and disaster recovery planning should look at the business as a whole, with a goal to develop business resilience.
Of course, for most businesses in 2018, having a robust cyber defence is the first step and every precaution should be taken to ensure that potential hackers and cyber criminals are kept at bay. It seems reasonable to assume that the harder we make it, the less likely a hacker is to focus their attention on us. They will look to easier targets. But the sad truth about today’s digital environment is that breaches can and do occur, even to the best-defended organisations. After all, it can only take one employee to mistakenly open a phishing email to provide a potential hacker with a route in to an otherwise well-protected system.
Why is a Business Continuity plan important? Because speed is of the essence. The more quickly a breach can be identified and contained the less damage it will cause.
To discuss Business Continuity planning, contact the SRM team on 03450 21 21 51
To receive regular blogs on topics relating to information security, follow us on Linkedin.
To find out more visit our website.
Or read more: