This browser is no longer supported.

For a better viewing experience, please consider using one of our supported browsers below.

Business Continuity: Are You Sure You’re Ready?

Oscar Wilde once stated, “To expect the unexpected shows a thoroughly modern intellect.” In continuing our look into being prepared during Cybersecurity Awareness Month, our second installment will focus on business continuity, what it entails, and the ongoing process to ensure it doesn’t become a "set it and forget it.”

Many times, during various conversations, confusion arises between what a business continuity plan (BCP) is in relation to what a disaster recovery plan (DRP) entails. A BCP is a process of ensuring that a company can continue serving its clients, whether they be internal or external. It allows an entity to protect its critical assets from high-risk data, hardware, equipment, or, most importantly, personnel. A DRP is an extension of a BCP and assists in furthering the success of the plan should an incident/event occur. These events could be natural disasters, fires in the server room, malware attacking your database, or the feared ransomware attack, leaving your network incapacitated. Whereas a DRP will provide you with detailed steps through planned scenarios, a BCP determines what assets you should focus on and how long they can be inoperable until it starts to affect the company’s fluidity.

The BCP is part of an executive awareness of the risks that could hinder a successful outcome on business operations. The National Institute of Standards and Technology (NIST) created a special publication 800-34 that focuses on a Guide for Continuity Planning. It states the following steps to consider when creating or updating your plan:

  • A policy should be created and authorized that states the BCP requirements and why it is required. It also gives authority to proceed with the development.

  • Conduct a Business Impact Analysis (BIA), which allows for a company to understand and focus on its critical assets and identify threats, vulnerabilities, and calculated risks.

  • Identify preventative controls to the critical risks recognized. This will allow a company to achieve an economical and company-driven security posture.

  • Develop recovery strategies: If something was to happen, what strategies will be in place for teams to follow? Unlike a DRP, these plans are high-level and used as guidance.

  • Develop the contingency plan. These are guidelines to ensure the company can stay functional in a crippled state.

  • Test the plan to identify deficiencies and train individuals to prepare them for their expected tasks.

  • Maintain the plan. Do not leave the plan in a binder on a shelf for three years without updating it to reflect the changes within your ecosystem.

Companies need to ensure that their recovery plan is ready for an event and tested accordingly. This includes critical data backup and recovery, personnel safety, and relocation. Security resiliency is key during a disruption, as these times of “chaos” are when controls can become weakened and critical information is left vulnerable. Attackers revel these times, as they are “easy pickings.” Finally, ensure that you can recover and keep safe logs that were created during the incident. These can help with forensic investigations and lessons learned to mitigate a reoccurrence. 

At ConvergeOne, we have helped clients establish a BCP lifecycle to develop, create, implement, and sustain a valid program. These steps include:

  • Identify your current risks via a risk assessment

  • Analyze these risks by providing a BIA with recovery time/point objectives

  • Design a strategy that takes aim at critical assets

  • Execute the plan and continually monitor its progress and success

Allow the Cyber Security and Data Center teams at ConvergeOne to help your company stay resilient in reaching successful business strategies and outcomes.

Complimentary Ransomware Readiness Workshop

The ConvergeOne Ransomware Readiness Workshop focuses on your organization’s readiness to withstand a ransomware attack. During this workshop, ConvergeOne experts will analyze your environment in areas like user awareness training, network security and segmentation, testing and monitoring, incident response plans, and disaster recovery. Schedule your complimentary Ransomware Readiness Workshop today. SCHEDULE YOUR WORKSHOP
About the author:
Vito Nozza's career spans 20+ years in Enterprise Architecture, with 15 years specific to Cyber Security. He has held roles as a CTO, Director, Principal Architect and Global Security Advisor, which have all led to establishing guidance and consultative measures to SME and Enterprise-grade entities. Vito has been paramount in establishing cloud security, guided frameworks and disaster/incident response plans, with overall GRC and ERM goals.