We’ve talked about business continuity before and what we want to touch upon in this article is stuff related to technology.
What is a Business Continuity Plan?
Basically, it’s how are you going to “keep the lights on” in the event of a disruption to your business. A disruption can be anything. It can be a network outage, service outage, loss of power, natural disaster, cyber attack, and the list goes on.
You need to figure out as many ways as possible your business can be disrupted that affect the mission critical things that you need up and running in order to keep the company going. This means doing a risk/threat assessment and then putting things in place to address said discovered risks/threats. It also means knowing how to access these plans, and if you have employees, communicating where they can find the necessary documentation in the event of a disruption.
Having this understanding, let’s talk about technology, things related to it, and why it needs to be part of your plan.
Depending on the size of your business, legal requirements, and physical location, your plans for protecting your technology will differ.
If you’re a small business, your device failing may be more consequential to you than a single computer failing in a large corporation that has thousands of devices, so you’ll want to plan for that. You’ll want to know where tech support companies are in your area that can help get you up and running if you don’t have technical staff to help you recover.
On the flip side, if you’re a healthcare provider, your data centers and other critical systems need to stay powered on in the event of a power outage for a prolonged period. If you’re a small business owner, you won’t be able to afford a massive generator that can power a small town, nor would it make sense, but you’d still need to find a way to operate.
Heat can physically destroy your technology if you can’t dissipate it properly, so you’ll have to figure out how you’re going to control your environment’s temperature.
In the event of a cyber attack, you need to know what systems and devices are critical to your business and what controls you need to protect them. You also need to know how you’re going to operate in the event the attack takes systems off line, whether by design, or your procedures kick in to remove affected systems from your network.
While these are very broad things to think about, depending on the size and complexity of what your business does, you may have to get down in the weeds with your risk assessment. For example, if you have an application that’s your money maker, you need to know how the code can fail, to how the server it’s hosted on fails, to anticipating network failures, cyber attacks, and other unknowns that you need to figure out in order to keep that application accessible to customers.
How Bsquared Intel helps
Since our core competency is looking at the world outside of your business, our external cyber risk/threat assessments will help you address any security gaps/issues that effect your ability to “keep the lights on.”
We also advise clients on cybersecurity frameworks.
Use the contact form below to set up a free strategy call. And while you’re here, sign up for our newsletter to stay up to date with cybersecurity and Open Source Intelligence matters.