Business Continuity and Crisis Response: What Is Your Plan?
February 07, 2020
By Jack Paladino
At some point, all organizations are faced with challenges that necessitate a robust business continuity plan coupled with a sound crisis response strategy. Organizations must be ever aware of the impact that events such as data breaches, natural disasters and other adverse events can have on their reputation and ongoing viability as an enterprise. To stay ahead of the curve, business leaders need to be proactive at identifying and developing plans to navigate their organization through a potential crisis.
To increase the likelihood that plans developed to deal with and respond to a crisis are successful, close coordination between those involved with governance, the executive officers and the board of directors must be present. The foundation to getting started is through the creation of a well-documented disaster recovery, incident response and business continuity plan. By using a data breach as an example, the importance of having a strong foundation in the event of a crisis becomes apparent.
Through June 30, 2019, there were over 3,800 data breaches reported -- an increase of 54% over 2018. Typically, a data breach will result in the loss of secure, confidential information that will commonly contain “personally identifiable information” (PII), which can include an individual’s name, address, Social Security number, banking information and email address. For instance, TrueDialog, a leading SMS texting solutions company, due to a data breach created by the exploitation of a database left password-unprotected, exposed and made accessible their customers’ confidential data. What steps should a company take when such an event takes place? To help answer that question, let’s focus on actions to prepare, react, respond and recover from a business crisis.
Gaining the recognition of the importance and necessity of formal disaster recovery, incident response, and business continuity plans of an organization’s senior leadership and board of directors is crucial when getting started. To successfully design these plans, management must have a strong understanding of its business environment, its critical infrastructure and the potential internal and external factors that could affect systems, data and assets. By working together, realistic and achievable goals can be established when a crisis occurs.
Formal, documented crisis response plans assign responsibilities to key stakeholders throughout the organization. Before the crisis response plan becomes actionable, an organization must identify the cause of the crisis. Once the root of the crisis is successfully identified, management can make sure the disaster is contained. Prior to resuming all business operations, it is crucial for management to determine that the incident is contained and data, assets and other critical information are safely protected.
After assessing the severity of the effect that the crisis has had on external stakeholders, it is essential to communicate that information with affected parties. In some instances, it may be determined that data breaches did not result in compromised PII; even so, management can utilize the breach as a learning experience to bolster the formally documented response plans.
The ability to quickly recover back to status quo and avoid severe financial and reputational losses is critical. Crisis response plans should be continuously tested to ensure an organization can recover from a crisis in a timely manner. Lessons learned and efficiencies identified through the periodic testing of crisis response plans should be the focal point of making continuous updates to the plans. Management should stay up-to-speed by distributing up-to-date incident response policies to key stakeholders within the organization, ensuring current policies are followed during the time of crisis. In addition, organizations should take the time to reassess the adequacy of their plans when breaches occur at other companies; by doing so, organizations will often identify improvements to their own plans.
PRTS Intelligence Newsletter - Q4 2020