Business Continuity: Are You Sure You’re Ready?

Posted by Vito Nozza on Oct 14, 2021 10:00:00 AM

Oscar Wilde once stated, “To expect the unexpected shows a thoroughly modern intellect.” In continuing our look into being prepared during Cybersecurity Awareness Month, our second installment will focus on business continuity, what it entails, and the ongoing process to ensure it doesn’t become a "set it and forget it.”

Many times, during various conversations, confusion arises between what a business continuity plan (BCP) is in relation to what a disaster recovery plan (DRP) entails. A BCP is a process of ensuring that a company can continue serving its clients, whether they be internal or external. It allows an entity to protect its critical assets from high-risk data, hardware, equipment, or, most importantly, personnel. A DRP is an extension of a BCP and assists in furthering the success of the plan should an incident/event occur. These events could be natural disasters, fires in the server room, malware attacking your database, or the feared ransomware attack, leaving your network incapacitated. Whereas a DRP will provide you with detailed steps through planned scenarios, a BCP determines what assets you should focus on and how long they can be inoperable until it starts to affect the company’s fluidity.

Ransomware Readiness Webinar - Register Now

The BCP is part of an executive awareness of the risks that could hinder a successful outcome on business operations. The National Institute of Standards and Technology (NIST) created a special publication 800-34 that focuses on a Guide for Continuity Planning. It states the following steps to consider when creating or updating your plan:

  • A policy should be created and authorized that states the BCP requirements and why it is required. It also gives authority to proceed with the development.

  • Conduct a Business Impact Analysis (BIA), which allows for a company to understand and focus on its critical assets and identify threats, vulnerabilities, and calculated risks.

  • Identify preventative controls to the critical risks recognized. This will allow a company to achieve an economical and company-driven security posture.

  • Develop recovery strategies: If something was to happen, what strategies will be in place for teams to follow? Unlike a DRP, these plans are high-level and used as guidance.

  • Develop the contingency plan. These are guidelines to ensure the company can stay functional in a crippled state.

  • Test the plan to identify deficiencies and train individuals to prepare them for their expected tasks.

  • Maintain the plan. Do not leave the plan in a binder on a shelf for three years without updating it to reflect the changes within your ecosystem.

Companies need to ensure that their recovery plan is ready for an event and tested accordingly. This includes critical data backup and recovery, personnel safety, and relocation. Security resiliency is key during a disruption, as these times of “chaos” are when controls can become weakened and critical information is left vulnerable. Attackers revel these times, as they are “easy pickings.” Finally, ensure that you can recover and keep safe logs that were created during the incident. These can help with forensic investigations and lessons learned to mitigate a reoccurrence. 

At ConvergeOne, we have helped clients establish a BCP lifecycle to develop, create, implement, and sustain a valid program. These steps include:

  • Identify your current risks via a risk assessment

  • Analyze these risks by providing a BIA with recovery time/point objectives

  • Design a strategy that takes aim at critical assets

  • Execute the plan and continually monitor its progress and success

Allow the National Cybersecurity and Data Center teams at ConvergeOne to help your company stay resilient in reaching successful business strategies and outcomes.



[WHITE PAPER]
22 CYBERSECURITY TIPS FOR 2022

22 Cybersecurity Tips for 2022 White Paper

As you prepare for 2022, you should prioritize building a cyber-aware culture within your organization and proactively follow a number of steps to keep your information and people protected from cyber-attacks. Download this ConvergeOne white paper to receive all 22 cyber tips to get your organization started.

DOWNLOAD THE WHITE PAPER

Topics: Security, Cyber Security, Cyber Awareness, Disaster Recovery, Cyber Recovery, Business Continuity


 

Vito Nozza
Vito Nozza  -- Vito Nozza is the Principal Consultant, Cyber Security Lifecycle Consulting in ConvergeOne’s National Cyber Security Practice. His career spans 20+ years in Enterprise Architecture, with 15 years specific to Cyber Security. He has held roles as a CTO, Director, Principal Architect and Global Security Advisor, which have all led to establishing guidance and consultative measures to SME and Enterprise-grade entities. Vito has been paramount in establishing cloud security, guided frameworks and disaster/incident response plans, with overall GRC and ERM goals.