Every business that uses a corporate network, or an online system is vulnerable to cyber-attacks. Hackers can significantly disrupt daily business operations by introducing malicious code into their business environment.
To protect your organisation, you must ensure that there is a dedicated focus on business continuity by establishing a community of business continuity champions. This community must be dedicated to raising awareness about cyber-attacks and about BCPs (Business Continuity Plans). Each business unit must have a champion who is a process expert that understands the value of each business process and the inter-dependencies with other business units. The BCP champion will be responsible for ensuring that each team member understands the impact of cyber-attacks and the BCPs and policies that are in place.
Here are some of the focus areas of the champions:
1.Run cyber awareness campaigns
Cyber awareness campaigns and training sessions are geared towards changing staff behaviours, to reduce the likelihood of having to invoke a BCP in response to a cyber-attack. The change in behaviour must be measurable to ensure that behaviours really are changing. The goal is to get to a position where staff members are so vigilant online that they never fall for any scams that could result in a cyber-attack.
2. Prioritise process inventories
The business units must create a list of their processes in a Business Impact Analysis (BIA) format, detailing which processes will be prioritised during a period of disruption. This process inventory must be agreed upon and signed off by the process owners to ensure that process prioritisation is clear and accurate.
3. Update BCPs to include cyber scenarios
While most organisations already have a BCP document in place, it might cater for ‘where will we work if the building burns down?’, or ‘who will make decisions if the executive team is unavailable?’. Many BCP documents do not detail ‘how will we work if the networks or systems go down?’.
4. Define continuation strategies
The BCP must, for each process, contain various continuation strategies to respond to the nature of the outage. It is important to indicate which continuation strategies require additional resources, where those resources would come from, what training would they require, and how soon could they start. Therefore, the ease and practicality of the continuation strategy must be clear so that when the time comes to invoke the BCP, the Invoker selects the most appropriate continuation strategy depending on the nature of the attack and outage.
A comprehensive BCP will also detail what to do during and after a network and/or systems outage, depending on the nature and impact of the outage to return to “business as usual”.
Need help creating and a maintaining business continuity plan to help ensure business processes can continue during emergencies and cyber-attacks? Analyze can help. Give us a call on 021 447 5696 or email firstname.lastname@example.org.