– or how to get the scoop of ice back in the cone and still be able to enjoy it
I have had the privilege to attend several roundtable discussions on Cyber Security and Business Continuity Planning (BCP) at the U.S. Embassy in Copenhagen in connection with Cyber Security specialists from around the world visiting the Department of Commerce.
Although I am well versed in Cyber Security I do not consider myself a Cyber Security specialist. But having established and run the global Major Incident Management department for a very large corporation, I do consider myself a Business Continuity Planning specialist and it is in that capacity I have primarily been adding value to these roundtable discussions.
Not taking the protection of your IT infrastructure adequately seriously and not taking appropriate measures to fence it off technologically and culturally (please, do not click that attachment link …) is considered an open invitation to perpetrators around the globe. They will find the cracks in your firewall and a raft to cross that moat that was supposed to keep trespassers out of your hair.
Your first priority is therefore to establish both a cultural and technological perimeter around your infrastructure – and maybe get someone externally to give a quick test before your declare yourself safe?
Having established that perimeter is critical. But companies seem to consider having purchased a Cyber Security license of sorts an all encompassing insurance policy that keeps them safe at night and their IP under lock and key. It really is not an insurance policy against productivity loss. Bad things can and will still happen. Cyber Security specialists evangelize that too.
A lot fewer companies have documented clear Standard Operating Procedures in the area of BCP – that is, the process and planning required to kick in, in the unfortunate event that your ability to run or reestablish your business functions is impaired. What processes kick in when some dormant virus breaches your security, or your offices are under three feet of water, or have no power for days, or your CEO is abducted by aliens?
BCP is AS IMPORTANT as fencing off your company technologically. The shorter it takes to return to a state of normality, the less productivity loss you will experience. If teams and individuals know how to react, and with what measures relative to the situation, you are sure to keep your board at ease and your shareholders happy.
Who is going to coordinate reestablishing normality?
Who steps in when leaders responsible for critical business areas cannot be reached or are unable to work?
What needs to be reestablished first?
My advice is to:
- Analyse in what order you resurrect or reestablish your business functions and services – and how!
- Make sure it also includes who is responsible for what business function, and who’s going to be the back-up – and the back-up’s back-up
- Build playbooks and keep them current through a three to six-month revision cycle
Want to know more?
Contact:
Soren Madsen, info@leadwithpropriety.dk